efiXplorer v3.0 [#BHEU Edition] was released. Some new features:

- EFI modules dependency graph
- potential vulnerability checkers (SMM callout and GetVariable PEI/DXE/SMM)

https://github.com/binarly-io/efiXplorer/releases/tag/v3.0

#mehran_p51
#reverse

Learn Computer Networking with respect to Ethical Hacking

#mehran_p51
#network_hacking

https://www.udemy.com/course/learn-computer-networking-with-respect-to-ethical-hacking/?couponCode=DECEMBERBONANZA

New video available! In this video, we will see the two basic scan methods for the Burp Bounty Pro. One of the scanning methods is an improvement incorporated in version 1.5. Burp Bounty Pro - Two Basic Scan Methods https://www.youtube.com/watch?v=xODLLBKMT0M

@mehran_p51

Good🌟💫:)

Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO https://hackerone.com/reports/791775

Project Zero: An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html
#mehran_p51

HTTP Request Smuggling Detection Tool https://hackbotone.medium.com/http-request-smuggling-detection-tool-36ed4bff359c

#mehran_p51

MICROSOFT EXCHANGE REMOTE CODE EXECUTION - CVE-2020-16875
https://x41-dsec.de/security/advisory/exploit/research/2020/12/21/x41-microsoft-exchange-rce-dlp-bypass/


#mehran_p51

Google hackers disclose exploit for an UNPATCHED Windows vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.

Read — https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html

#Recent_news❗️❗️

⭕️ A new flaw in Treck TCP / IP affects millions of Internet of Things (IoT) devices

💢 The US Cybersecurity and Security Agency (CISA) has warned of significant vulnerabilities in a low-level TCP / IP software library developed by Treck that attackers could remotely execute arbitrary commands and attacks. DoS

📌 These four defects are on Treck TCP / IP version 6.0.1.67 and above and have been reported to the company by Intel.


@World_Of_Security 🌐

Which operating systems in 2019, according to research conducted by cyber security company Devcon, have the highest target of malware attacks?

The Windows operating system ranks first with 61%, and the Linux operating system has the lowest attack target.


@World_Of_Security 🌐

🔥 WARNING — Hackers are abusing a weakness in Citrix NetScaler devices to launch amplified 🚀 DDoS attacks against several targets.

Read details ➤ https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html

Affected Citrix customers can temporarily disable DTLS to stop the attack.

Microsoft warns of hackers attempting to target Azure cloud customers via 3rd-party partners/resellers.

https://thehackernews.com/2020/12/microsoft-warns-crowdstrike-of-hackers.html

CrowdStrike & CISA released 2 tools to help users review excessive permissions & detect compromised accounts/apps in AD or Office 365 environments.

In a nationwide cyber crackdown, UK police arrest 21 customers of the now-defunct 'WeLeakInfo' website who allegedly bought breached personal data for criminal activities.

Read more: https://thehackernews.com/2020/12/police-arrest-21-weleakinfo-customers.html

IMPORTANT: Patch it ASAP!

A newly spotted SolarWinds Orion API authentication bypass flaw allows remote attackers to execute commands and was likely also exploited as 0-day to install the 2nd backdoor 'SUPERNOVA.'

Details: https://thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html

Account Takeover via login with OTP 🏆

https://medium.com/@surajbhosale_67721/account-takeover-via-login-with-otp-ba4a33fb1b6f

#mehran_p51

💢21 members of WeLeakInfo site arrested.

👨🏻‍💻21 people across the UK have been arrested by police as part of a high-profile cybercriminal who is a former client and top admin of WeLeakInfo.com.

N The NCA said: "The suspects are using stolen personal funds to commit more cybercrimes and fraud. Out of 21 wanted persons, 18 have been arrested, all of whom are between 18 and 38 years old and 41,000 in the process. "Bitcoin was seized."

Earlier this January, the FBI NCA, the Dutch National Cyber ​​Force, the German Bundescriminal and the Northern Ireland Police jointly took over the Weleakinfo.com domain.

The service was launched in 2017 and sells more than 12 billion stolen data, including names, email addresses, usernames, phone numbers and passwords for online accounts.

"Cybercriminals are well aware that people repeat their passwords on multiple sites, giving scammers the opportunity to exploit them," said Paul Crawfield of the NCA.


@World_Of_Security 🌐

Top disclosed reports from HackerOne: https://github.com/reddelexc/hackerone-reports
#mehran_p51

Account Takeover via Web Cache Poisoning based Reflected XSS

https://lutfumertceylan.com.tr/posts/acc-takeover-web-cache-xss/
#mehran_p51