🔥Telegram İfşa

The fluoroacetate duo does it again. They used a type confusion in #Edge, a race condition in the kernel, then an out-of-bounds write in #VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points.

THREAD: If you have a Samsung Mobile phones, whatever your phone model, an attacker with a physical access to your phone can capture your network traffic without your consent. Let me show you ⬇️⬇️⬇️

I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. #infosec #bugbounty #bugbountytip

CVE-2019-13272 Linux local root exploit github.com/jas502n/CVE-20… asciinema.org/a/6HFa1zk4bZKF…

Un nouveau Tian'anmen se prépare à #HongKong, mais la France est fière d'avoir placé Prout en tt... J'ai honte

Manually Detect Remote Integer Overflow: 1. Note Content-Length. EX: 612 2. Take NO < Content-Length. Ex: 610 3. Add (610+612 = 1222) 4. Request Header - 'Range: bytes= -1222' => SAME RESPONSE 5. Subtract 9223372036854775808 - 1222 = 9223372036854774586 Continue.......

When testing password fields, my preferred password is: %01%E2%80%AEalert%0D%0A Let's break it down: %01 is SOH %e2%80%ae is RTLO %0d%0a is CRLF Test cases on login: 1. can I log in only using %01? 2. without the CRLF in it? 3. is trela accepted instead of alert? (due to RTLO)

TIL authorized_keys files can contain more than just public keys. You can control source hosts of each key, limit the port forwarding, execute commands upon login. In 20+ years of working on Unix/Linux systems, I've never seen this used. commandlinux.com/man-page/man5/…

I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. github.com/Octoberfest7/I… #redteam #cybersecurity #malware

Bored of managing multiple proxychains configurations? Hugo Clout developed bbs, a swiss army knife proxy manager for red teamers! The project is available on our GitHub: github.com/synacktiv/bbs

Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't. This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.

In our latest article, Quentin Roland and Scaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks! synacktiv.com/publications/t…