NEW BOT Телеграм, страница - 830856200

HackerOne

11K subscribers

644 photos

31 videos

79 files

2.74K links

Community : @Sec0x01
@Bug0x

Download Telegram

About

Blog

Apps

Platform

11K subscribers

HTTP Protocol Stack Remote Code Execution Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-31166

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

https://github.com/0vercl0k/CVE-2021-31166

GitHub - 0vercl0k/CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166

2.81K viewsAdeL, 10:23

Lazarus APT conceals malicious code within BMP image to drop its RAT https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/

2.67K viewsAdeL, 17:22

https://github.com/Findomain/Findomain

GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...

2.39K viewsAmir Kiani, 10:21

https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530

Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail

2.19K viewsAmir Kiani, 18:55

Malware Analysis: Ragnarok Ransomware https://labs.yarix.com/2021/04/malware-analysis-ragnarok-ransomware/

2.14K viewsAdeL, 17:51

https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/

Muddying the Water: Targeted Attacks in the Middle East

Unit 42 discovers MuddyWater, a threat group targeting entities in the Middle East and beyond.

2.06K viewsAmir Kiani, 20:28

https://github.com/m0nad/awesome-privilege-escalation

GitHub - m0nad/awesome-privilege-escalation: A curated list of awesome privilege escalation

A curated list of awesome privilege escalation. Contribute to m0nad/awesome-privilege-escalation development by creating an account on GitHub.

2.22K viewsAmir Kiani, 20:31

Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-scada-part-ii-vulnerabilities-in-schneider-electric-ecostruxure-machine-expert-and-m221-plc/

Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC

We present two vulnerabilities in EcoStruxure Machine Expert v1.0 and Schneider Electric M221 (Firmware 1.10.2.2) Programmable Logic Controller (PLC). All three vulnerabilities were disclosed to Schneider Electric and the details were released on 10 November…

2.06K viewsAdeL, 14:26

https://thehackerway.com/2021/05/24/network-hacking-con-impacket-parte-3/

Network Hacking con Impacket – Parte 3 - The Hacker Way

Demostración en vídeo de este post

1.99K viewsAmir Kiani, 23:34

https://newrouge.medium.com/web-cache-poisoning-a-tale-of-chaining-unkeyed-inputs-6e3cb026bd23

Web Cache Poisoning: A Tale of chaining unkeyed inputs

Hello fellow hunters, i hope you all are doing good and learning new things daily :) . I am writing today about a lab/mission i solved by…

2.16K viewsAmir Kiani, 23:36

https://sheerazali.com/arctic-writeup-walkthrough-hack-the-box/

Arctic Writeup / Walkthrough Hack the box - Sheeraz ali

This is a writeup on Arctic (Linux HackTheBox), running Adobe's ColdFusion. Exploitation uses CVEs, later requiring privilege escalation for the root flag.

2.31K viewsAmir Kiani, 23:38

2.19K viewsAmir Kiani, 11:34

https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy

X41 D-Sec - Penetration Tests and Source Code Audits

nginx DNS Resolver Off-by-One Heap Write Vulnerability

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer.

2.25K viewsAdeL, 14:13

Forwarded from SecurityLab.ru (Pipiggi)

По информации издания Readovka, Павлу Ситникову, в телеграм-канале которого был опубликован файл с персональными данными 300 тысяч жителей Москвы, переболевших COVID-19, предъявлено обвинение по статье 273, ч.2 – Создание, использование и распространение вредоносных компьютерных программ. По этому делу блогеру грозит до пяти лет тюрьмы.

По данным следствия, Ситников создал вредоносную программу, с помощью которой похитил информацию из московского департамента информационных технологий. При этом ранее глава департамента Эдуард Лысенко признал, что утечка данных произошла по вине его сотрудников.

https://www.securitylab.ru/news/520670.php

Блогера обвинили в утечке персональных данных больных COVID-19

СК завел в отношении блогера, опубликовавшего утечку по ковидным больным Москвы, уголовное дело — ему грозит до 5 лет лишения свободы.

2.08K viewsН Е К И Б Е Р Л Е О, 02:08

https://www.youtube.com/watch?v=ss5iFcK5zxE

Portuguese Track - SVG + OG = LFI - by Rafael ChOckO

Portuguese Track - SVG + OG = LFI - by Rafael ChOckO

Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter

2.38K viewsAmir Kiani, 20:44

https://github.com/swagkarna/Rafel-Rat

2.42K viewsAmir Kiani, 22:36

Owner of telegram channel: Freedom Fox has been arrested by Russian authorities.

https://securityaffairs.co/wordpress/118464/cyber-crime/pavel-sitnikov-arrested.html

Security Affairs

Russian hacker Pavel Sitnikov arrested for distributing malware

The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel.

2.82K viewsDmitriy, 16:00

Attacking Active Directory
https://zer1t0.gitlab.io/posts/attacking_ad/

2.52K viewsAmir Kiani, edited 02:00

https://redcodelabs.io/

2.4K viewsAmir Kiani, edited 02:04

From Binary Patch to Proof-of-concept: a VMware ESXi vmxnet3 Case Study https://zerodayengineering.com/research/vmware-esxi-vmxnet3-from-patch-to-poc.html

2.4K viewsAdeL, 07:12

Zerodium offers 100k$ for a RCE in Pidgin

2.7K viewsAdeL, 20:15