■■■■■ Cross-Site WebSocket Hijacking (CSWSH). https://infosecwriteups.com/cross-site-websocket-hijacking-cswsh-ce2a6b0747fc https://t.me/cKure/9062
All posts by cK-bot
August 25, 2021 at 11:52PM
■■□□□ Interesting thread: Babuk / RAMP Ransomware. https://twitter.com/vxunderground/status/1430618609684992013 https://t.me/cKure/9061
August 25, 2021 at 11:39PM
■■■□□ BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-bug-impacts-customers-in-sensitive-sectors/ https://t.me/cKure/9058
August 25, 2021 at 09:36PM
■■□□□ Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit. https://go.theregister.com/feed/www.theregister.com/2021/08/25/mirai_botnet_critical_vuln_realtek_radware/ https://t.me/cKure/9056
August 25, 2021 at 09:35PM
■■■■■ Msynth; a code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions. Given a pre-computed simplification oracle, it walks over a complex expression represented as an abstract syntax tree (AST) and tries to simplify subtrees based on oracle lookups. Alternatively, it tries to simplify expressions via stochastic program synthesis. https://github.com/mrphrazer/msynth https://t.me/cKure/9054
August 25, 2021 at 09:29PM
■□□□□ ICYMI | Israel : Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple’s new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. A never-before-seen, zero-click iMessaging exploit has been…
August 25, 2021 at 09:28PM
■■□□□ Hakluke’s huge list of resources for beginner hackers. https://labs.detectify.com/2021/08/24/hakluke-list-resources-for-beginner-hackers-2021/ https://t.me/cKure/9052
August 25, 2021 at 09:27PM
■■□□□ List of localhost addresses for SSRF bypass. http://localhost http://127.0.0.1 http://2130706433 http://0177.1 http://0x7f.1 http://127.000.000.1 http://127.0.0.1.nip .io http://[::1] http://[::] Source: Twitter | Anton https://t.me/cKure/9051
August 25, 2021 at 08:46PM
■■■■■ Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY. https://labs.jumpsec.com/burpsuite-and-beyond/ https://t.me/cKure/9050
August 25, 2021 at 08:28PM
■■■■■ Sharp RDP Hijack; A proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions. https://github.com/bohops/SharpRDPHijack https://t.me/cKure/9049