hacker_trick | Unsorted

Telegram-канал hacker_trick - Hacker tricks

3151

CVEs🔰 Tools🛠 RedTeam📕

Subscribe to a channel

Hacker tricks

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript

Читать полностью…

Hacker tricks

Hunting down the HVCI bug in UEFI
https://tandasat.github.io/blog/2024/01/15/CVE-2024-21305

Читать полностью…

Hacker tricks

MutationGate: is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall
https://github.com/senzee1984/MutationGate

Читать полностью…

Hacker tricks

ASLRn’t: How memory alignment broke library ASLR
https://zolutal.github.io/aslrnt

Читать полностью…

Hacker tricks

Crafting Malicious Pluggable Authentication Modules for Persistence, Privilege Escalation, and Lateral Movement
https://rosesecurityresearch.com/crafting-malicious-pluggable-authentication-modules-for-persistence-privilege-escalation-and-lateral-movement

Читать полностью…

Hacker tricks

swarm: Formerly known as axiom, swarm is the next generation of distributed cloud scanning and attack surface monitoring
https://github.com/swarmsecurity/swarm

Читать полностью…

Hacker tricks

Thousands of Sites with Popup Builder Compromised by Balada Injector
https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector

Читать полностью…

Hacker tricks

Bob the Smuggler: A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)
https://github.com/TheCyb3rAlpha/BobTheSmuggler

Читать полностью…

Hacker tricks

Cybersecurity’s Defining Moments | 7 Lessons from History’s Most Infamous Breaches
https://www.sentinelone.com/blog/cybersecuritys-defining-moments-7-lessons-from-historys-most-infamous-breaches

Читать полностью…

Hacker tricks

How to hack IP Cameras easy and fast
Threat_Intelligence/how-to-hack-ip-cameras-easy-and-fast-72344c969f80" rel="nofollow">https://medium.com/@Threat_Intelligence/how-to-hack-ip-cameras-easy-and-fast-72344c969f80
Hacking APIs: Authentication & Authorization Attacks
https://iaraoz.medium.com/hacking-apis-authentication-authorization-attacks-731902f58b12

Читать полностью…

Hacker tricks

Roles allowing to abuse Entra ID federation for persistence and privilege escalation
https://medium.com/tenable-techblog/roles-allowing-to-abuse-entra-id-federation-for-persistence-and-privilege-escalation-df9ca6e58360

Читать полностью…

Hacker tricks

Hide Your CobaltStrike with CloudFlared Tunnel and Microsoft 100 Traffic%
https://github.com/EvilGreys/Hide-CobaltStrike

Читать полностью…

Hacker tricks

Payload-Generator: An aggressor script that can help automate payload building in Cobalt Strike
https://github.com/Workingdaturah/Payload-Generator

Читать полностью…

Hacker tricks

APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399)
https://medium.com/cyberscribers-exploring-cybersecurity/apt28-from-initial-damage-to-domain-controller-threats-in-an-hour-cert-ua-8399-1944dd6edcdf

Читать полностью…

Hacker tricks

How I Prevented a Mass Data Breach - $15,000 bounty
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d

Читать полностью…

Hacker tricks

Lateral Movement – Visual Studio DTE
https://pentestlab.blog/2024/01/15/lateral-movement-visual-studio-dte

Читать полностью…

Hacker tricks

A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method
iShutdown scripts: extracts, analyzes, and parses Shutdown.log forensic artifact from iOS Sysdiagnose archives
https://github.com/KasperskyLab/iShutdown

Читать полностью…

Hacker tricks

VBA: having fun with macros, overwritten pointers & R/W/X memory
https://adepts.of0x.cc/vba-hijack-pointers-rwa

Читать полностью…

Hacker tricks

DFSCoerce exe revisited version with custom authentication
https://github.com/decoder-it/DFSCoerce-exe-2

Читать полностью…

Hacker tricks

Hunting for SSRF Bugs in PDF Generators
https://www.blackhillsinfosec.com/hunting-for-ssrf-bugs-in-pdf-generators

Читать полностью…

Hacker tricks

CVE-2023-7028 | Account-Take-Over Gitlab
https://github.com/Vozec/CVE-2023-7028
CVE-2023-36003 (Windows LPE XAML diagnostics API)
https://github.com/m417z/CVE-2023-36003-POC
CVE-2024-20656: Windows LPE in the VSStandardCollectorService150 service
https://github.com/Wh04m1001/CVE-2024-20656

Читать полностью…

Hacker tricks

Breaking the Flash Encryption Feature of Espressif's Parts
https://courk.cc/breaking-flash-encryption-of-espressif-parts

Читать полностью…

Hacker tricks

Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
https://www.bitdefender.com/blog/labs/unveiling-mobile-app-secrets-a-6-month-deep-dive-into-surprising-behavior-patterns

Читать полностью…

Hacker tricks

I received a Bank offer in my mailbox and discovered an IDOR vulnerability - $5,000 bounty 
bxmbn/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8" rel="nofollow">https://medium.com/@bxmbn/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8
500$ Access Control Bug: Performed Restricted Actions in Developer Settings by low level user
a13h1/500-access-control-bug-performed-restricted-actions-in-developer-settings-by-low-level-user-b4ecaa6d1aa1" rel="nofollow">https://medium.com/@a13h1/500-access-control-bug-performed-restricted-actions-in-developer-settings-by-low-level-user-b4ecaa6d1aa1

Читать полностью…

Hacker tricks

The Story Behind My First Bug
https://blog.paniago.io/the-history-behind-my-first-bug-539b913b9667
BUG BOUNTY HUNTING (METHODOLOGY , TOOLS , TIPS & TRICKS , Blogs, Books)
https://infosecwriteups.com/bug-bounty-hunting-methodology-tools-tips-tricks-blogs-books-6f84cda7ce34

Читать полностью…

Hacker tricks

Exploit tool implemented using ebpf
https://github.com/bfengj/eBPFeXPLOIT

Читать полностью…

Hacker tricks

Moriarty combines the capabilities of Watson and Sherlock, adding enhanced scanning for newer vulnerabilities and integrating additional checks
https://github.com/BC-SECURITY/Moriarty

Читать полностью…

Hacker tricks

A collection of malware families and malware samples which use the Rust programming language
https://github.com/cxiao/rust-malware-gallery

Читать полностью…

Hacker tricks

Ghost in the Web Shell: Introducing ShellSweep
https://www.splunk.com/en_us/blog/security/ghost-in-the-web-shell-introducing-shellsweep

Читать полностью…

Hacker tricks

(Im)perfectProject(or) - Hacking a small WiFi connected projector for fun and to learn hard lessons
https://axelp.io/ImperfectProjector

Читать полностью…
Subscribe to a channel