Exploiting Anno 1404
#vulnerability #hijacking #rpc @reconcore
Multiple vulns in Anno 1404: Venice multiplayer mode enable arbitrary code execution through path traversal, DLL hijacking, RPC exposure, and memory corruption, demonstrated on Win10
#vulnerability #hijacking #rpc @reconcore
Synacktiv
Exploiting Anno 1404
Windows Exploitation Techniques:
Winning Race Conditions with Path Lookups
#windows #exploitation #methods #technique @reconcore
Winning Race Conditions with Path Lookups
The article details methods to drastically slow Windows object namespace lookups using complex directory structures, symbolic links, and hash collisions, thereby expanding race condition windows for exploitation
#windows #exploitation #methods #technique @reconcore
projectzero.google
Windows Exploitation Techniques: Winning Race Conditions with Path Lookups - Project Zero
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as wel...
Google Cloud Shell Container Escape
Cloud Shell Postmortem: In-Depth Analysis of Internal Mechanisms
#vulnerability #vm #kernel @reconcore
Cloud Shell Postmortem: In-Depth Analysis of Internal Mechanisms
A successful container escape from Google Cloud Shell was achieved via hotplug hijacking, exploiting kernel hotplug events on a KVM-hosted environment, highlighting the risks posed by kernel vulnerabilities and system configurations
#vulnerability #vm #kernel @reconcore
Medium
Google Cloud Shell Container Escape
Cloud Shell Postmortem: In-Depth Analysis of Internal Mechanisms
🔥1
LDIFToBloodHound
A Windows tool that converts LDIF files to BloodHound CE
#ad #pentest #tools #bloodhound @reconcore
A Windows tool that converts LDIF files to BloodHound CE
When performing Active Directory assessments through restricted network paths (SOCKS proxies, port forwarding, etc.), tools like SharpHound or bloodhound-python often fail due to DNS resolution issues or connectivity problems.
ldapsearch works reliably through proxies, but its output (LDIF format) isn't compatible with BloodHound. This tool bridges that gap by:
1. Parsing LDIF files from ldapsearch
2. Decoding binary nTSecurityDenoscriptor attributes using Windows APIs
3. Extracting ACEs (Access Control Entries) for attack path analysis
4. Outputting BloodHound CE v6 compatible JSON files
#ad #pentest #tools #bloodhound @reconcore
MobSF
#analysis @reconcore
About Mobile Security Framework
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. MobSF can be used for a variety of use cases such as mobile application security, penetration testing, malware analysis, and privacy analysis. The Static Analyzer supports popular mobile app binaries like APK, IPA, APPX and source code. Meanwhile, the Dynamic Analyzer supports both Android and iOS applications and offers a platform for interactive instrumented testing, runtime data and network traffic analysis. MobSF seamlessly integrates with your DevSecOps or CI/CD pipeline, facilitated by REST APIs and CLI tools, enhancing your security workflow with ease.
MobSF only supports APK, APKS, XAPK, AAB, JAR, AAR, SO, IPA, DYLIB, A, ZIP, and APPX files.
#analysis @reconcore
Mobile Forensics: Simple Methods to Extract Media and Messages from WhatsApp, Signal, and Telegram
#messenger #mobile #forensics #methods @reconcore
#messenger #mobile #forensics #methods @reconcore
Blogspot
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
Author(s): Vlad Pasca, Radu-Emanuel Chiscariu New two-stage malware targets cryptocurrency wallets and browser history LeakyInjector uses l...
ArkhamMirror
#python #opensource #osint #sqlite #data #visualization #embeddings #llm #localllm @reconcore
Local-first AI-powered document intelligence platform for investigative journalism
#python #opensource #osint #sqlite #data #visualization #embeddings #llm #localllm @reconcore
Countering EDRs With The Backing Of Protected Process Light (PPL)
#ppl #edr #evasion #defender #bypass #protection #redteam @reconcore
#ppl #edr #evasion #defender #bypass #protection #redteam @reconcore
Zerosalarium
Countering EDRs With The Backing Of Protected Process Light (PPL)
Abusing the Clipup.exe program by using the CreateProcessAsPPL.exe tool to destroy the executable file of the EDRs, Antivirus.
