All posts tagged hack

Chrome: Site Isolation bypass via NavigationPreloadRequest. https://bugs.chromium.org/p/project-zero/issues/detail?id=2239 https://t.me/cKure/10423

Zero-Day: A deep dive into the Israeli state sponsored cyber-crime spyware via zero-click iMessage exploit: Remote Code Execution. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://t.me/cKure/10421

■■■■□ Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077. https://github.com/horizon3ai/CVE-2021-44077 https://t.me/cKure/10420

■■□□□ Privacy: Apple launches AirTags and Find My detector app for Android, in effort to boost privacy. https://www.cnet.com/tech/mobile/apple-launches-airtags-and-find-my-detector-app-for-android-in-effort-to-boost-privacy/ https://t.me/cKure/10419

■■■■□ Python Log4RCE: An all-in-one pure Python3 PoC for CVE-2021-44228. https://github.com/alexandre-lavoie/python-log4rce https://t.me/cKure/10418

■■■■□ JNDI-Exploitation-Kit; A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection. https://github.com/pimps/JNDI-Exploit-Kit https://t.me/cKure/10417

■■■■□ noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. Yet another low effort domain user to domain admin exploit. If a Domain Controller is vulnerable it will return a TGT without a PAC, all eyes on small size tickets. https://github.com/cube0x0/noPac https://t.me/cKure/10416

■■■□□ log4shell – Quick Guide. https://musana.net/2021/12/13/log4shell-Quick-Guide/ https://t.me/cKure/10415

■■■■□ Tool to detect compromise be Meris malware on Microtik router. https://github.com/eclypsium/mikrotik_meris_checker https://t.me/cKure/10414

Rodan Telecom Exploitation Framework https://github.com/Etisalat-Egypt/Rodan https://t.me/cKure/10413