CVE-2024-38077: Windows Remote Desktop Licensing Service RCE
https://github.com/CloudCrowSec001/CVE-2024-38077-POC
https://github.com/CloudCrowSec001/CVE-2024-38077-POC
CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
https://github.com/securelayer7/CVE-2024-38856_Scanner
https://github.com/securelayer7/CVE-2024-38856_Scanner
GitHub
GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner
π₯3
way_Android_root.pdf
1.5 MB
#Mobile_Security
Black Hat USA 2024:
"The Way to Android Root: Exploiting Your GPU on Smartphone (CVE-2024-23380)".
Black Hat USA 2024:
"The Way to Android Root: Exploiting Your GPU on Smartphone (CVE-2024-23380)".
π₯3
Begging for Bounties and More Info Stealer Logs
https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/
https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/
Troy Hunt
Begging for Bounties and More Info Stealer Logs
TL;DR β Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.
π4
Black Hat USA 2024 slides
https://github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20USA%202024%20slides
https://github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20USA%202024%20slides
GitHub
Conferences/Black Hat USA 2024 slides at main Β· onhexgroup/Conferences
Conference presentation slides. Contribute to onhexgroup/Conferences development by creating an account on GitHub.
π₯5π€¨1
#SCCMSecrets.py aims at exploiting #SCCM policies distribution for credentials harvesting, initial access and lateral movement.
https://github.com/synacktiv/SCCMSecrets
https://github.com/synacktiv/SCCMSecrets
GitHub
GitHub - synacktiv/SCCMSecrets: SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initialβ¦
SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement. - synacktiv/SCCMSecrets
π₯3π€¨1π1
Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
π4
Android_App_Usage.pdf
10.3 MB
#Mobile_Security
"Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?", 2024.
"Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?", 2024.
π₯3
How to root an #Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
Pen Test Partners
How to root an Android device for analysis and vulnerability assessment | Pen Test Partners
TL;DR Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OSβ¦
#redteam
Cobalt Strike - CDN / Reverse Proxy Setup
https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
Cobalt Strike - CDN / Reverse Proxy Setup
https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
π5π₯1π€¬1π€¨1
Post-Quantum Cryptography: Standards and Progress
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
Google Online Security Blog
Post-Quantum Cryptography: Standards and Progress
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The...
iSniff GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
https://github.com/hubert3/iSniff-GPS
https://github.com/hubert3/iSniff-GPS
GitHub
GitHub - hubert3/iSniff-GPS: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices - hubert3/iSniff-GPS
π₯2
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
https://blog.redteam-pentesting.de/2024/moodle-rce/
https://blog.redteam-pentesting.de/2024/moodle-rce/
RedTeam Pentesting - Blog
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHPβs eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach β¦
π2
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
π2π₯1π«‘1