HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
https://security.humanativaspa.it/fox-fix-objectivec-xrefs-in-ghidra/
hn security
FOX - Fix Objective-C XREFs in Ghidra - hn security
Hi! This is my first article […]
2.88K viewsAdeL
HackerOne
https://www.youtube.com/watch?v=_E0PWQvW-14
YouTube
How the Apple AirTags were hacked
On Saturday, I managed to dump the firmware of the newly released Apple AirTags - and in this video I'll show how I did it.

I won't share firmware dumps or so, so please don't ask :)

Links:
- Colin on Twitter: http://twitter.com/colinoflynn
- Colin on YouTube:…
2.49K viewsAmir Kiani
HackerOne
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
Krebs on Security
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on…
2.49K viewsAdeL
HackerOne
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) https://shenaniganslabs.io/2021/04/13/Airstrike.html
Shenanigans Labs
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.

An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force…
2.97K viewsAdeL
HackerOne
HTTP Protocol Stack Remote Code Execution Vulnerability

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-31166
2.6K viewsMmD, edited  
HackerOne
https://twitter.com/brokep/status/1389314362561777665
Twitter
Peter Sunde Kolmisoppi
Maybe you heard that the domain dark.fail (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
2.57K viewsAmir Kiani
HackerOne
HackerOne
HTTP Protocol Stack Remote Code Execution Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-31166
CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

https://github.com/0vercl0k/CVE-2021-31166
GitHub
GitHub - 0vercl0k/CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166
2.81K viewsAdeL
HackerOne
Lazarus APT conceals malicious code within BMP image to drop its RAT https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
2.67K viewsAdeL
HackerOne
https://github.com/Findomain/Findomain
GitHub
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
2.39K viewsAmir Kiani
HackerOne
https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530
Medium
Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail
Part 1: Recon
2.19K viewsAmir Kiani
HackerOne
Malware Analysis: Ragnarok Ransomware https://labs.yarix.com/2021/04/malware-analysis-ragnarok-ransomware/
2.14K viewsAdeL
HackerOne
https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/
Unit 42
Muddying the Water: Targeted Attacks in the Middle East
Unit 42 discovers MuddyWater, a threat group targeting entities in the Middle East and beyond.
2.06K viewsAmir Kiani
HackerOne
https://github.com/m0nad/awesome-privilege-escalation
GitHub
GitHub - m0nad/awesome-privilege-escalation: A curated list of awesome privilege escalation
A curated list of awesome privilege escalation. Contribute to m0nad/awesome-privilege-escalation development by creating an account on GitHub.
2.22K viewsAmir Kiani
HackerOne
Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-scada-part-ii-vulnerabilities-in-schneider-electric-ecostruxure-machine-expert-and-m221-plc/
Trustwave
Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC
We present two vulnerabilities in EcoStruxure Machine Expert v1.0 and Schneider Electric M221 (Firmware 1.10.2.2) Programmable Logic Controller (PLC). All three vulnerabilities were disclosed to Schneider Electric and the details were released on 10 November…
2.06K viewsAdeL
HackerOne
https://thehackerway.com/2021/05/24/network-hacking-con-impacket-parte-3/
The Hacker Way
Network Hacking con Impacket – Parte 3 - The Hacker Way
Demostración en vídeo de este post
1.99K viewsAmir Kiani
HackerOne
https://newrouge.medium.com/web-cache-poisoning-a-tale-of-chaining-unkeyed-inputs-6e3cb026bd23
Medium
Web Cache Poisoning: A Tale of chaining unkeyed inputs
Hello fellow hunters, i hope you all are doing good and learning new things daily :) . I am writing today about a lab/mission i solved by…
2.16K viewsAmir Kiani
HackerOne
https://sheerazali.com/arctic-writeup-walkthrough-hack-the-box/
Sheeraz ali
Arctic Writeup / Walkthrough Hack the box - Sheeraz ali
This is a writeup on Arctic (Linux HackTheBox), running Adobe's ColdFusion. Exploitation uses CVEs, later requiring privilege escalation for the root flag.
2.31K viewsAmir Kiani
HackerOne
2.19K viewsAmir Kiani
HackerOne
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy
X41 D-Sec - Penetration Tests and Source Code Audits
nginx DNS Resolver Off-by-One Heap Write Vulnerability
An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer.
2.25K viewsAdeL
HackerOne
Forwarded from SecurityLab.ru (Pipiggi)
По информации издания Readovka, Павлу Ситникову, в телеграм-канале которого был опубликован файл с персональными данными 300 тысяч жителей Москвы, переболевших COVID-19, предъявлено обвинение по статье 273, ч.2 – Создание, использование и распространение вредоносных компьютерных программ. По этому делу блогеру грозит до пяти лет тюрьмы.

По данным следствия, Ситников создал вредоносную программу, с помощью которой похитил информацию из московского департамента информационных технологий. При этом ранее глава департамента Эдуард Лысенко признал, что утечка данных произошла по вине его сотрудников.

https://www.securitylab.ru/news/520670.php
SecurityLab.ru
Блогера обвинили в утечке персональных данных больных COVID-19
СК завел в отношении блогера, опубликовавшего утечку по ковидным больным Москвы, уголовное дело — ему грозит до 5 лет лишения свободы.
2.08K viewsН Е К И Б Е Р Л Е О
HackerOne
https://www.youtube.com/watch?v=ss5iFcK5zxE
YouTube
Portuguese Track - SVG + OG = LFI - by Rafael ChOckO
Portuguese Track - SVG + OG = LFI - by Rafael ChOckO

Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
2.38K viewsAmir Kiani