The Lazarus Group (APT), which is widely known to be linked to North Korea, has recently launched a new social engineering technique called ClickFix. In this method, the attacker fabricates a fake problem (for example, claiming that your camera is broken or that you need to install an update) and tricks the victim into clicking a link or executing a command that actually runs malicious code. Lazarus has been primarily using this technique in fake job interview scenarios within the cryptocurrency sector, which is why their new campaign is known as ClickFake Interview.
In these attacks, they typically drop infected files such as ClickFix-1.bat or compressed packages like nvidiaRelease.zip in front of the victim. These files execute malware families such as BeaverTail and InvisibleFerret, designed to steal information and establish hidden access. Interestingly, Lazarus has built multiple variants of these malware strains — ranging from PowerShell and Node.js noscripts on Windows to Golang binaries that run across Windows, Linux, and even macOS (both ARM and Intel).
⭐️ @ZeroSec_team
In these attacks, they typically drop infected files such as ClickFix-1.bat or compressed packages like nvidiaRelease.zip in front of the victim. These files execute malware families such as BeaverTail and InvisibleFerret, designed to steal information and establish hidden access. Interestingly, Lazarus has built multiple variants of these malware strains — ranging from PowerShell and Node.js noscripts on Windows to Golang binaries that run across Windows, Linux, and even macOS (both ARM and Intel).
⭐️ @ZeroSec_team
❤1👌1
Reports show that the new wave of censorship has become much stricter. The focus now is on blocking commonly used ports like 443 and 80 when used for non-standard traffic, and even alternative ports such as 8443 and 2083 are under pressure. The use of DPI (Deep Packet Inspection) has increased significantly, with attempts to intelligently identify encrypted traffic.
In addition, serious changes have been applied to DNS, and a multi-layered blocking system is being implemented. This time it’s not just about IP blocking — more intelligent methods are being used to detect VPNs and tunneling. Many regular V2Ray or Xray configurations no longer work, making it necessary to switch to more advanced obfuscation methods such as Obfuscation, Reality, or XTLS.
Signs suggest that restrictions will expand even further, and may even target cloud services and artificial intelligence platforms. In short, the situation is more serious than before, and new methods will be needed to bypass it.
خبرها نشون میده موج جدید فیلترینگ خیلی جدیتر شده الان تمرکز روی بستن پورتهای پر استفاده مثل 443 و 80 برای ترافیک غیر استاندارد هست و حتی پورتهای جایگزین مثل 8443 و 2083 هم تحت فشار قرار گرفتن استفاده از DPI یا همون Deep Packet Inspection به شدت افزایش پیدا کرده و سعی میکنن باهوش ترافیک رمزگذاری شده رو شناسایی کنن علاوه بر این روی DNS هم تغییرات جدی اعمال شده و مسدودسازی چند لایه داره پیادهسازی میشه این بار فقط آیپی بستن نیست بلکه روشهای هوشمند برای تشخیص VPN و تونلینگ فعال شدن خیلی از کانفیگهای عادی V2Ray یا Xray دیگه کار نمیکنن و باید سراغ روشهای پنهانسازی پیشرفتهتر مثل Obfuscation یا Reality و XTLS رفت نشونهها حاکی از اینه که سختگیری قراره گستردهتر بشه و حتی ممکنه به سمت مسدود کردن سرویسهای ابری و هوش مصنوعی هم بره خلاصه اینکه اوضاع از قبل جدیتره و باید به فکر روشهای جدید برای دور زدنش بود.
⭐️ @ZeroSec_team
In addition, serious changes have been applied to DNS, and a multi-layered blocking system is being implemented. This time it’s not just about IP blocking — more intelligent methods are being used to detect VPNs and tunneling. Many regular V2Ray or Xray configurations no longer work, making it necessary to switch to more advanced obfuscation methods such as Obfuscation, Reality, or XTLS.
Signs suggest that restrictions will expand even further, and may even target cloud services and artificial intelligence platforms. In short, the situation is more serious than before, and new methods will be needed to bypass it.
