CCTV
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in real-time for logistics or safety, redefining how we navigate our surroundings.
https://github.com/IvanGlinkin/CCTV
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in real-time for logistics or safety, redefining how we navigate our surroundings.
https://github.com/IvanGlinkin/CCTV
GitHub
GitHub - IvanGlinkin/CCTV: Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram…
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in ...
Dynamically hooking Golang programs
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html
https://metalbear.co/blog/hooking-go-from-rust-hitchhikers-guide-to-the-go-laxy/
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html
https://metalbear.co/blog/hooking-go-from-rust-hitchhikers-guide-to-the-go-laxy/
Quarkslab
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Quarkslab
Android greybox fuzzing with AFL++ Frida mode - Quarkslab's blog
This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.
A Frida-focused GPT to help reverse engineers in writing Frida scripts and using Frida Python bindings.
https://chatgpt.com/g/g-KwZVA8dTp-fridagpt
https://chatgpt.com/g/g-KwZVA8dTp-fridagpt
ChatGPT
ChatGPT - FridaGPT
ChatGPT helps you get answers, find inspiration, and be more productive.
🔥3
CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again!
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://github.com/TAM-K592/CVE-2024-4577
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://github.com/TAM-K592/CVE-2024-4577
Orange Tsai
CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again!
📌 [ 繁體中文 | English ] This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believe most of the details have already been covered in the official advisory (sh
☃2👍1🎅1🎄1
"Becoming a Vulnerability Researcher roadmap: my personal experience"
https://gist.github.com/tin-z/a469e996f8107a5ca8d3c858a2a4b65f
https://gist.github.com/tin-z/a469e996f8107a5ca8d3c858a2a4b65f
Gist
Becoming a Vulnerability Researcher roadmap: my personal experience
Becoming a Vulnerability Researcher roadmap: my personal experience - VR_roadmap.md
Progressive phishing: How PWAs can be used to steal passwords
https://www.kaspersky.com/blog/phishing-with-progressive-web-apps/51496/
https://www.kaspersky.com/blog/phishing-with-progressive-web-apps/51496/
Kaspersky
How phishing using progressive web apps (PWAs) works
We explain what progressive web apps (PWAs) are and how they can be used in phishing to steal passwords and then hijack accounts.
👍2
Breaking Custom Encryption Using Frida (Mobile Application Pentesting) https://labs.cognisys.group/posts/Breaking-Custom-Ecryption-Using-Frida-Mobile-Application-pentesting/
Cognisys Group Labs
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
Overview
🔥2
A Pwn2Own #SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE CVE-2024-29943
https://github.com/bjrjk/CVE-2024-29943
https://github.com/bjrjk/CVE-2024-29943
GitHub
GitHub - bjrjk/CVE-2024-29943: A Pwn2Own 2024 SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination…
A Pwn2Own 2024 SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE - bjrjk/CVE-2024-29943
🔥2☃1🎅1🎄1
Android 12/13 Autorooter:
https://github.com/scs-labrat/android_autorooter
https://github.com/pl4int3xt/cve_2024_0044
https://github.com/scs-labrat/android_autorooter
https://github.com/pl4int3xt/cve_2024_0044
GitHub
GitHub - scs-labrat/android_autorooter: Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability…
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely - scs-labrat/android_autorooter
🔥3😐1🎄1😡1
Injecting Java in-memory payloads for post-exploitation
https://www.synacktiv.com/publications/injecting-java-in-memory-payloads-for-post-exploitation
https://www.synacktiv.com/publications/injecting-java-in-memory-payloads-for-post-exploitation
Synacktiv
Injecting Java in-memory payloads for post-exploitation
👍4
Vulnerability in Telegram for Android: Use-after-free in Connection::onReceivedData
https://bugs.chromium.org/p/project-zero/issues/detail?id=2547
https://bugs.chromium.org/p/project-zero/issues/detail?id=2547
Customizable Linux Persistence Tool for Security Research and Detection Engineering
https://github.com/Aegrah/PANIX
https://github.com/Aegrah/PANIX
👍4
Leaked Wallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
GitHub
GitHub - MzHmO/LeakedWallpaper: Leak of any user's NetNTLM hash. Fixed in KB5040434
Leak of any user's NetNTLM hash. Fixed in KB5040434 - MzHmO/LeakedWallpaper
👍5
CVE-2024-38077: Windows Remote Desktop Licensing Service RCE
https://github.com/CloudCrowSec001/CVE-2024-38077-POC
https://github.com/CloudCrowSec001/CVE-2024-38077-POC
CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
https://github.com/securelayer7/CVE-2024-38856_Scanner
https://github.com/securelayer7/CVE-2024-38856_Scanner
GitHub
GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner
🔥3
way_Android_root.pdf
1.5 MB
#Mobile_Security
Black Hat USA 2024:
"The Way to Android Root: Exploiting Your GPU on Smartphone (CVE-2024-23380)".
Black Hat USA 2024:
"The Way to Android Root: Exploiting Your GPU on Smartphone (CVE-2024-23380)".
🔥3
Begging for Bounties and More Info Stealer Logs
https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/
https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/
Troy Hunt
Begging for Bounties and More Info Stealer Logs
TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.
👍4