Forwarded from APT
🛡CreateProcessAsPPL
This is a utility for running processes with Protected Process Light (PPL) protection, enabling bypass of EDR/AV solution defensive mechanisms. It leverages legitimate Windows clipup.exe functionality from System32 to create protected processes that can overwrite antivirus service executable files.
🔗 Source:
https://github.com/2x7EQ13/CreateProcessAsPPL
#av #edr #bypass #ppl
This is a utility for running processes with Protected Process Light (PPL) protection, enabling bypass of EDR/AV solution defensive mechanisms. It leverages legitimate Windows clipup.exe functionality from System32 to create protected processes that can overwrite antivirus service executable files.
🔗 Source:
https://github.com/2x7EQ13/CreateProcessAsPPL
#av #edr #bypass #ppl
❤4
❤1
Forwarded from Anastasia 🐞
❤2
Source Byte
image_2025-08-26_20-26-13.png
these are the best phishing SE i have seen recently🥲
They even trick people to be more confidence with their campaign as they say told the victim which city they are from by their NationalID patterns !
plz share your IoCs in group
sample
They even trick people to be more confidence with their campaign as they say told the victim which city they are from by their NationalID patterns !
plz share your IoCs in group
sample
🤯5❤1
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
Blogspot
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the...
From Chrome renderer code exec to kernel with MSG_OOB
🔗 Link
#browser
#exploitation
#kernel
#linux
———
🆔 @Infosec_Fortress
🔗 Link
#browser
#exploitation
#kernel
#linux
———
🆔 @Infosec_Fortress
❤3
Forwarded from GitBook - Bug Bounty
zseano Methodology :
https://manutd.notion.site/zseanos-methodology-cool-f1b6ef8d9e8a46af8bee229c1537d150#18b1238c7e2c4c34ab830acb474c5c04
https://manutd.notion.site/zseanos-methodology-cool-f1b6ef8d9e8a46af8bee229c1537d150#18b1238c7e2c4c34ab830acb474c5c04
manutd on Notion
zseanos-methodology-cool | Notion
Source: https://www.bugbountyhunter.com/zseano/
Author X: https://x.com/zseano
Author X: https://x.com/zseano
❤4🗿1
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
During a Red Team engagement, we compromised an AWS account containing a Confluence instance hosted on an EC2 virtual machine. Although we fully compromised the machine hosting the Confluence instance, we did not have valid credentials to log in but were able to interact with the underlying database. This led us to study the structure of the Confluence database and the mechanism for generating API tokens.
P.S. Еще несколько полезных ссылок со старого канала:
📜 Creating a Malicious Atlassian Plugin
🔗 Malfluence
A PoC for a malicious Confluence plugin, which can access all content inside a Confluence instance, access the database directly, and execute arbitrary commands on the underlying Linux server.
📜 Stealing All of the Confluence Things
🔗 Conf-Thief
A Red Team tool for exfiltrating sensitive data from Confluence pages.
🔗 AtlasReaper
A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.
🔗 Jecretz
Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4👍1
Forwarded from CyberSecurity Shield (Pouyan Zamani)
EPPvsEDRvsXDR.pdf
321.9 KB
یک روز تعطیل که ۶:۳۰ بیدار میشی منجر به تولید #مقاله میشه! یک بار برای همیشه تکلیف epp و edr و xdr رو با هم معلوم کنیم
❤3🗿2
An Undocumented 64-bit Keylogger Targeting Windows Systems
https://github.com/ShadowOpCode/RustMe_Keylogger/blob/main/RustMe%20Keylogger.pdf
https://github.com/ShadowOpCode/RustMe_Keylogger/blob/main/RustMe%20Keylogger.pdf
❤5👍2
Forwarded from ARVIN
NEW RESEARCH: How $81M vanished from Iran's largest crypto exchange
https://akatsukilegion.netlify.app/nobitex_breach-2025
https://akatsukilegion.netlify.app/nobitex_breach-2025
akatsukilegion.netlify.app
When the Bazaar Burned From Within: The Silent Breach of Nobitex — Akatsuki Research
Incident analysis and hunting guidance for the Nobitex breach, including blockchain ecosystem threats and ATT&CK mapping.
❤2
Forwarded from ARVIN
ARVIN
NEW RESEARCH: How $81M vanished from Iran's largest crypto exchange https://akatsukilegion.netlify.app/nobitex_breach-2025
بر اساس این تحقیق بر اساس فایل لاگ مربوط به کارمند نوبیتکس با سطح دسترسی بالا و سرچ هیستوری های آن مشخص شده این کارمند تعداد زیادی اپ های کرک شده را از منابعی مثل soft98 و p30download دانلود کرده بوده
🤯7😁3❤1🤔1
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
BlackSnufkin
CVE-2025-52915: A BYOVD Evolution Story
TL;DR
❤5🔥1🥰1
DOM-based Extension Clickjacking: Your Password Manager Data at Risk
https://marektoth.com/blog/dom-based-extension-clickjacking/
https://marektoth.com/blog/dom-based-extension-clickjacking/
❤3
Forwarded from HyperDbg News & Updates
HyperDbg v0.16 is released! 🐞💫✨
This version adds a new event command '!xsetbv', along with bug fixes, performance improvements, and progress on the user-mode debugger in VMI mode.
Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.16
For more information, check the documentation:
https://docs.hyperdbg.org/commands/extension-commands/xsetbv
This version adds a new event command '!xsetbv', along with bug fixes, performance improvements, and progress on the user-mode debugger in VMI mode.
Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.16
For more information, check the documentation:
https://docs.hyperdbg.org/commands/extension-commands/xsetbv
GitHub
Release v0.16 · HyperDbg/HyperDbg
HyperDbg v0.16 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Q...
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Q...
❤4