All posts by cK-bot

■■■■■ CVE-2022-29844: A CLASSIC BUFFER OVERFLOW ON THE WESTERN DIGITAL MY CLOUD PRO SERIES PR4100. https://www.zerodayinitiative.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100 https://t.me/cKure/12349

■■■■□ ScareCrow – Payload creation framework designed around EDR bypass. https://github.com/optiv/ScareCrow https://t.me/cKure/12348

■■■□□ Hacking a bank by finding a zero-day in DotCMS. https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/ https://t.me/cKure/12347

■■■□□ Zero-Day: Israeli state sponsored NSO Group’s Pegasus spyware returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click exploit chains. https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/ https://t.me/cKure/12344

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible. https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise https://t.me/cKure/12342

■■■□□ Privacy: Israeli’s iPhone Hacked With NSO’s Pegasus Spyware Twice in Two Years. https://www.haaretz.com/israel-news/security-aviation/2023-04-19/ty-article/israeli-citizen-infected-with-nso-pegasus-spyware-twice-in-two-years/00000187-8f8a-d484-adef-ef8e36910000 https://t.me/cKure/12339

■■□□□ Ghidra tutorial. https://link.medium.com/n3tGGo0U7yb https://t.me/cKure/12338

■■■■□ Recon: Interesting thread on subdomain enumeration by ProjectDiscovery. https://twitter.com/pdiscoveryio/status/1648567268949803012 https://t.me/cKure/12337

■■■□□ Israel’s state sponsored NSO hacked iPhones without user clicks in 3 new ways, researchers say. https://www.washingtonpost.com/technology/2023/04/18/nso-apple-iphones-citizen-lab/ https://t.me/cKure/12336

■■□□□ Disinformation: OSINT investigation into fake images by AFP. https://youtu.be/pIxUDQshf0o https://t.me/cKure/12335