Found Adminer 4.7.3 -> created remote mysql instance for attack but local infile disabled so no LFI -> but it had elasticsearch as an option -> burpcolab:80#abcd in host -> HTTP SSRF Reported at 4.30pm 600$ at 7.30pm #synack #bugbounty

Abusing a #SharePoint WebPart Interpretation conflict to get code execution. Our write-up of CVE-2021-31181 shows step-by-step how an authenticated attacker can completely take over a SharePoint server. zerodayinitiative.com/blog/2021/6/1/…

Thanks Pentester Academy for the nice experience. PS. I wish there was a lab extension option as i wasn't able to try the lab due to covid complications. Had to rush for the exam on the last date without any real practice.

Registrations are free!

I’ve been doing a bit of work recently, attacking laptops that are protected by Microsoft Bitlocker drive encryption. Join me on a journey where we break into this CEO’s laptop to steal company secrets and plant malware.

⚠️ In macOS 12 (beta 6), Apple patched an intriguing flaw. Discovered by Gordon Long (Gordon Long), CVE-2021-30853 allowed attackers to bypass: ▫️Gatekeeper ▫️Notarization ▫️File Quarantine Interested in exactly how? Read: "Where's the Interpreter!?" objective-see.com/blog/blog_0x6A…

CVE-2022-26923 ("Certifried") combined with KrbRelayUp: domain user to domain admin without the requirement for adding/owning previously a computer account. Step-by-step write-up of the attack in a pure Windows environment: gist.github.com/tothi/f89a3712…

The greatest there was, the greatest threre is, the greatest there ever will be. HALA MADRIIIIIIIIID!!!!!!

Remote Code Execution in Discord Desktop app blog.electrovolt.io/posts/discord-… Bounty: $5,000 #BHUSA #DC30 #DEFCON

Who is this exceptional dev Airbnb who doest swear in test inputs😂 Or someone about to get a bounty🙃

Huge kudos to Dylan Evans! This is absoluetely amazing to see that someone took time and effort to pull this off! 🔥 github.com/fin3ss3g0d/evi…

Thanks THREAT CON for inviting us. We had a wonderful time :) #securityconference #threatcon #nepal #kathmandu #cybersecurity

Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down.

Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.). Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.

RE: The 3CX VOIP supply chain attack, vendors have stated that macOS was also targeted - but I couldn't find any specific technical details (yet) 🍎🐛☠️ One vendor stated, "we cannot confirm that the Mac installer is similarly trojanized" ...let's dive in! 1/n 🧵

finally wrote a new blog post, hopefully there's some interesting info blog.ankursundara.com/cookie-bugs/

Just recreated this awesome SpecterOps (Nick Powers, Steven) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey: an0n-r0.medium.com/backdooring-cl…

Woot woot🔥🔥

Great work Harry🔥

Last year, Raspberry Pi hired us to test the security of the RP2350 - and using electro-magnetic fault-injection we were able to successfully bypass the OTP security measures! This allowed us to read and modify the OTP locks, essentially bypassing the RP2350 secure-boot.