Exploiting Android Client WebViews with Help from HSTS
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Blogspot
Exploiting Android Client WebViews with Help from HSTS
TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...
🔥2
Splinter: New Post-Exploitation Red Team Tool
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
Unit 42
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation…
👍3
#AI has potential to automate threat detection, transform cybersecurity
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
SiliconANGLE
AI has potential to automate threat detection, transform cybersecurity
The fanfare around artificial intelligence may be dying down but according to security experts, its impact on defense strategy, red teaming and other aspects of cybersecurity could be long lasting.
🔥3
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
Alfie CG
A step-by-step guide to writing an iOS kernel exploit
Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM
👍2
ATTACKING UNIX SYSTEMS VIA CUPS, PART I
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
evilsocket
Attacking UNIX Systems via CUPS, Part I
🔥3
How hackers can exploit Wi-Fi Captive Portals to distribute Android malware all from a smartphone using WifiPumpkin on NetHunter
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
Mobile Hacker
WiFiPumpkin3 integrated into NetHunter: Powerful Duo allows malware distribution via Captive Portal Mobile Hacker
WiFiPumpkin3 is a powerful framework designed for rogue access point attacks and network security testing. It allows security researchers, and red teamers to create fake Wi-Fi networks, custom captive portals, intercept traffic, and deploy phishing attacks.…
👍1🔥1
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
ProjectDiscovery
Zimbra - Remote Command Execution (CVE-2024-45519) — ProjectDiscovery Blog
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute…
👍2
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
evilsocket
Attacking UNIX Systems via CUPS, Part I
👍4
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway…
👍3❤1
CVE-2024-7479 & CVE-2024-7481: TeamViewer User to Kernel LPE
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
YouTube
TeamViewer User to Kernel Privilege Escalation PoC - CVE-2024-7479 & CVE-2024-7481 - Short Demo
https://www.cve.org/CVERecord?id=CVE-2024-7479
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
🔥4👌1
Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
Bounty Security
Bounty Security Releases GBounty: Our Web Scanning Tool is Now Open Source
Bounty Security is thrilled to announce that we have open-sourced several of our flagship tools under the MIT license. This move is our way of giving back to the community that has supported us, allowing everyone to benefit from and contribute to these powerful…
👍4😍2
SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
GitHub
GitHub - tomasz-lisowski/simurai
Contribute to tomasz-lisowski/simurai development by creating an account on GitHub.
👍2
Finding #TeamViewer 0days
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Peter Gabaldon
Finding TeamViewer 0days - Part I
Finding TeamViewer 0days. Part 1: The story begins
👍4
Silently Install Chrome Extension For Persistence
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
DEVCORE 戴夫寇爾
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I | DEVCORE 戴夫寇爾
This research will discuss an overlooked attack surface that allowed us to find more than ten vulnerabilities within two months. Additionally, we will delve into a proxy-based logical vulnerability type that allows us to bypass most validations, enabling…
🔥4
GAI_for_pentest.pdf
821.3 KB
#Offensive_security
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
ChatGPT-4o Guardrail Jailbreak:
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
0din.ai
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
0DIN researchers have uncovered an encoding technique that allows ChatGPT-4o and other popular AI models to bypass safety mechanisms and generate exploit code.