Forwarded from Ai000 Cybernetics QLab
In April 2025, the threat actor group named Shadowbits claimed to have breached Hamrahe Avval (MCI), Iran's largest mobile operator, and to have gained access to its database. According to the threat actor, a substantial amount of data belonging to MCI's customers was taken, including full names, father names, place of birth, gender, national ID numbers, addresses, postal codes, birth dates, mobile numbers, and SIM card information.
@aioooir | #hack
@aioooir | #hack
Ai000 Cybernetics QLab
In April 2025, the threat actor group named Shadowbits claimed to have breached Hamrahe Avval (MCI), Iran's largest mobile operator, and to have gained access to its database. According to the threat actor, a substantial amount of data belonging to MCI's customers…
i check the breached data
it is new :(
it is new :(
🗿4
Source Byte
i check the breached data it is new :(
hers is detals :
1. 300 MCI employees
(Name and surname, father's name, gender, date of birth, place of birth, ID card, address, province, address, postal code, mobile, plan, email)
2. 300K client name & emails
(customerBriefInfo_custName,indvBrief_email)
1. 300 MCI employees
(Name and surname, father's name, gender, date of birth, place of birth, ID card, address, province, address, postal code, mobile, plan, email)
2. 300K client name & emails
(customerBriefInfo_custName,indvBrief_email)
🤯7👾2😱1
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs.
Combining common building blocks in an atypical way, Check Point Research was able to create a much stealthier version of a known method, Thread Execution Hijacking.
Research by lovely hasherezade
Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs.
Combining common building blocks in an atypical way, Check Point Research was able to create a much stealthier version of a known method, Thread Execution Hijacking.
❤6
Forwarded from Cafe Security (Mohammad)
Problems_Python_Excel.pdf
2.7 MB
Black Hat Asia 2025:
"The Problems of Embedded Python in Excel"
https://github.com/shalomc/bhasia2025
#red_team
#offensive_security
@cafe_security
"The Problems of Embedded Python in Excel"
https://github.com/shalomc/bhasia2025
#red_team
#offensive_security
@cafe_security
👍4👎2
Notes for Analysing Malicious PDF Documents
The purpose of this post is to cover steps & tools for analysing malicious PDF documents. I will be using both the FlareVM and REMnux for analysis purposes.
The purpose of this post is to cover steps & tools for analysing malicious PDF documents. I will be using both the FlareVM and REMnux for analysis purposes.
PRATIK PATEL
Notes for Analysing Malicious PDF Documents
Purpose
👍7❤4
Forwarded from Threathunting (Pouyan Zamani)
❤2👍1
Forwarded from /mdre/
Notes from the recent OnlyMalware event on "Sryxen Stealer" source code analysis are available on GitHub.
We explore how they steal info for:
- browser cookies, autofill, bookmarks, passwords, history
- socials
- games
- VPNs, wallets, and more.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting
https://web.archive.org/web/20231102055645/https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/
Cisco IOS XE CVE-2023-20198: Deep Dive and POC
https://web.archive.org/web/20231104121118/https://horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/
https://web.archive.org/web/20231102055645/https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/
Cisco IOS XE CVE-2023-20198: Deep Dive and POC
https://web.archive.org/web/20231104121118/https://horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/
🔥2