Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n #Offsec #SoftwareExploitation #RE exploitation.ashemery.com

#Cntr0llz 🦊 Presente! #DEFCON31 🏴‍☠️

To verify the single-packet attack is working for you: - Load examples/benchmark-h2-race.py - Hit attack, then verify ‘Best/Median’ are 0/1 via Extensions>Turbo Intruder>Output - This shows a typical execution spread of 1ms when sending groups of 20 requests to Ireland

Hola amigos! hace unas semanas me llegó una polera del #RedTeamVillage y la queremos sortear junto a Cntr0llz por lo que preparamos un reto y el primero que lo resuelva enviándome la flag por DM se la lleva! <hint>cntr0llz.cl</hint> (reto solo para gente de 🇨🇱)

Atentos hackers de Chile, desafío en proceso 🕵️.

The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals. Article: hadess.io/the-art-of-hid… EBook: hadess.io/the-art-of-hid… #windows #redteam

The inevitable has finally happened - someone's used a technique I published to hack a website I made. 0x999 used the single-packet attack to get double points on a hackxor mission and top the leaderboard, then thoughtfully notified me 😂 hackxor.net/leaderboard

You can now bypass CSP on any website that allows github.com in a script-src or default-src PoC: <script src=api.github.com/gist/anything?…></script> Despite character limitations, you can use the Same Origin Method Execution technique we shared to get full XSS.

By-design AV bypass with "dev drive" 😅 I really like this feature! Update your detection rules if you want to spot this...

Today is the day! Open Source Surveillance is complete and open for registration! Choose from over 25 modules and take intelligence gathering to a whole new level. #osint #privacy #intelligence #infosec os-surveillance.io

"pandora: A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers." #infosec #pentest #redteam github.com/efchatz/pandora

CVE-2023-51385: OpenSSH OS command injection vulnerability The vulnerability is tracked under the CVE identifier CVE-2023-51385 (CVSS score: 9.8). It impacts all versions of OpenSSH before 9.6p1. meterpreter.org/cve-2023-51385…

For the people that hate on "err != nil" of go, this is a great video. Its not perfect but it is damn simple, which is "the go way". Every language has its own things it excels at. Trying other langs will improve your overall skill more than mastering 1. youtube.com/watch?v=YZhwOW…

Hide Your CobaltStrike with CloudFlared Tunnel and Microsoft 100 Traffic github.com/EvilGreys/Hide…

Some really cool AWS enumeration research was released today by Daniel Grzelak that's worth reading and understanding: blog.plerion.com/conditional-lo…

⛓️ JAILBREAK ALERT ⛏️ OPENAI: PWNED 😎 GPT-4-TURBO: LIBERATED 🔓 Bear witness to GPT-4 sans guardrails, with outputs such as illicit drug instructions, malicious code, and copyrighted song lyrics-- the jailbreak trifecta! This one wasn't easy. OpenAI's defenses are cleverly

Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled. github.com/floesen/KExecDD

📢a XSS payload, Cuneiform-alphabet based ! 𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")() #bugbounty #bugbountytips

$10,000 for RCE through Dependency Confusion, this time on one of my first submissions in Intigriti 🙌 I spent a whole month learning and developing a custom tool using Next.js, this helped me identify and exploit the RCE. Of course, I also used: medium.com/@alex.birsan/d…