خبرها نشون میده موج جدید فیلترینگ خیلی جدیتر شده الان تمرکز روی بستن پورتهای پر استفاده مثل 443 و 80 برای ترافیک غیر استاندارد هست و حتی پورتهای جایگزین مثل 8443 و 2083 هم تحت فشار قرار گرفتن استفاده از DPI یا همون Deep Packet Inspection به شدت افزایش پیدا کرده و سعی میکنن باهوش ترافیک رمزگذاری شده رو شناسایی کنن علاوه بر این روی DNS هم تغییرات جدی اعمال شده و مسدودسازی چند لایه داره پیادهسازی میشه این بار فقط آیپی بستن نیست بلکه روشهای هوشمند برای تشخیص VPN و تونلینگ فعال شدن خیلی از کانفیگهای عادی V2Ray یا Xray دیگه کار نمیکنن و باید سراغ روشهای پنهانسازی پیشرفتهتر مثل Obfuscation یا Reality و XTLS رفت نشونهها حاکی از اینه که سختگیری قراره گستردهتر بشه و حتی ممکنه به سمت مسدود کردن سرویسهای ابری و هوش مصنوعی هم بره خلاصه اینکه اوضاع از قبل جدیتره و باید به فکر روشهای جدید برای دور زدنش بود.
⭐️ @ZeroSec_team
😭6🤡1💔1
🪲 #H2C Upgrade Bypass
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
GET / HTTP/1.1
Host: example.com
Upgrade: h2c
Connection: Upgrade
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
❤4
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#burp
#bugbounty
⭐️ @Zerosec_team
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#burp
#bugbounty
⭐️ @Zerosec_team
❤4🔥2
Pentesting Plugin Ecosystems: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/pentesting-addon-plugin-ecosystems
⭐️ @Zerosec_team
https://www.intigriti.com/researchers/blog/hacking-tools/pentesting-addon-plugin-ecosystems
⭐️ @Zerosec_team
❤3
The Great Firewall of China (GFW) has leaked
Good morning — around 600 GB of data has leaked. The ones to blame are Geedge Networks and the MESA Laboratory at the Institute of Information Engineering, Chinese Academy of Sciences.
These same guys, grinning slyly (like Shang Tsung), supply censorship technologies to Myanmar, Pakistan, Ethiopia, Kazakhstan, etc. (look up the “One Belt, One Road” initiative).
What leaked:
Source code, internal communication structures, work logs, technical documentation from groups involved in building and maintaining the system, plus a pile of project denoscriptions and technical proposals, and so on.
In general, if you start googling/reading about MESA and Geedge, it gets insanely interesting — not only how censorship was imposed inside China, but also how they exported it abroad for surveillance. Clever stuff.
Download :
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
Good morning — around 600 GB of data has leaked. The ones to blame are Geedge Networks and the MESA Laboratory at the Institute of Information Engineering, Chinese Academy of Sciences.
These same guys, grinning slyly (like Shang Tsung), supply censorship technologies to Myanmar, Pakistan, Ethiopia, Kazakhstan, etc. (look up the “One Belt, One Road” initiative).
What leaked:
Source code, internal communication structures, work logs, technical documentation from groups involved in building and maintaining the system, plus a pile of project denoscriptions and technical proposals, and so on.
In general, if you start googling/reading about MESA and Geedge, it gets insanely interesting — not only how censorship was imposed inside China, but also how they exported it abroad for surveillance. Clever stuff.
Download :
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
🔥4❤1
RadvanSec
The Great Firewall of China (GFW) has leaked Good morning — around 600 GB of data has leaked. The ones to blame are Geedge Networks and the MESA Laboratory at the Institute of Information Engineering, Chinese Academy of Sciences. These same guys, grinning…
فایروال بزرگ چین (GFW) لو رفت
صبح بخیر حدود ۶۰۰ گیگابایت داده نشت کرده. مقصرها: Geedge Networks و آزمایشگاه MESA در مؤسسه مهندسی اطلاعاتِ آکادمی علوم چین.
همین افراد با خندهای موذیانه (مثل Shang Tsung 😅) فناوریهای سانسور را به میانمار، پاکستان، اتیوپی، قزاقستان و غیره هم صادر کردهاند (کافیه ابتکار «یک کمربند، یک جاده» رو سرچ کنید).
