Streaming vulnerabilities from Windows Kernel - Proxying to Kernel
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
DEVCORE 戴夫寇爾
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I | DEVCORE 戴夫寇爾
This research will discuss an overlooked attack surface that allowed us to find more than ten vulnerabilities within two months. Additionally, we will delve into a proxy-based logical vulnerability type that allows us to bypass most validations, enabling…
🔥4
GAI_for_pentest.pdf
821.3 KB
#Offensive_security
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
ChatGPT-4o Guardrail Jailbreak:
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
0din.ai
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
0DIN researchers have uncovered an encoding technique that allows ChatGPT-4o and other popular AI models to bypass safety mechanisms and generate exploit code.
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main · MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
❤3
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
🔥3
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
GitHub
GitHub - z3n70/Frida-Script-Runner: Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security…
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation. - z3n70/Frida-Script-Runner
👍3
Python implementation of GhostPack's Seatbelt situational awareness tool
https://github.com/0xthirteen/Carseat
https://github.com/0xthirteen/Carseat
GitHub
GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool
Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat
🔥3🤨2
#Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575)
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…
🔥5🤔2🤨2👀1
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
👍4
CVE-2024-48990: Linux LPE via needrestart
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
🔥5🤨2⚡1👍1👀1
Hunting for blind XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
Intigriti
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...
Boost Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
https://www.mobile-hacker.com/2025/01/09/boost-your-flipper-zero-with-feberis-3-in-1-subghz-nrf24-and-wifi-board/
https://www.mobile-hacker.com/2025/01/09/boost-your-flipper-zero-with-feberis-3-in-1-subghz-nrf24-and-wifi-board/
Mobile Hacker
Boost Your Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
I am excited to introduce you to FEBERIS, an expansion 3-in-1 development board for the Flipper Zero. This custom board utilizes external Wi-Fi, NRF24, and CC1101 modules, enhancing the capabilities of your Flipper Zero device.
How We Cracked a 512-Bit #DKIM Key for Less Than $8 in the Cloud
https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
#Ivanti Connect Secure IFT TLS Stack Overflow pre-auth #RCE (CVE-2025-0282)
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
GitHub
GitHub - watchtowrlabs/CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)
Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282) - watchtowrlabs/CVE-2025-0282
👍2🔥1