𝙃4𝙓-𝙏𝙤𝙤𝙡𝙨 🐲

Open source toolkit for scraping, OSINT and more

Link 🔗:-
https://github.com/V1li/H4X-Tools

Discord is spyware because it collects all information that passes through its communication platform. As Discord is a centralized communication platform, all communications have to go through Discord's official servers, where all of that information can potentially be recorded. The vast majority of said information has been confirmed to be recorded, such as all communications between users. Discord has also been confirmed to use other spyware features such as various forms of telemetry. Discord's main source of income is from investment, from which it has received over $279.3 million dollars. Discord cannot be built from source and the source code for Discord is unavailable.

https://spyware.neocities.org/articles/discord

 Исследователь продемонстрировал деанонимизацию Tor-серверов через ETag

https://xakep.ru/2023/06/19/tor-etag/

CVE-2023-35086 POC - ASUS routers format string vulnerability

July 25 2023, Altin (tin-z), github.com/tin-zBrief descriptionASUS RT-AX56U V2 & RT-AC86U router firmwares below or equal to version 3.0.0.4.386_50460 and 3.0.0.4_386_51529 respectively have a format string vulnerability in the detwan.cgi function of the httpd service that can cause code execution when an attacker constructs malicious data.
The vulnerability affects also other ASUS devices using httpd service.
Read here for more details.
references:PocThe vulnerability permits achieving RCE, meanwhile the PoC only achieves DoS, mainly because the firmware was emulated with QEMU and so the stack is different from the real case device.
Prerequisites:The value of 'Referer' header should contain the target's addresspoc_crash.pyvirtualenv --python=python3 .venv source .venv/bin/activate pip install hexdump python poc_crash.py --HOST ...

Continue reading at github.com (from /r/netsec)

Deep Dive: Exploring the Real-world Value of Open Source Intelligence

Rae Baker explains how to use publicly available data to advance your investigative OSINT skills and how your adversaries are most likely to use publicly accessible data against you.

💥GeoServer SQL Injection Vulnerability Analysis (CVE-2023-25157)

SQL Injection Vulnerabilities have been found with:
💾 PropertyIsLike filter, when used with a String field and any database DataStore, or with a PostGIS DataStore with encode functions enabled
💾 strEndsWith function, when used with a PostGIS DataStore with encode functions enabled
💾 strStartsWith function, when used with a PostGIS DataStore with encode functions enabled
💾 FeatureId filter, when used with any database table having a String primary key column and when prepared statements are disabled
💾 jsonArrayContains function, when used with a String or JSON field and with a PostGIS or Oracle DataStore (GeoServer 2.22.0+ only)
💾 DWithin filter, when used with an Oracle DataStore


🔖CVE-2023-25157 - GeoServer SQL Injection - PoC

Usage:
python3 CVE-2023-25157.py <URL>

DFIR Toolkit

20 command line tools for forensic investigation of Windows artifacts.

https://github.com/dfir-dd/dfir-toolkit

#dfir #rust