All posts in Uncategorized

■■■■□ WinRAR flaw lets hackers run programs when you open RAR archives. https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/ https://t.me/cKure/12769

■□□□□ Eyes is an OSINT tool to get existing accounts from an email. https://github.com/N0rz3/Eyes https://t.me/cKure/12768

■■■■□ CloudEyE — From .lnk to Shellcode. https://gi7w0rm.medium.com/cloudeye-from-lnk-to-shellcode-4b5f1d6d877 https://t.me/cKure/12767

■■■■■ Tool: BurpSuite Extension (plugin). InQL, an open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. https://github.com/doyensec/inql https://t.me/cKure/12765

■□□□□ Funny: Cyber security researchers become target of criminal hackers. ● The victim apparently was a war veteran. https://www.ft.com/content/88560ffa-bb5f-428a-894e-d791a0ee342c https://t.me/cKure/12764

■■■□□ Emulating the Iranian State-Sponsored Adversary APT35. https://www.attackiq.com/2023/08/18/emulating-apt35/ https://t.me/cKure/12763

■■■■□ Journey into Windows Kernel Exploitation: The Basics. https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics-fff72116ca33 https://t.me/cKure/12762

■■■■■ Fuzzing IoT binaries with AFL++ – Part II. https://blog.attify.com/fuzzing-iot-binaries-with-afl-part-ii/ https://t.me/cKure/12761

■■■□□ [Tool] headerpwn: A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers    Useful for uncovering the following behaviors: – Header based access control issues – 403/401 Bypasses – Detecting anomalies when certain special headers are present – Header based cache poisoning denial of service issues – Debug information disclosure…

■■■■□ DLL side-loading. https://www.politoinc.com/post/playing-with-bubbles-an-introduction-to-dll-sideloading https://t.me/cKure/12759