luks
@luksecurity_
Followers
52
Following
1K
Media
0
Statuses
155
Amazing episode with @PortSwiggerRes's @albinowax. Back when I started the pod in 2023, I envisioned episodes just like this. High signal, technical, depthful. If you're gonna catch any episode of CTBB, this would be a good one: https://t.co/3xcwRrw7Ha
2
21
139
Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->
22
185
1K
Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- @d_tranman and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙♂️🪄
21
139
598
GOAD Writeup - Part 14: ADCS – The Rest Exploiting ESC 5, 7, 9, 10, 11, 13, 14, and 15 in Game of Active Directory. https://t.co/70uVYVg6o7
mayfly277.github.io
In the previous blog post on ADCS (Goad Pwning Part 6), ESC1, ESC2, ESC3, ESC4, ESC6, and ESC8 were exploited.
4
114
318
Le prochain meetup aura lieu ce lundi 24/02👾 Au programme : - Pwn2Own Ireland : Retour d’expérience par @ImNotFl0 @___t0___ @MajorTomSec On recherche un 2ieme talk pour les accompagner, go dm 👀 📍Boulangerie Bar - 24/02 à partir de 19h (Salle du bas) #Cyber #infosec
1
2
7
We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. https://t.co/GG4tSNnUCf
ambionics.io
In this blog post, we describe new techniques to dump files in PHP leveraging filters, and a tool that does it, lightyear.
0
91
247
🔥💀After 40 hours of constant reversing of weird looking c++ and no sleep, I Finally cooked the CVE-2024-47575 fortimanager unauthenticated RCE 🩸
we’re back, and despite all the buzz about FortiManager - the saga is about to continue. Please, remove this from the Internet *even if fully patched* speak soon.
21
177
1K
Right before #Pwn2Own Ireland 2024, @Creased_ found a vulnerability in Synology TC500 & BC500 security cameras. A blind format string exploit allowed code execution, but Synology patched it, securing the devices in time for the competition. https://t.co/Q9O781ACDH
synacktiv.com
Exploiting a Blind Format String Vulnerability in Modern Binaries: A
1
43
142
A few months ago I've created a "Pefect DLL Loader". You can find some details on my article that was just published today ! The full implem can be found directly in the @defcon workshop in my github ! Hope you will learn something in this 😊 https://t.co/5NaM0tiQnP
riskinsight-wavestone.com
For the last few weeks, I was developing a full custom Command and Control (C2). This C2 uses several Windows DLL for network communication and specially the WINHTTP.DLL one to handle HTTP requests...
3
92
315
Made a cheatsheet list with all my most posts that match up to @TJ_Null's list of HackTheBox machines that are helpful with various OffSec exams. Currently covers three versions of OSCP, OSEP, and OSWE. https://t.co/1lxq9shXxn
0xdf.gitlab.io
TJNull maintains a list of good HackTheBox and other machines to play to prepare for various OffSec exams, including OSCP, OSWE, and OSEP. This page will keep up with that list and show my writeups...
8
149
593
During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog!
trustedsec.com
Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…
4
127
261
🌧️ On a rainy day, I dove into Pokémon Yellow glitches. Ever wondered how they work under the hood? As kids, we were already hackers manipulating bits in memory! 🔍👾 Read more in my latest blog post: https://t.co/LZXKNAxQya
0
10
24
Google actually sponsored these courses because they want more Bug hunters to hunt for Android bugs. And my report shows that these courses can work! This sponsorship also means that you do not need a Hextree subscription to watch this content ;) https://t.co/eZpvzO2oEO
2
36
171
Wrote a blog post on abusing exclusions to evade AVs/EDR which is stealthy, effective and an often overlooked topic. https://t.co/sYQqxhoygT
medium.com
Long time dear readers. In this blog post we’ll see how to abuse a common feature in Antivirus and EDRs that’s not often talked about. I…
5
65
252
🚨SAVE THE DATE! 🚨 The 2nd Pwn conference of the month is coming up! @voydstack, Security Expert at @Synacktiv and active on Root-Me, will be hosting a live session on Heap exploitation this Friday 16 August at 8pm (UTC+2). 🔥Don't miss this analysis of memory management
0
6
19
The official PortSwigger Discord is now open! 🎉👾 Join for access to exclusive events, feature previews, research releases, and to hang out with Burp Suite developers. Join for free here:
discord.com
A place where security professionals, hobbyists, and passionate Burp users can hang out, chat, and collaborate. | 14562 members
7
26
100
Don't miss out on @albinowax Listen to the Whispers white paper 👀 https://t.co/5ALQjAvaxc
https://t.co/nEw37EE8qY
portswigger.net
Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this paper, I'll unleash novel attack concepts to coax out server secrets
0
14
50