All posts tagged hack

■■■■■ Path to domain admin. An interesting thread! https://twitter.com/_nwodtuhs/status/1491135798959546369 https://t.me/cKure/10687

CVE-2021-39675, is present in the mobile OS’s System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and “with no additional execution privileges needed,” as Google puts it. https://source.android.com/security/bulletin/2022-02-01 Change management: https://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0 Reference: https://www.theregister.com/2022/02/09/android_security_bulletin/ https://t.me/cKure/10686

■■■□□ Introduction to Request Smuggling. https://gosecure.github.io/request-smuggling-workshop https://t.me/cKure/10685

■■■■□ Writeup :- Private Bug Bounty : RCE in EC2 instance via SSH with private key exposed on public GitHub repository – XX,000 USD : https://t.co/JeCsaBDS6q credits: omespino https://omespino.com/write-up-private-bug-bounty-rce-in-ec2-instance-via-ssh-with-private-key-exposed-on-public-github-repository-xx000-usd/ https://t.me/cKure/10684

■■■■□ CVE-2022-22718 local privilege escalation exploit for Windows Printer Spooler https://github.com/ly4k/SpoolFool https://t.me/cKure/10682

■■□□□ Microsoft and Other Major Software Firms Release February 2022 Patch Updates. https://thehackernews.com/2022/02/microsoft-and-other-major-software.html https://t.me/cKure/10681

■□□□□ Tool for OSINT / OS-INTEL of names and potential login patterns. https://seintpl.github.io/NAMINT/ https://t.me/cKure/10680

■■■□□ Kernel mode WinDbg extension and PoCs for testing how token privileges work. https://github.com/daem0nc0re/PrivFu https://t.me/cKure/10679

■■□□□ https://portswigger.net/research/rss https://t.me/cKure/10678

■□□□□ Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks. https://t.me/cKure/10676