Directory Traversal (Path Traversal) #DirectoryTraversal #PathTraversal #OWASP #SourceCodeReview #SSTI https://blog.projectasuras.com/OWASP/Path-Traversal/1
CVE-2024-54819 - I Librarian Server Side Request Forgery #CVE202454819 #ILibrarian #SSRF #Cybersecurity #Vulnerability https://www.partywave.site/show/research/CVE-2024-54819_-_I_Librarian_Server_Side_Request_Forgery
www.partywave.site
cve-2024-54819-i-librarian-server-side-request-forgery
Discover cve-2024-54819-i-librarian-server-side-request-forgery article on partywave.
👍1
Command Injection in apmcfgupload endpoint for DrayTek Gateway Devices #Notion #AllinOne #Workspace #Notes #Tasks https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f
netsecfish on Notion
Command Injection in `apmcfgupload` endpoint for DrayTek Gateway Devices | Notion
Summary
CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 #PoC #LdapNightmare #CVE202449113 #SafeBreachLabs #WindowsServerVulnerability https://github.com/SafeBreach-Labs/CVE-2024-49113
GitHub
GitHub - SafeBreach-Labs/CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 - SafeBreach-Labs/CVE-2024-49113
Remote Code Execution (RCE) Exploits – How Hackers Exploit from Home #RCEExploits #HackersAtHome #OcsalyAcademy #CybersecurityThreats #StaySafe https://ocsaly.com/how-hackers-exploit-calibre-and-what-you-can-do-about-it/
TMI — Too Much Information. The less you reveal the better! #TMI #UserEnumerationVulnerability #InformationDisclosure #SecureProgramming #ProtectUserData https://medium.com/@aleksamajkic/too-much-information-the-less-you-reveal-the-better-163dabb7f89f
Medium
TMI — Too Much Information. The less you reveal the better!
A short overview of frequently overlooked vulnerability with real world examples
RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. #RustPotato #GodPotato #SeImpersonate #SYSTEMPrivileges #ReverseShell https://github.com/safedv/RustPotato
GitHub
GitHub - safedv/RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP…
A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. - safedv/RustPotato
Backdooring Your Backdoors - Another $20 Domain, More Governments #Backdoors #DomainExploitation #GovernmentCompromised #WebShells #CyberSecurityResearch https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
watchTowr Labs
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability…
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability #OpenSSH #Vulnerability #PoCExploit #CyberSecurity #RemoteCodeExecution https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
Cyber Security News
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical OpenSSH vulnerability CVE-2024-6387, also known as "regreSSHion," has been released, raising alarms across the cybersecurity community.
Comment obtenir une injection SQL « time-based blind » et automatiser en modifiant SQLMAP ? #TimeBasedSQLInjection #BlindSQLInjection #ModifyingSQLMap #CyberSecurity #DataExfiltration https://www.hackmosphere.fr/time-based-blind-sql-injection/
Hackmosphere
Time-based Blind SQL Injection et modification de SQLMAP
Time-based blind SQL injection : Découvrez comment cette faille se distingue par sa capacité à exfiltrer des données sans activer d'alerte.
Exploiting SSTI in a Modern Spring Boot Application (3.3.4) #SSTI #SpringBoot #Pentesting #RCE #Exploit https://modzero.com/en/blog/spring_boot_ssti/
Modzero
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
First tokens: The Achilles’ heel of LLMs #LLM #AssistantPrefill #WebSecurity #SafetyAlignment #AISecurity https://www.invicti.com/blog/security-labs/first-tokens-the-achilles-heel-of-llms/
Invicti
First Tokens: The Achilles’ Heel of LLMs
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit. #Gayfemboy #Botnet #0dayExploit #CyberThreatInsight #DDoSAttack https://blog.xlab.qianxin.com/gayfemboy-en/
奇安信 X 实验室
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.
Overview
Countless script kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…
Countless script kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…
🤷2👍1
$2m laundered: the YouTube crypto tutorials’ huge scam (investigation) #CryptoScam #YouTubeTutorialScam #MillionDollarLaundering #Investigation #StaySafe https://medium.com/@tim.sh/2m-laundered-the-youtube-crypto-tutorials-huge-scam-investigation-8f4a0a3c92d8
Medium
$2m laundered: the YouTube crypto tutorials’ huge scam (investigation)
How 1 youtube video turned out to be a part of a million dollar scam scheme
🤯1
How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud #512BitDKIM #CloudCracking #ASN1DER #RSAKeys #EmailVerification https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
Memory Allocators 101 - Write a simple memory allocator #MemoryAllocators #SimpleMemoryAllocator #Malloc #Free #HeaderAllocation https://arjunsreedharan.org/post/148675821737/memory-allocators-101-write-a-simple-memory
Tumblr
Memory Allocators 101 - Write a simple memory allocator
Code related to this article: github.com/arjun024/memalloc
This article is about writing a simple memory allocator in C.
We will implement malloc(), calloc(), realloc() and free().
This is a beginner...
This article is about writing a simple memory allocator in C.
We will implement malloc(), calloc(), realloc() and free().
This is a beginner...
🤯3🔥1
fav-up: IP lookup by favicon using Shodan #GitHub #IPlookup #Favicon #Shodan #Python https://github.com/pielco11/fav-up
GitHub
GitHub - pielco11/fav-up: IP lookup by favicon using Shodan
IP lookup by favicon using Shodan. Contribute to pielco11/fav-up development by creating an account on GitHub.
🔥3
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) #IvantiConnectSecure #ExploitationWalkthrough #RemoteCodeExecution #VulnerabilityAnalysis #ExploitationTechniques https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
watchTowr Labs
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282.
Today, we’re going to walk through exploitation.…
Today, we’re going to walk through exploitation.…
👍2
Threat actors exploit a 0-day in exposed management consoles of Fortinet FortiGate firewalls #AccessDenied #PermissionDenied #FortinetFirewalls #ServerError #EdgeSuiteError https://www.orangecyberdefense.com/global/blog/cert-news/0-day-in-exposed-management-consoles-of-fortinet-fortigate-firewalls
Orangecyberdefense
0-day in exposed management consoles of Fortinet FortiGate firewalls
A recent campaign targeting FortiGate firewalls, where the devices’ management interfaces exposed to the Internet were compromised.
Story of a Pentester Recruitment 2025 #PentesterRecruitment2025 #SilentSignal #EthicalHacking #WebApplicationTesting #VulnerabilitiesIdentification https://blog.silentsignal.eu/2025/01/14/pentester-recruitment-2025-mushroom/
Silent Signal Techblog
Story of a Pentester Recruitment 2025
Because we can!
Millions of Accounts Vulnerable due to Google’s OAuth Flaw #GoogleOAuthFlaw #SensitiveDataRisk #MillionsAffected #TruffleSecurityCo #OauthVulnerability https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw
Trufflesecurity
Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.
Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.
👍2