Forwarded from @Phantasm_Lab ([L]uth1er)
[Exploit] - Impropper Access Control - Arbitrary File Download + IDOR (0day Vulnerability) MEC
I found a IDOR Lead to Arbitrary File Download in a subdomain of the mec.gov.br, with this vulnerability we can generate random id and request to the server to discovery sensitive files, with this vulnerability it's possible to access, bidding for works,PDF Files sent via emails, information about City's of the country.
https://youtu.be/yOzoIGJJqvk
I found a IDOR Lead to Arbitrary File Download in a subdomain of the mec.gov.br, with this vulnerability we can generate random id and request to the server to discovery sensitive files, with this vulnerability it's possible to access, bidding for works,PDF Files sent via emails, information about City's of the country.
https://youtu.be/yOzoIGJJqvk
Forwarded from @Phantasm_Lab ([L]uth1er)
[Vulnerability] - Cookie Stored injection - XSS at Heroic Third Service, call cookies!
the application calls an external service to create the cookies and they are sent back to the server!
https://youtu.be/maatBdt8TPY
Youtube: @Phatansm_Lab
the application calls an external service to create the cookies and they are sent back to the server!
https://youtu.be/maatBdt8TPY
Youtube: @Phatansm_Lab
Top researchers are calling for a real investigation into the origin of covid-19
A group of prominent biologists say there needs to be
a “safe space” for asking whether the coronavirus came out of a lab.
https://www.technologyreview.com/2021/05/13/1024866/investigation-covid-origin-wuhan-china-lab-biologists-letter/MIT Technology Review
Top researchers are calling for a real investigation into the origin of covid-19
A group of prominent biologists say there needs to be a “safe space” for asking whether the coronavirus came out of a lab.
Opinion: Congress is finally investigating the lab accident covid-19 origin theory
https://www.washingtonpost.com/opinions/global-opinions/congress-is-finally-investigating-the-lab-accident-covid-19-origin-theory/2021/05/06/d7bfb0e4-aeaf-11eb-b476-c3b287e52a01_story.html
https://www.washingtonpost.com/opinions/global-opinions/congress-is-finally-investigating-the-lab-accident-covid-19-origin-theory/2021/05/06/d7bfb0e4-aeaf-11eb-b476-c3b287e52a01_story.html
Explained: What is the Wuhan lab coronavirus theory?
This video will tell you what we know and what we don't know about the origin of the coronavirus.
https://youtu.be/Tql2V7SR83g
This video will tell you what we know and what we don't know about the origin of the coronavirus.
https://youtu.be/Tql2V7SR83g
YouTube
Explained: What is the Wuhan lab coronavirus theory?
This video will tell you what we know and what we don't know about the origin of the coronavirus. (Subscribe: https://bit.ly/C4_News_Subscribe)
We know Covid-19 started in the city of Wuhan in China.
Most scientists think bats are the original source of…
We know Covid-19 started in the city of Wuhan in China.
Most scientists think bats are the original source of…
Was COVID Man-Made Or Natural? Nicholas Wade Speaks On China, WHO, & Wuhan Institute Of Virology
https://youtu.be/2jPYJqFczck
https://youtu.be/2jPYJqFczck
YouTube
Was COVID Man-Made Or Natural? Nicholas Wade Speaks On China, WHO, & Wuhan Institute Of Virology
#China #WHO #COVID-19 #Coronavirus #RepublicTV
Bringing back the focus on the origin of the SARS-CoV-2 (hereafter also referred to as SARS2), which has caused the ongoing Coronavirus pandemic and claimed over 3 million lives across the globe, noted British…
Bringing back the focus on the origin of the SARS-CoV-2 (hereafter also referred to as SARS2), which has caused the ongoing Coronavirus pandemic and claimed over 3 million lives across the globe, noted British…
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
www.tiraniddo.dev
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
I've been going through the various token privileges on Windows trying to find where they're used. One which looked interesting is SeTruste...
Analysis of the Iranian cyber attack landscape
Updated on April 9, 2021, to include recent OilRig activity: SideTwist backdoor variant
https://www.ironnet.com/blog/iranian-cyber-attack-updates
Updated on April 9, 2021, to include recent OilRig activity: SideTwist backdoor variant
https://www.ironnet.com/blog/iranian-cyber-attack-updates
Ironnet
Analysis of the Iranian cyber attack landscape
Updated to include recent activity by the APT Agrius
NSO Group, a polêmica empresa israelense que está sendo vinculada a hackeamento do WhatsApp
Desta vez, a companhia de segurança cibernética é acusada - por diferentes fontes - de ser responsável pelo ataque de hackers denunciado nesta semana pelo WhatsApp.
O jornal britânico Financial Times informou na segunda-feira que o software usado no ataque foi desenvolvido pela empresa, que nega estar por trás do programa.
https://www.bbc.com/portuguese/geral-48279595
Desta vez, a companhia de segurança cibernética é acusada - por diferentes fontes - de ser responsável pelo ataque de hackers denunciado nesta semana pelo WhatsApp.
O jornal britânico Financial Times informou na segunda-feira que o software usado no ataque foi desenvolvido pela empresa, que nega estar por trás do programa.
https://www.bbc.com/portuguese/geral-48279595
BBC News Brasil
NSO Group, a polêmica empresa israelense que está sendo vinculada a hackeamento do WhatsApp
Companhia de segurança cibernética é acusada por diferentes fontes de ser responsável pelo ataque de hackers denunciado nesta semana pelo WhatsApp.
Forwarded from Cyber Threat Intelligence
FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders
https://ift.tt/3ugfWQL
https://ift.tt/3ugfWQL
ZDNET
FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders
One of Conti’s latest victims is Ireland’s health service.