🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Super Bowl oopsie: Can you spot the super "secret" WiFi credentials?

New technique to bypassing EDRs with EDR-Preloading. Tldr: blocking EDR from loading it's DLL into a process preventing the deployment of user land hooks. malwaretech.com/2024/02/bypass…

SiCat - The useful exploit finder SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. github.com/justakazh/sicat #cybersecurity #infosec #exploit

You people will connect to anything

CVE-2024-23334 Poc for windows: /static/../D:\flag.txt Poc for Linux: /static/../../../../etc/passwd [need to fuzz "../"] #aiohttp #vulnerability gist.github.com/W01fh4cker/2b5…

Wondering what telemetry an EDR collects? Wonder no more! Kostas and Alex Teixeira run an EDR Telemetry Project, covering all major EDRs: "The main goal of the EDR Telemetry project is to encourage EDR vendors to be more transparent about the telemetry they provide". Blog:

DarkGPT DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. github.com/luijait/DarkGPT #cybersecurity #DarkWeb #OSINT

ONLY THE REAL ONES KNOW 😤✊

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

XSSGen is a Python tool designed to generate random XSS (Cross-Site Scripting) payloads. The tool can create a variety of payloads with random HTML tags, JavaScript events, and JavaScript code snippets to help security testers identify vulnerabilities in web applications

403 bypass methodology

New writeup from ꙅɿɘƚɔɘqꙅ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia

It is really interesting to find anti-VM techniques being used by threat actors in the wild. This is a PowerShell script protecting a #Lumma Stealer build and being spread on YouTube videos. In this case, this was enough to make ANY.RUN to fail based on Screen Resolution

Several people asked me how I detect the hooks set by an EDR on my process. Here is the code. This is highly inspired from the EDRSandblast code by Maxime Meignan and Qazeer This was one of the first project I've done ☺️ Feel free to play with it ! github.com/OtterHacker/Ho…

October 30th Okta disclosed a vulnerability whereas individuals could bypass AD/LDAP Delegated Authentication by providing a username greater than 52 characters. It required a cached previous success login attempt. tl;dr employees with long last names are a security threat

Hispanic users with 30 last names (all hypenated) && Eastern Europeans users with ski and/or vich and/or ska in their name

You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):

Linux home server...wait what the actual ..?

i'm sure it is fine.. let me check my bank balance ...

#BlueDucky is still a relevant tool to scan and identify vulnerable #Bluetooth devices (CVE-2023-45866). Don't postpone updates of your devices in 2025 mobile-hacker.com/2024/03/26/blu… #NetHunter