Sound Research SECOMN service Privilege Escalation (windows 10)
https://github.com/sailay1996/SECOMN_EoP
https://github.com/sailay1996/SECOMN_EoP
GitHub
GitHub - sailay1996/SECOMN_EoP: Sound Research SECOMN service Privilege Escalation (windows 10)
Sound Research SECOMN service Privilege Escalation (windows 10) - GitHub - sailay1996/SECOMN_EoP: Sound Research SECOMN service Privilege Escalation (windows 10)
Escaping the Chrome Sandbox via an IndexedDB Race Condition
Exploitation of a race condition in the IndexedDB implementation of Chrome, demonstrating a full sandbox escape.
https://labs.bluefrostsecurity.de/blog/2019/08/08/escaping-the-chrome-sandbox-via-an-indexeddb-race-condition/?fbclid=IwAR3KOiM1Rng0ELxtJwgiOo4KqOGD-KXhlRTt8Ltq1Hk3WjEkIigNkvKzZcE
Exploitation of a race condition in the IndexedDB implementation of Chrome, demonstrating a full sandbox escape.
https://labs.bluefrostsecurity.de/blog/2019/08/08/escaping-the-chrome-sandbox-via-an-indexeddb-race-condition/?fbclid=IwAR3KOiM1Rng0ELxtJwgiOo4KqOGD-KXhlRTt8Ltq1Hk3WjEkIigNkvKzZcE
labs.bluefrostsecurity.de
Escaping the Chrome Sandbox via an IndexedDB Race Condition | Bluefrostsecurity
Nginx/ memory disclosure via null byte
Insecure implementation of nginx rewrite / OpenResty ngx.req.set_uri() + memory content leak in nginx.
https://hackerone.com/reports/513236
Insecure implementation of nginx rewrite / OpenResty ngx.req.set_uri() + memory content leak in nginx.
https://hackerone.com/reports/513236
This script is a simple experiment to exploit the KR00K vulnerability (CVE-2019-15126), that allows to decrypt some WPA2 CCMP data in vulnerable devices (Access Point or Clients). More specifically this script attempts to retrieve decrypted data of WPA2 CCMP packets knowning:
the TK (128 bites all zero)
the Nonce (sent plaintext in packet header)
the Encrypted Data
Where:
WPA2 AES-CCMP decryption --> AES(Nonce,TK) XOR Encrypted Data = Decrypted Data
Decrypted stream starts with "\xaa\xaa\x03\x00\x00\x00"
Nonce (104 bits) = Priority (1byte) + SRC MAC (6bytes) + PN (6bytes)
https://github.com/akabe1/kr00ker
the TK (128 bites all zero)
the Nonce (sent plaintext in packet header)
the Encrypted Data
Where:
WPA2 AES-CCMP decryption --> AES(Nonce,TK) XOR Encrypted Data = Decrypted Data
Decrypted stream starts with "\xaa\xaa\x03\x00\x00\x00"
Nonce (104 bits) = Priority (1byte) + SRC MAC (6bytes) + PN (6bytes)
https://github.com/akabe1/kr00ker
GitHub
GitHub - akabe1/kr00ker: An experimental script PoC for Kr00k vulnerability (CVE-2019-15126)
An experimental script PoC for Kr00k vulnerability (CVE-2019-15126) - akabe1/kr00ker
Los datos sensibles del ejército alemán encontrados en el portátil comprado en ebay
https://www.hackread.com/german-armys-sensitive-data-laptop-on-ebay/
https://www.hackread.com/german-armys-sensitive-data-laptop-on-ebay/
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
German army's sensitive data found on laptop bought from eBay
Like us on Facebook @ /HackRead
Presentamos Ninja: el C2 construido para las operaciones de equipo rojo sigilo
Cc @Ähmëd khlïêf
Ninja C2 construido en la parte superior del muddyc3 filtrado, pueden encontrar mi artículo sobre cómo reviví este c2 abandonado que utilizó por muddywater (Grupo IRAN APT Group) https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/
Cc @Ähmëd khlïêf
Ninja C2 construido en la parte superior del muddyc3 filtrado, pueden encontrar mi artículo sobre cómo reviví este c2 abandonado que utilizó por muddywater (Grupo IRAN APT Group) https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/
Shells.Systems
Introducing Ninja C2 : the C2 built for stealth red team Operations - Shells.Systems
Estimated Reading Time: 12 minutesNinja C2 built on top of the leaked muddyc3 , you can find my article on how i revived this abandoned c2 which used by muddywater (IRAN APT Group) : Reviving MuddyC3. What make Ninja C2 different from other C2 is being built…