HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
2.09K viewsAmir Kiani
HackerOne
https://gist.github.com/decalage2/a87b02581c28013d51585639cd21bfd0
Gist
Simple noscript to detect CVE-2021-40444 URLs using oletools
Simple noscript to detect CVE-2021-40444 URLs using oletools - detect_CVE-2021-40444.py
1.82K viewsAmir Kiani
HackerOne
https://bazaar.abuse.ch/sample/d0e1f97dbe2d0af9342e64d460527b088d85f96d38b1d1d4aa610c0987dca745/
bazaar.abuse.ch
MalwareBazaar - court.docx
Threat intel on court.docx (MD5 55998cb43459159a5ed4511f00ff3fc8)
1.81K viewsAmir Kiani
HackerOne
HackerOne
https://bazaar.abuse.ch/sample/d0e1f97dbe2d0af9342e64d460527b088d85f96d38b1d1d4aa610c0987dca745/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
1.8K viewsAmir Kiani
HackerOne
Healthcare orgs in California, Arizona send out breach letters for nearly 150,000 after SSNs accessed during ransomware attacks

https://www.zdnet.com/article/healthcare-orgs-in-california-arizona-send-out-breach-notice-letters-for-nearly-150000-after-ssns-accessed-during-ransomware-attacks/#ftag=RSSbaffb68
ZDNet
Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks
LifeLong Medical Care and Queen Creek Medical Center were both hit with ransomware attacks over the past year.
1.98K viewsAdel
HackerOne
https://www.scyllaforums.com/Thread-Caller-ID-Spoofing-2021
2.03K viewsAdel
HackerOne
Template Injection in Email Templates leads to code execution on Jira Service Management Server.

https://github.com/PetrusViet/CVE-2021-39115
GitHub
GitHub - PetrusViet/CVE-2021-39115: Template Injection in Email Templates leads to code execution on Jira Service Management Server
Template Injection in Email Templates leads to code execution on Jira Service Management Server - PetrusViet/CVE-2021-39115
2.24K viewsAdel
HackerOne
https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
Trend Micro
Remote Code Execution Zero-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
2.22K viewsAdel
HackerOne
https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf
2.12K viewsAdel
HackerOne
CVE-2021-30632 #Chrome #0day #PoC 

var a;
function foo() {
    a = new Uint32Array(100);
}
%PrepareFunctionForOptimization(foo);
foo();
foo();
a["xxx"] =1;
delete a["xxx"];
%OptimizeFunctionOnNextCall(foo);
foo();
2.27K viewsAdel
HackerOne
https://youtu.be/pbRk8sCvcsg
YouTube
Analyze, Reverse and Exploit CVE-2021-40444
In this video, we dive into Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444).
[English subnoscripts added]
#cve202140444 #debugging #reversing #exploit #analyze #0day #CVE 202140444
Related Links:
https://github.com/aydianosec/CVE2021-40444…
2.19K viewsAmir Kiani
HackerOne
https://www.offensive-ot.com/2021/09/16/aprendiendo-a-leer-y-escribir-pero-dispositivos-industriales-parte-1/
Ciberseguridad Industrial | Offensive OT -
Aprendiendo a Leer y Escribir pero… dispositivos industriales (Parte 1) - Ciberseguridad Industrial | Offensive OT
Aprendiendo a Leer y Escribir pero... dispositivos industriales (Parte 1). Utilizaremos el simulador ModBus que permitiría emular un laboratorio de pruebas...
2.22K viewsAdel
HackerOne
https://securitylab.github.com/advisories/GHSL-2021-097-apache-dubbo
GitHub Security Lab
GHSL-2021-097: Pre-Auth Unsafe Java Deserialization in Apace Dubbo - CVE-2021-37579
Apache Dubbo is vulnerable to pre-Auth Unsafe Java Deserialization
2.23K viewsAdel
HackerOne
https://youtu.be/N8-N-gERO9w
YouTube
ebpf linux kernel exploit | cve-2021-3490 poc
what is ebpf linux kernel?
It is a kernel technology (starting in Linux 4.x) that allows programs to run without having to change the kernel source code or adding additional modules. It is a sort of lightweight, sandbox virtual machine (VM) inside the Linux…
2.25K viewsAdel
HackerOne
2.23K viewsAmir Kiani
HackerOne
2.24K viewsAmir Kiani
HackerOne
5 RCEs in npm for $15,000
robertchen.cc/blog
2.2K viewsAmir Kiani
HackerOne
NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Special Publication (SP) 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources - https://csrc.nist.gov/publications/detail/sp/1800-32/draft
CSRC | NIST
NIST Special Publication (SP) 1800-32 (Withdrawn), Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy…
The Industrial Internet of Things, or IIoT, refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed…
2.16K viewsAdel
HackerOne
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through

https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
2.4K viewsAdel
HackerOne
https://youtu.be/jimGQpftYWs
YouTube
Inside hacker solution | CVE-2019-20372 PoC | NGINX http request smuggling
#NGINX http request smuggling : cve-2019-20372 NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted…
2.83K viewsAdel
HackerOne
https://youtu.be/OfPb3sfqBUs
YouTube
Analyzing and Reversing Ransomware - (4/5)
In this video, we are going to solve Ransomware CTF that was a challenge at the HTB Business CTF 2021 from the Forensics category. [English subnoscripts added]
#Ransomware #analyzing #Hackthebox #Business #CTF #reversing #Forensics #python #powershell #visualbasic…
2.58K viewsAmir Kiani