Security Advisory: CVE-2025-56157 - Default Credentials in Dify
#vulnerability #pe #rce @reconcore
CVE ID: CVE-2025-56157 Date:12/18/2025 Vendor: LangGenius (Dify)Product: Dify Affected Versions: <= v1.5.1Vulnerability Type: Insecure Permissions / Default Credentials Severity: High (Remote Code Execution, Privilege Escalation, Information Disclosure)
#vulnerability #pe #rce @reconcore
DevOps_Security_and_Automation.pdf
8.2 MB
DevOps Security and Automation:
Building, deploying, and scaling modern software systems 2025.
#devops #iac #security #engineering #automation #book @reconcore
Building, deploying, and scaling modern software systems 2025.
This book equips readers with the knowledge and practical skills needed to excel in DevOps. From foundational concepts to advanced techniques, it covers the DevOps lifecycle, including version control, CI/CD, IaC, containerization, Kubernetes, observability, security integration, and site reliability engineering. Each chapter includes hands-on exercises using industry-standard tools like Docker, Jenkins, Terraform, and Prometheus
#devops #iac #security #engineering #automation #book @reconcore
ESC1-unPAC (BOF)
#bof @reconcore
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
#bof @reconcore
Active Directory Pentest Mindmap 2025
Orange Cyberdefense mindmaps ocd-mindmaps
#offensivesecurity #infographics #ad @reconcore
Orange Cyberdefense mindmaps ocd-mindmaps
#offensivesecurity #infographics #ad @reconcore
Mayfly
Active Directory Pentest Mindmap 2k25
Full view and regulary updated Active Directory Pentest mindmap is available on orange cyberdefense mindmap site : https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.noscript
🔥1
The Evolution of C2: Centralized to On-Chain
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains — with concrete detection playbooks.
What’s inside:
#cybersecurity #malware #c2 #blockchain @reconcore
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains — with concrete detection playbooks.
What’s inside:
1. The lineage: IRC → HTTP/HTTPS → DGA & P2P → fast-flux → cloud/“legit” platforms → blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.
#cybersecurity #malware #c2 #blockchain @reconcore
netlas.io
The Evolution of C2: Centralized to On-Chain - Netlas Blog
How C2 moved from centralized servers to blockchain contracts. Resilience, trade-offs, real cases, and practical detection via RPC filtering and on-chain analysis.
Cloudflare-Redirector
#redirector #cloudflare #c2 @reconcore
Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.
#redirector #cloudflare #c2 @reconcore
CVE-2025-37164: Unauthenticated RCE in HPE OneView.
Blog post: https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis
Metasploit Module:
ZoomEye Dork:
#vulnerability #analysis @reconcore
Unauthenticated RCE (10.0 CVSS) vulnerability, in Hewlett Packard Enterprise (HPE) OneView via an unauthenticated REST endpoint called executeCommand. All versions below 11.00 are vulnerable (so long as the vendor supplied hotfix has not been applied), however some VM product versions do not enable the vulnerable "ID Pools" endpoint, and are not exploitable.
Blog post: https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis
Metasploit Module:
exploit/linux/http/hpe_oneview_rce
ZoomEye Dork:
app="HPE OneView"
P.S. When testing HPE OneView version 6.60, you can elevate to root by exploiting CVE-2021-4034. It's unknown if that will work against more recent OneView appliance versions.
#vulnerability #analysis @reconcore
This media is not supported in your browser
VIEW IN TELEGRAM
Moonwalk++
Blog Post: Malware Just Got Its Free Passes Back!. #poc #malware #injection @reconcore
A PoC implementation of an enahnced version of StackMoonwalk, which combines its original technique to remove the caller from the call stack, with a memory self-encryption routine, using ROP to both desynchronize unwinding from control flow and simultaneously encrypt the executing shellcode to hide it from inpection.
Blog Post: Malware Just Got Its Free Passes Back!. #poc #malware #injection @reconcore
Team-History-Sync
#burpsuite @reconcore
A Burp Suite extension for real-time sharing of HTTP traffic between team members with user-based highlighting.
#burpsuite @reconcore
Tor_Pentest_Report.pdf
1.2 MB
Tor Project Pentest - Code audit and network health report 2025.
#netsec #appsec #analytics #offensivesecurity @reconcore
This document outlines the results of a pentest and whitebox security review conducted against a number of Tor Project items. Test Targets: Network Metrics, Visualization Stack, Relay & Network Health Tools, Exit Relay Scanning, Bandwidth Measurement, Tor Core Code Changes
#netsec #appsec #analytics #offensivesecurity @reconcore