😈 [ Thomas Rinsma @thomasrinsma ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
👍4
😈 [ Amal Murali @amalmurali47 ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Forwarded from PT SWARM
🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
🤯15👍4🥱2🤔1
😈 [ Lsec @lsecqt ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
👍3
😈 [ Ptrace Security GmbH @ptracesecurity ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
прикольная идея👍12🤔1
🔥9
😈 [ Slowerzs @slowerzs ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
👍5🥱1
😈 [ slonser @slonser_ ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
👍10🥱2
😈 [ spencer @techspence ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
🔥8
Offensive Xwitter
Лайфхак от моего хорошего друга, гуру админства этих ваших окон @DrunkF0x: закончилась лицуха на шиндовс серваке evaluation-версии (в лабе, например)? Пишем в консоли от админа, и пробный период продляется на 180 дней: Cmd > slmgr /rearm Cmd > shutdown -r…
Мое новое комбо для гига быстрого развертывания виндовируалок в лабе 👇🏻
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
irm https://get.activated.win | iex
🔥13👍4
Годнóта от @s0i37_channel, малютки:
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
👍10🥱2🔥1
😈 [ ap @decoder_it ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
👍4
😈 [ Aurélien Chalot @Defte_ ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
👍9🤔2🤯2
😈 [ BlackWasp @BlWasp_ ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
🔥4
Offensive Xwitter
😈 [ ap @decoder_it ] Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;) 🔗 https://www.tiraniddo.dev/2021/06/the…
😈 [ ap @decoder_it ]
Just published a short blog post on abusing the SeRelabelPrivilege ;)
🔗 https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/
🐥 [ tweet ]
Just published a short blog post on abusing the SeRelabelPrivilege ;)
🔗 https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/
🐥 [ tweet ]
🔥5
😈 [ Synacktiv @Synacktiv ]
Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it!
🔗 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
🐥 [ tweet ]
Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it!
🔗 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
🐥 [ tweet ]
🔥6
😈 [ Octoberfest7 @Octoberfest73 ]
I have a vague memory of some research posted in the past year or two about a technique for executing encrypted shellcode by decrypting the next instruction, executing it, remasking it, etc. Ring any bells for anyone?
… answer …
🔗 https://github.com/lem0nSec/ShellGhost
🐥 [ tweet ]
I have a vague memory of some research posted in the past year or two about a technique for executing encrypted shellcode by decrypting the next instruction, executing it, remasking it, etc. Ring any bells for anyone?
… answer …
🔗 https://github.com/lem0nSec/ShellGhost
🐥 [ tweet ]
🔥4