HackingDept
@hacking_dept
Followers
84
Following
73
Media
5
Statuses
38
Warsaw, Poland
Joined October 2018
We are releasing the first wave of vulnerabilities targeting @paxtechnology PAX Android POS terminals. The list includes pre-auth RCE on the root account by exploiting a hidden bootloader functionality via USB. You can expect more POS CVEs soon™ :) https://t.co/7DjDTxZ3EU
blog.stmcyber.com
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
2
31
66
Our pentesters Stanisław Koza and Jakub Sajniak (@kubolos231) found another high vuln in the Cisco product. It was marked CVE-2023-20211 and it allows any auth user to extract any info from the Cisco Unified Communications Manager using SQLi. Our PoC:
blog.stmcyber.com
A vulnerability in the web mgmnt interface of Cisco Unified CM and CM SME could allow an authenticated, remote attacker to conduct SQL injection attack.
1
4
11
Get ready, set, hack! https://t.co/q8OOuOigww just hit the ground! ⏰ Less than 24hrs to uncover flags, conquer snacks & tackle tricky AI challenges 🤖. This year we replaced all boring crypto puzzles with 2 zajebiste tasks.
0
7
24
Third time's a charm! Once again @p4_team and @DragonSectorCTF have joined forces as the Poland Can Into Space team to conquer space 🇵🇱🚀🌌 and this time we did🏆! We won @hack_a_sat, the space security competition! Thanks to🥈SpaceBitsRUs and🥉@solarwine_ctf for a fierce fight!
5
34
197
The best feature of the decompiler is one that spawns random processes and gives you a heart attack. Check out our story on how to do RCE in JEB decompiler - @jebdec - running on Java 18:
blog.stmcyber.com
Finding RCE during deobfuscation in JEB decompiler running on Java 18.
2
14
32
Winner winner chicken dinner 🦆Poland stronk 🇵🇱 💪 Once again we won @hack_a_sat quals 🚀 together with @DragonSectorCTF and friends! #HackASat3 🛰️
3
11
93
Poniżej zamieszczamy częściowe wyniki konkursu CYBERSEC CTF by HackingDept #CS22_EXPO Zwycięzcom i wszystkim uczestnikom gratulujemy 💪 Mamy nadzieję, że zobaczymy się na kolejnej edycji.
Na koniec pierwszego dnia konferencji rozstrzygnęliśmy konkurs #cybersecurity CYBERSEC CTF by @hacking_dept. Gratulujemy wszystkim, którzy podjęli wyzwanie, a szczególnie zwycięzcom #cyber zmagań 💪🏻👏🏻🎊
0
3
8
Nasz CTF startuje za niecałe 30 min, jeżeli chcesz zgarnąć nasze gadżety spróbuj swoich sił na: https://t.co/kv03GVJkgM A jeżeli jesteś na @CYBERSECEU #CS22_EXPO wpadnij i się przywitaj :)
0
2
5
Jeżeli jesteś studentem spróbuj swoich sił! Mija ostatnia szansa aby się zarejestrować i wziąć udział w konkursie i konferencji. Jeżeli nie możesz przyjechać, a chcesz zmierzyć się z zadaniami, nic straconego, zarejestruj się na wydarzenie online.
Ostatnia szansa, by się zapisać i wziąć udział w konkursie #cybersecurity❗️ 15 zadań, nagrody pieniężne, okazja do sprawdzenia swoich zdolności z zakresu cyberbezpieczeństwa. Wydarzenie ma miejsce podczas CYBERSEC Forum/EXPO #CS22_EXPO. Dołącz do nas❗️ https://t.co/XlfWpbWrsb
0
3
5
Second year in a row @p4_team and @dragonsectorctf have joined forces as the Poland Can Into Space team to conquer space 🇵🇱 🚀 🌌 and once again we have finished 🥈 in a space security @hack_a_sat competition! Congrats to 🥇 @solarwine_ctf and 🥉@dicegangctf. #zawszedrudzy
9
22
150
Last weekend, p4 representation flew to Saudi Arabia for our first onsite CTF since the COVID-19 breakout. The visit was fruitful - 3rd place and 100k SR (almost 27k USD) reward. Thanks to @athackcon for the invitation, awesome CTF, and your outstanding hospitality.
1
0
4
Our research on @IBM Password Sync Plugin for Windows AD was recognized in their Security Bulletin https://t.co/oRQEP6VPMn PoCs for our findings: LDAP Injection/account takeover https://t.co/8kDOsnhopX Memory corruption - stack/heap https://t.co/S9DQHPYxMG
https://t.co/VTo9O8N1wH
0
7
14
Last weekend we had the pleasure 😀 of hosting our friends from @p4_team who participated in the #GoogleCTF challenge⌨🧠. Congratulations on your 8th position in the competition ✊🦾✊. Our new office has survived a trial by fire🥷.
0
2
20
Once again, we have teamed up with @DragonSectorCTF to participate in the @hack_a_sat, a space security CTF contest. This year we continue to prove that Poland Can Into Space and now we won the qualifications 🥇. Wish us luck in the finals! 🇵🇱🚀🌌 https://t.co/2tpygWyyNr
gg Poland Can Into Space for finishing quals 🎉🍾 90 minutes left, hack harder computer how do i type a computer emoji help computer
0
17
81
Helpful collection of #Excel4.0 functions for #RedTeam and #BlueTeam. Check out our #github: https://t.co/6OshrZnaeN
#pentest
github.com
List of Awesome Excel4.0/XLM tricks and functions useful for Red Team and Blue Team. This list is for anyone wishing to learn about Excel4.0/XLM for Red Team but do not have a starting point. - STM...
0
6
15
As every year, we organise a #CTF for you to play. This time, @OMHconf is our host and @PolskaHuawei is our sponsor. Everyone will have fun - expect tough challenges for elite hackers, and easier tasks for beginners. Register at https://t.co/OFyIHLdxqt. CTF starts in 9 days!
0
14
31
Our friend from STM Solutions @_mzer0 has released a cool open source tool for searching and pwning Java RMI. It seems to work really nice :) https://t.co/5qgaYkUyLH
github.com
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial. - STMCyber/RmiTaste
As we promised we have a surprise for you. We present a tool made by @_mzer0 RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial, and more... https://t.co/leL4QIKxnD
#RMI #Java
0
0
2
We still don't know how the final scoreboard looks like, but our on-orbit challenge payload/plan was the best and it's going to be executed tonight on a real satellite making a photo of the moon :). We can now definitely say that #PolandCanIntoSpace 🇵🇱🚀🌌🌙
3
22
80
9
30
207
Find out who made it - Will these top teams regain control? Don't miss the final #HackASat event Aug. 7-9. #LaunchDotCom
@plaidctf @DragonSectorCTF @p4_team @AddVulcan @pfs_ctf @fluxfingers @EatSleepPwnRpt @redrocket_ctf || @SecureAerospace @DEFCON @DefenseDigital @AFResearchLab
3
42
125