All posts in May 2021

● Yet another website: winbindex.m417z.com https://t.me/cKure/8158

● Yet another website: vx-underground.org [Malware source code, samples, and papers.] https://t.me/cKure/8155

■□□□□ OWASP Top 10: 1-Injection. https://infosecwriteups.com/owasp-top-10-1-injection-39a9272e36b4 https://t.me/cKure/8154

■■■■■ Source code for ipatool. A command-line tool that lets you search & download iOS app packages from the App Store (known as ipa files) using your Apple ID. https://github.com/majd/ipatool Source: https://mobile.twitter.com/freemanrepo/status/1396197514257346570 https://t.me/cKure/8152

■■■□□ HTB knife detailed writeup. https://codingsec.wordpress.com/2021/05/23/htb-hackthebox-knife-writeup Password $6$LCKz7Uz/FuWPPJ6o$LaOquetpLJIhOzr7YwJzFPX4NdDDHokHtUz.k4S1.CY7D/ECYVfP4Q5eS43/PMtsOa5up1ThgjB3.xUZsHyHA1 https://t.me/cKure/8151

■■□□□ Primer to DInvokes Injection API and a tale of token duplication and command-line spoofing on the cheap. https://redteamer.tips/primer-to-dinvokes-injection-api-and-a-tale-of-token-duplication-and-command-line-spoofing-on-the-cheap/ https://t.me/cKure/8150

■■□□□ Data-Leak: Moneycontrol – 762,874 breached accounts. In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763 thousand unique email addresses (allegedly a subset of a larger 40 million account breach), alongside geographic locations, phone numbers, genders, dates of birth and plain text passwords. The date…

■□□□□ The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. https://t.me/cKure/8148

■□□□■ Amex fined £90,000 for sending 4 million spam emails in a year. https://t.me/cKure/8146

■■■■□ Bizarro banking malware targets 70 banks in Europe and South America. https://www.bleepingcomputer.com/news/security/bizarro-banking-malware-targets-70-banks-in-europe-and-south-america/ https://t.me/cKure/8144