chebuya
@_chebuya
Followers
2K
Following
145
Media
21
Statuses
72
Also, big thanks to @ACEResponder for their work on RogueSliver - it was massively helpful while writing the PoC. Do check it out:.
0
7
39
Found an SSRF in Sliver C2 (CVE-2025-27090), allowing an attacker to read and write TCP traffic through affected teamservers. Demo shows leaking the IP of a Sliver teamserver hidden behind redirectors. Writeup and PoC in replies
8
133
643
RT @vxunderground: vx-underground Black Mass Research Group presents: Minegrief. tl;dr a computer worm that targets minecraft. https://t.c….
0
45
0
I have hereby been declared GIGACHAD for the Minecraft malware I wrote for the @vxunderground JVM malware competition 🥰🥰. Do check out the Black Mass Research Group telegram as well!.
This is the contest winner :).Ships with a 0day for Crafty controller. Huge thanks to @_chebuya. Today I'm announcing Black Mass Research Group. Our goal is to make interesting malware for public study. Please enjoy our first project!.
3
10
110
RT @bot59751939: This is the contest winner :).Ships with a 0day for Crafty controller. Huge thanks to @_chebuya. Today I'm announcing Bla….
0
28
0
Yo, Microsoft, we need to talk. This is Notepad. Literally nobody asked for this.
1
57
553
RT @clintgibler: 🛠️ Sastsweep. A tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter….
0
3
0
RT @clintgibler: 📚 tl;dr sec 255. 🤖 @ProjectZeroBugs AI finds bug in SQLite.☁️ New OSS: CloudTail, SkyScalpel @permisosecurity.🛣️ Auto-gene….
0
5
0
0
12
0
Here is running SASTsweep against HackerOne open source targets. It lets you open the semgrep finding in an HTML report, and from there you can open the affected section of code within GitHub/Github1s for further analysis. Tool:
SASTsweep is now open source. Happy hunting!.
0
5
22
Big thanks to @semgrep for making this tool possible and @pdiscoveryio for giving me inspiration.
I ran semgrep on every open source target in scope on HackerOne with my tool, SASTSweep, here's what that looks like. Last teaser before tool release I promise
0
2
9
I ran semgrep on every open source target in scope on HackerOne with my tool, SASTSweep, here's what that looks like. Last teaser before tool release I promise
Check out this tool I've been developing. It's like httpx, but instead of finding interesting web servers to hack on, it's for finding interesting code repositories to audit. In this example I am spidering the "command-and-control" topic and running semgrep on every
5
49
300
Check out this tool I've been developing. It's like httpx, but instead of finding interesting web servers to hack on, it's for finding interesting code repositories to audit. In this example I am spidering the "command-and-control" topic and running semgrep on every
9
43
243
wow, these CAPTCHAs have been getting weird recently ^_^
4
58
765
Great blog post by Laurence Tennant of @IncludeSecurity, detailing multiple vulnerabilities that they discovered in open source C2 frameworks, including an Unauthenticated RCE on SHAD0W C2 😛.
Who hacks the hackers? We do!. Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up.
0
1
10
Not very polite behavior from a "security researcher" and colleague who re-worded my writeup for the BYOB RCE and phrased the announcement like it was their own discovery.
How I discovered and exploited an Unauthenticated RCE in BYOB (Build Your Own Botnet), an open-source post-exploitation framework for students, researchers and developers with close to 9k stars on GitHub!.
8
25
275
How I discovered and exploited an Unauthenticated RCE in BYOB (Build Your Own Botnet), an open-source post-exploitation framework for students, researchers and developers with close to 9k stars on GitHub!.
@HackingLZ > claims to be for students, universities, researchers etc.> ransomware and XMRig installer functionality being developed.> FAQ helps "students" failing to install XMRig properly.🤔😂
2
48
191