HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
Exclusive: #RUMINT Rumor Intelligence from Iran 🇮🇷 via Israel 🇮🇱.

Nuclear facility at Natanz, Iran has suffered major damage by an attack.

Rumor 1: Israel launched a cyber attack at the facility.

Rumor 2: Israel used local assets and used explosives (likely a sabotage) and / or cyber tactics during the attack.

Rumor 3: It was an accident.

However, the facility sustained power damage and no nuclear leak occurred, as per reliable source.
2.81K viewsAdeL
HackerOne
2.54K viewsН Е К И Б Е Р Л Е О
HackerOne
https://swarm.ptsecurity.com/rce-cockpit-cms/
PT SWARM
From 0 to RCE: Cockpit CMS
Our team searched for bugs in the source code of Cockpit, an open-source content management system. Here is the denoscription of Cockpit from its official site: Cockpit is a headless CMS with an API-first approach that puts content first. It is designed to…
2.6K viewsAmir Kiani
HackerOne
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
2.71K viewsAmir Kiani
HackerOne
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Census-Labs
CENSUS | Cybersecurity Engineering
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities…
3.11K viewsAmir Kiani
HackerOne
Forwarded from Security Analysis
1-click RCE in Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble

https://ift.tt/3gcdx6d
positive.security
Allow arbitrary URLs, expect arbitrary code execution | Positive Security
Insecure URL handling leading to 1-click code execution vulnerabilities in Telegram, Nextcloud (CVE-2021-22879), VLC, LibreOffice (CVE-2021-25631), OpenOffice (CVE-2021-30245), Bitcoin/Dogecoin Wallets, Wireshark (CVE-2021-22191) and Mumble (CVE-2021-27229).
3.06K viewsAdeL
HackerOne
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
2.87K viewsAmir Kiani, edited  
HackerOne
Telegram bug bounties: XSS, privacy issues, official bot exploitation and more…

https://davtur19.medium.com/telegram-bug-bounties-xss-privacy-issues-official-bot-exploitation-and-more-5277fa78435
2.97K viewsAdeL
HackerOne
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

https://cve.reconshell.com/cve/CVE-2021-31546
3.1K viewsAdeL, edited  
HackerOne
https://twitter.com/1rpwn/status/1387082353206599685
Twitter
Adel
Testing SAML integrations? Make sure to check - document/assertion signing - XSW attacks - self-signing document - replay protection - document expiration time - relay state open redirect - originating IP validation - XXE - XSLT Need more input -> docs.oasis…
2.42K viewsAdeL
HackerOne
https://www.ironnet.com/blog/iranian-cyber-attack-updates
Ironnet
Analysis of the Iranian cyber attack landscape
Updated to include recent activity by the APT Agrius
2.35K viewsAdeL
HackerOne
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years. RotaJakiro

https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html
The Hacker News
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
2.42K viewsAdeL
HackerOne
https://github.com/Ondrik8/start
GitHub
GitHub - Ondrik8/start
Contribute to Ondrik8/start development by creating an account on GitHub.
2.38K viewsAmir Kiani
HackerOne
https://ds3summit.github.io/#introduction
2.35K viewsAdeL
HackerOne
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
2.68K viewsAdeL
HackerOne
Automatic and platform-independent unpacker for Windows binaries based on emulation

https://github.com/unipacker/unipacker
GitHub
GitHub - unipacker/unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
Automatic and platform-independent unpacker for Windows binaries based on emulation - unipacker/unipacker
2.63K viewsAdeL, edited  
HackerOne
2.66K viewsAmir Kiani
HackerOne
https://security.humanativaspa.it/fox-fix-objectivec-xrefs-in-ghidra/
hn security
FOX - Fix Objective-C XREFs in Ghidra - hn security
Hi! This is my first article […]
2.88K viewsAdeL
HackerOne
https://www.youtube.com/watch?v=_E0PWQvW-14
YouTube
How the Apple AirTags were hacked
On Saturday, I managed to dump the firmware of the newly released Apple AirTags - and in this video I'll show how I did it.

I won't share firmware dumps or so, so please don't ask :)

Links:
- Colin on Twitter: http://twitter.com/colinoflynn
- Colin on YouTube:…
2.49K viewsAmir Kiani
HackerOne
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
Krebs on Security
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on…
2.49K viewsAdeL
HackerOne
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) https://shenaniganslabs.io/2021/04/13/Airstrike.html
Shenanigans Labs
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.

An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force…
2.97K viewsAdeL