چه چیزهایی لو رفته:
کد منبع، ساختار ارتباطات داخلی، گزارشهای کاری، مستندات فنی مربوط به گروههایی که در ساخت و نگهداری سیستم نقش داشتند، بهعلاوه کلی توضیحات پروژهها و پیشنهادهای فنی و ...
بهطور کلی اگر شروع کنید به سرچ کردن یا خوندن دربارهی MESA و Geedge، ماجرا خیلی جالب میشه نه فقط اینکه چطور سانسور رو داخل کشور اعمال میکردن، بلکه اینکه چطور این سیستمها رو برای نظارت در خارج از کشور هم صادر کردن. خیلی زیرکانه ست.
دانلود تورنت:
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
صبح بخیر حدود ۶۰۰ گیگابایت داده نشت کرده. مقصرها: Geedge Networks و آزمایشگاه MESA در مؤسسه مهندسی اطلاعاتِ آکادمی علوم چین.
همین افراد با خندهای موذیانه (مثل Shang Tsung 😅) فناوریهای سانسور را به میانمار، پاکستان، اتیوپی، قزاقستان و غیره هم صادر کردهاند (کافیه ابتکار «یک کمربند، یک جاده» رو سرچ کنید).
چه چیزهایی لو رفته:
کد منبع، ساختار ارتباطات داخلی، گزارشهای کاری، مستندات فنی مربوط به گروههایی که در ساخت و نگهداری سیستم نقش داشتند، بهعلاوه کلی توضیحات پروژهها و پیشنهادهای فنی و ...
بهطور کلی اگر شروع کنید به سرچ کردن یا خوندن دربارهی MESA و Geedge، ماجرا خیلی جالب میشه نه فقط اینکه چطور سانسور رو داخل کشور اعمال میکردن، بلکه اینکه چطور این سیستمها رو برای نظارت در خارج از کشور هم صادر کردن. خیلی زیرکانه ست.
دانلود تورنت:
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
🔥4❤2👍1
NodeJS_Sec_for_WebApp.pdf
2.4 MB
#Tech_book
#WebApp_Security
"Essential Node.js Security for Express Web Applications", 2023.
// This book aims to equip existing Node.js developers, both beginners and experienced, with expertise and skills in security best practices. The book takes a practical hands-on approach to the Node.js ecosystem by using a good deal of source code examples, as well as leveraging and reviewing well tested and commonly used libraries and industry security standards
⭐️ @Zerosec_team
#WebApp_Security
"Essential Node.js Security for Express Web Applications", 2023.
// This book aims to equip existing Node.js developers, both beginners and experienced, with expertise and skills in security best practices. The book takes a practical hands-on approach to the Node.js ecosystem by using a good deal of source code examples, as well as leveraging and reviewing well tested and commonly used libraries and industry security standards
⭐️ @Zerosec_team
❤3🔥1
Hi everyone, I’ve set up the watcher to run about 6 times a day, roughly every 4 hours, so you’ll get the most effective coverage possible
سلام بچه ها واچر رو تنظیم کردم روزی 6 بار ران میشه حدودا هر 4 ساعت یکبار تا بتونید موثر ترین حالت ممکن رو پوشش بدید
Watcher Report : @ZeroSec_group
⭐️ @ZeroSec_team
سلام بچه ها واچر رو تنظیم کردم روزی 6 بار ران میشه حدودا هر 4 ساعت یکبار تا بتونید موثر ترین حالت ممکن رو پوشش بدید
Watcher Report : @ZeroSec_group
⭐️ @ZeroSec_team
👍2🔥2❤1
📊 Watcher Summary Report
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 0 new item
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 0 new item
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
❤2
Daily dorking on LLMs can provide you with good bugs, especially from the data disclosures of these AI models
⭐️ @ZeroSec_team
⭐️ @ZeroSec_team
👍4🔥2❤1
📊 Watcher Summary Report
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 90 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 90 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
❤2🔥1
📊 Watcher Summary Report
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 91 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 91 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
👍1