Волосатый бублик
10.02.202512:20
[ Top 10 web hacking techniques of 2024 ]
By PortSwigger Research team
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
By PortSwigger Research team
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
29.01.202511:38
Не змаглі атрымаць доступ
да медыяконтэнту
да медыяконтэнту
11.12.202419:10
😼
11.12.202414:43
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49112
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Мммм, вкуснятина )
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Мммм, вкуснятина )
03.09.202405:55
22.08.202414:17
Updated ( added part 2 )
09.02.202514:30
[ Kerberos Relaying ]
Picture source.
Please ask this question on the job interview and expect a full answer from junior penetration tester with 3 HTB labs of experience.
Picture source.
Please ask this question on the job interview and expect a full answer from junior penetration tester with 3 HTB labs of experience.
23.01.202502:56
11.12.202419:00
‼️NEW ORANGE TSAI RESEARCH‼️https://worst.fit‼️
Preprint version of our research: https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
A detailed blog is on the way, but in the meantime, check out the pre-alpha website https://worst.fit for early access and the slides!
https://x.com/orange_8361/status/1866868458883088487
Preprint version of our research: https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
A detailed blog is on the way, but in the meantime, check out the pre-alpha website https://worst.fit for early access and the slides!
https://x.com/orange_8361/status/1866868458883088487
04.12.202407:13
Veeam Service Provider Console Vulnerabilities
(CVE-2024-42448 | CVE-2024-42449)
From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
https://www.veeam.com/kb4679
(CVE-2024-42448 | CVE-2024-42449)
From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
https://www.veeam.com/kb4679
24.08.202421:10
If you're not using The Hacker Recipes project then you're not a real hacker. Bookmark this site right now - https://thehacker.recipes
22.08.202413:55
08.02.202501:27
🚨 The wait is finally over 🚨
Evilginx Pro is launching on February 25th 2025 🔥🪝🐟
It's been a long ride, but it's finally happening!
Official website: https://evilginx.com
What's new: https://help.evilginx.com/pro/whats-new
Stay tuned!
Evilginx Pro is launching on February 25th 2025 🔥🪝🐟
It's been a long ride, but it's finally happening!
Official website: https://evilginx.com
What's new: https://help.evilginx.com/pro/whats-new
Stay tuned!
21.01.202511:02
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298
Обновляться, писять и спать!
Обновление все равно будет кривым, нервничать бесполезно, а писять и спасть всегда полезно.
Обновляться, писять и спать!
Обновление все равно будет кривым, нервничать бесполезно, а писять и спасть всегда полезно.
11.12.202418:01
#dcom #lateral
[ Forget PSEXEC: DCOM Upload & Execute Backdoor ]
An advanced lateral movement technique to upload custom payloads to a victim, load them to a service, execute them and receive the execution result.
Time to forget PSEXEC (and MMC20.Application) and dive into the future of lateral movement!
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
GitHub: https://github.com/deepinstinct/DCOMUploadExec
[ Forget PSEXEC: DCOM Upload & Execute Backdoor ]
An advanced lateral movement technique to upload custom payloads to a victim, load them to a service, execute them and receive the execution result.
Time to forget PSEXEC (and MMC20.Application) and dive into the future of lateral movement!
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
GitHub: https://github.com/deepinstinct/DCOMUploadExec
24.10.202418:05
You already know about CVE-2024-47575, right? RIGHT?
[ FortiManager Zero-Day (CVE-2024-47575) ]
FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests (critical) / aka FortiJump.
From Vendor: https://www.fortiguard.com/psirt/FG-IR-24-423
From Mandiant: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575
[ FortiManager Zero-Day (CVE-2024-47575) ]
FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests (critical) / aka FortiJump.
From Vendor: https://www.fortiguard.com/psirt/FG-IR-24-423
From Mandiant: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575
Пераслаў з:Offensive Twitter
OT
24.08.202421:10
😈 [ Charlie Bromberg « Shutdown » @_nwodtuhs ]
🎉 After >1y of hard work, @AzeTIIx and I are thrilled to release v2 of The Hacker Recipes!
We moved away from GitBook and now have control over both engine & hosting 🥹
1st addition for contributors: your work is being highlighted across the site! 🫡
🔗 https://thehacker.recipes/
🐥 [ tweet ]
🎉 After >1y of hard work, @AzeTIIx and I are thrilled to release v2 of The Hacker Recipes!
We moved away from GitBook and now have control over both engine & hosting 🥹
1st addition for contributors: your work is being highlighted across the site! 🫡
🔗 https://thehacker.recipes/
🐥 [ tweet ]
21.08.202416:05
W.T.F. Is a Kubernete and How Do I Attack It? with Graham Helton (currently live, recording will be available, same link)
Attendees will gain a high level understanding of what Kubernetes is (without any pre-existing Kubernetes knowledge) and learn how to effectively hack into a real Kubernetes cluster (uh... with permission of course).
https://www.youtube.com/watch?v=gc2NExPp20Y
Attendees will gain a high level understanding of what Kubernetes is (without any pre-existing Kubernetes knowledge) and learn how to effectively hack into a real Kubernetes cluster (uh... with permission of course).
https://www.youtube.com/watch?v=gc2NExPp20Y
05.02.202516:05
[ Active Directory Domain Services Elevation of Privilege Vulnerability New — CVE-2025-21293 ]
«Network Configuration Operators» group privilege escalation
CVE: https://www.cve.org/CVERecord?id=CVE-2025-21293
MSRC: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21293
Blog with a PoC code: https://birkep.github.io/posts/Windows-LPE
«Network Configuration Operators» group privilege escalation
CVE: https://www.cve.org/CVERecord?id=CVE-2025-21293
MSRC: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21293
Blog with a PoC code: https://birkep.github.io/posts/Windows-LPE
Не змаглі атрымаць доступ
да медыяконтэнту
да медыяконтэнту
13.12.202415:06
🤙🤙🤙
11.12.202414:50
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123
Windows Remote Desktop Services Remote Code Execution Vulnerability
Да что ж происходит?! Новогодние чудеса, не иначе!
Windows Remote Desktop Services Remote Code Execution Vulnerability
Да что ж происходит?! Новогодние чудеса, не иначе!
Не змаглі атрымаць доступ
да медыяконтэнту
да медыяконтэнту
03.09.202418:25
23.08.202418:25
21.08.202412:05
Паказана 1 - 24 з 26
Увайдзіце, каб разблакаваць больш функцый.