All posts by cK-bot

■■□□□ Interesting thread on Foxit reader memory leak. https://twitter.com/l33d0hyun/status/1448963734949412866 https://t.me/cKure/9765

■■■■□ CVE-2021-41335 write-up here. https://pastebin.com/H7tQSX7C https://t.me/cKure/9764

■■□□□ Malware can escape a debugging session by implementing TLS callbacks that will be executed before the entry point. Their addresses are pointed by the PE header’s data directory IMAGE_DIRECTORY_ENTRY_TLS. https://t.me/cKure/9763

■■■□□ Disinformation from United States : “Hacker X”— the American who built a pro-Trump fake news empire—unmasks himself. https://arstechnica.com/information-technology/2021/10/hacker-x-the-american-who-built-a-pro-trump-fake-news-empire-unmasks-himself/ https://t.me/cKure/9762

■■■■□ Untested | CVE-2021-38295 PoC: A simple Python proof of concept for CVE-2021-38295. https://github.com/ProfessionallyEvil/CVE-2021-38295-PoC https://t.me/cKure/9761

■■■■■ DCOM_AV_EXEC allows for “diskless” lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used with the DCOM_AV_EXEC tool to bypass antivirus solutions like Microsoft Defender as all shellcode is AES encrypted and executed in memory. .NET DCOM lateral movement…

■■■□□ POC Exploit CVE-2021-33766 (ProxyToken). https://github.com/bhdresh/CVE-2021-33766 https://t.me/cKure/9759

■■□□□ Writeup for CVE-2021-40438. https://firzen.de/building-a-poc-for-cve-2021-40438 https://t.me/cKure/9758

■■□□□ Data-Leak: Thingiverse Data Leak Affects 228,000 Subscribers. https://www.databreachtoday.com/thingiverse-data-leak-affects-25-million-subscribers-a-17729 https://t.me/cKure/9757

Old but Gold: Bypassing the Air-Gap system for sensitive info. Your body reveals your password by interfering with Wi-Fi https://dl.acm.org/doi/10.1145/2976749.2978397 http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/ https://t.me/cKure/9756