All posts in Uncategorized

■■■■■ A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs. https://github.com/floesen/EventLogCrasher https://www.helpnetsecurity.com/2024/01/31/windows-event-log-vulnerability/ https://t.me/cKure/13458

■■■■□ How I hacked chess.com with a rookie exploit. https://skii.dev/rook-to-xss/ https://t.me/cKure/13457

Bypassing Wi-Fi Encryption by Manipulating Transmit Queues. https://www.usenix.org/system/files/usenixsecurity23-schepers.pdf https://t.me/cKure/13455

■■■■□ Taking over WhatsApp accounts by reading voicemails. https://medium.com/@rramgattie/taking-over-whatsapp-accounts-by-reading-voicemails-68ad70dc2499 https://t.me/cKure/13454

● A series of critical zero-day vulnerabilities (approximately 3 issues) have been detected by a security researcher in D-Link devices / CPEs. As per reports; most or all devices are vulnerable and system access can be achieved. @ckuRED could not confirm independently. https://t.me/cKure/13452

● A series of critical zero-day vulnerabilities have been detected by a security researcher in D-Link devices / CPEs. As per reports; most or all devices are vulnerable and system access can be achieved. @ckuRED could not conform independently. https://t.me/cKure/13450

■■■□□ [Tool] CVEMap: Open-source tool to query, browse and search CVEs. https://www.helpnetsecurity.com/2024/02/01/cvemap-query-browse-search-cve/ https://t.me/cKure/13449

■□□□□ Data leak at fintech giant reveals staff calling clients ‘idiots’. https://cybernews.com/security/direct-trading-technologies-data-leak/ https://t.me/cKure/13448

■■□□□ Analysis of Cisco Anyconnect vulnerability CVE-2020-3259 as the initial access vector used by the Akira ransomware group https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259 https://t.me/cKure/13447

■■■□□ Reverse Engineering a Cobalt Strike Dropper With Binary Ninja. https://binary.ninja/2022/07/22/reverse-engineering-cobalt-strike.html https://t.me/cKure/13446