■■■■□ Amazon’s AWS SSM agent can be used as post-exploitation RAT malware. https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/ https://t.me/cKure/12709
All posts in Uncategorized
August 4, 2023 at 02:22PM
■■■□□ pdlist is a passive subdomain finder written in python3. This tool can be used effectively to collect information about a domain without ever sending a single packet to any of its hosts. Given a domain like “example.com” it will find all the hosts which have a hostname .example.com or URLs strictly related to example.com.…
August 4, 2023 at 03:22AM
Exploiting A Flaw In Bitmap Handling In Windows User-mode Printer Drivers. https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers https://t.me/cKure/12706
August 3, 2023 at 09:16PM
■■■■■ Weaponized Browser-in-the-Middle (BitM) for Penetration Testers. https://github.com/fkasler/cuddlephish https://t.me/cKure/12704
August 2, 2023 at 11:08PM
■■■■□ Mantra:「」A tool used to hunt down API key leaks in JS files and pages. https://github.com/MrEmpy/Mantra https://t.me/cKure/12703
August 2, 2023 at 11:06PM
Damn Exploitable Android App – Abusing Info Leaks to bypass ASLR. https://www.mobilehackinglab.com/blog/damn-exploitable-android-app-abusing-info-leaks-to-bypass-aslr https://t.me/cKure/12702
August 2, 2023 at 10:29PM
■■□□□ United States: Hacking tool Flipper Zero tracked by intelligence agencies, which fear white nationalists may deploy it against the power grid. https://www.dailydot.com/debug/flipper-zero-racially-motivated-extremists-fusion-center-alert-nypd/ https://t.me/cKure/12701
August 2, 2023 at 05:42PM
Another approach of Threadless injection discovered by x.com/_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state. ● This is untested code and could have unintended consequences. https://github.com/TheD1rkMtr/D1rkInject https://t.me/cKure/12700
August 2, 2023 at 04:05PM
■■■□□ Tool: Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction. https://github.com/fin3ss3g0d/secretsdump.py https://t.me/cKure/12698
August 2, 2023 at 01:41PM
DPRK based KIMSUKY caught via typo viz. User-Agent attribution. https://asec.ahnlab.com/ko/55646/ https://t.me/cKure/12696