HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years. RotaJakiro

https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html
The Hacker News
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
2.42K viewsAdeL
HackerOne
https://github.com/Ondrik8/start
GitHub
GitHub - Ondrik8/start
Contribute to Ondrik8/start development by creating an account on GitHub.
2.38K viewsAmir Kiani
HackerOne
https://ds3summit.github.io/#introduction
2.35K viewsAdeL
HackerOne
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
2.68K viewsAdeL
HackerOne
Automatic and platform-independent unpacker for Windows binaries based on emulation

https://github.com/unipacker/unipacker
GitHub
GitHub - unipacker/unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
Automatic and platform-independent unpacker for Windows binaries based on emulation - unipacker/unipacker
2.63K viewsAdeL, edited  
HackerOne
2.66K viewsAmir Kiani
HackerOne
https://security.humanativaspa.it/fox-fix-objectivec-xrefs-in-ghidra/
hn security
FOX - Fix Objective-C XREFs in Ghidra - hn security
Hi! This is my first article […]
2.88K viewsAdeL
HackerOne
https://www.youtube.com/watch?v=_E0PWQvW-14
YouTube
How the Apple AirTags were hacked
On Saturday, I managed to dump the firmware of the newly released Apple AirTags - and in this video I'll show how I did it.

I won't share firmware dumps or so, so please don't ask :)

Links:
- Colin on Twitter: http://twitter.com/colinoflynn
- Colin on YouTube:…
2.49K viewsAmir Kiani
HackerOne
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
Krebs on Security
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on…
2.49K viewsAdeL
HackerOne
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) https://shenaniganslabs.io/2021/04/13/Airstrike.html
Shenanigans Labs
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.

An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force…
2.97K viewsAdeL
HackerOne
HTTP Protocol Stack Remote Code Execution Vulnerability

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-31166
2.6K viewsMmD, edited  
HackerOne
https://twitter.com/brokep/status/1389314362561777665
Twitter
Peter Sunde Kolmisoppi
Maybe you heard that the domain dark.fail (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
2.57K viewsAmir Kiani
HackerOne
HackerOne
HTTP Protocol Stack Remote Code Execution Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-31166
CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

https://github.com/0vercl0k/CVE-2021-31166
GitHub
GitHub - 0vercl0k/CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166
2.81K viewsAdeL
HackerOne
Lazarus APT conceals malicious code within BMP image to drop its RAT https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
2.67K viewsAdeL
HackerOne
https://github.com/Findomain/Findomain
GitHub
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
2.39K viewsAmir Kiani
HackerOne
https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530
Medium
Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail
Part 1: Recon
2.19K viewsAmir Kiani
HackerOne
Malware Analysis: Ragnarok Ransomware https://labs.yarix.com/2021/04/malware-analysis-ragnarok-ransomware/
2.14K viewsAdeL
HackerOne
https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/
Unit 42
Muddying the Water: Targeted Attacks in the Middle East
Unit 42 discovers MuddyWater, a threat group targeting entities in the Middle East and beyond.
2.06K viewsAmir Kiani
HackerOne
https://github.com/m0nad/awesome-privilege-escalation
GitHub
GitHub - m0nad/awesome-privilege-escalation: A curated list of awesome privilege escalation
A curated list of awesome privilege escalation. Contribute to m0nad/awesome-privilege-escalation development by creating an account on GitHub.
2.22K viewsAmir Kiani
HackerOne
Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-scada-part-ii-vulnerabilities-in-schneider-electric-ecostruxure-machine-expert-and-m221-plc/
Trustwave
Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC
We present two vulnerabilities in EcoStruxure Machine Expert v1.0 and Schneider Electric M221 (Firmware 1.10.2.2) Programmable Logic Controller (PLC). All three vulnerabilities were disclosed to Schneider Electric and the details were released on 10 November…
2.06K viewsAdeL
HackerOne
https://thehackerway.com/2021/05/24/network-hacking-con-impacket-parte-3/
The Hacker Way
Network Hacking con Impacket – Parte 3 - The Hacker Way
Demostración en vídeo de este post
1.99K viewsAmir Kiani