■■■■□ Hunting for Unauthenticated n-days in Asus Routers. https://www.shielder.com/blog/2024/01/hunting-for-unauthenticated-n-days-in-asus-routers/ https://t.me/cKure/13732
All posts tagged cyber
March 27, 2024 at 07:32PM
■■■■■ Syscall Journey in the Windows Kernel. https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/ https://t.me/cKure/13731
March 27, 2024 at 03:19PM
■■■■□ $700 cybercrime software turns Raspberry Pi into an evasive fraud tool. https://www.bleepingcomputer.com/news/security/700-cybercrime-software-turns-raspberry-pi-into-an-evasive-fraud-tool/ https://t.me/cKure/13730
March 26, 2024 at 04:48PM
■■□□□ CVE-2024-29190: MobSF Pen-Testing Tool Input Validation Flaw Leads to SSRF. https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view https://cybersecuritynews.com/mobsf-pen-testing-tool-flaw/ https://t.me/cKure/13729
March 26, 2024 at 12:48AM
■■■■■ Reverse Engineering Protobuf Definitions From Compiled Binaries. https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/ https://t.me/cKure/13727
March 26, 2024 at 12:47AM
The new cs.github.com search allows for regex, new GitHub Dorks are possible! Example: For getting SSH and FTP passwords via connection strings with: /ssh:\/\/.*:.*@.*target\.com/ /ftp:\/\/.*:.*@.*target\.com/ https://t.me/cKure/13725
March 25, 2024 at 07:32PM
■■□□□ United States’ commerce department has implemented sanctions of Canada based surveillance civilian SandVine for selling technology to authoritarian regimes. Their credit rating has also dropped by “Moody’s ratings”. https://ratings.moodys.com/ratings-news/417457 https://t.me/cKure/13724
March 25, 2024 at 11:29AM
■■■■■ Advanced exploits that I wrote for Pwn2Own competitions and other occasions. https://github.com/badd1e/Pwn https://t.me/cKure/13722
March 25, 2024 at 05:17AM
■□□□□ 19 million plaintext passwords exposed by incorrectly configured Firebase instances. https://www.malwarebytes.com/blog/personal/2024/03/19-million-plaintext-passwords-exposed-by-incorrectly-configured-firebase-instances https://t.me/cKure/13721
March 24, 2024 at 11:12PM
■■■■□ Two different IDOR bugs at mijn.VvAA.nl lead to potential access to data of 130k healthcare providers; including their own cyber risk insurance policy documents and more. https://medium.com/@jonathanbouman/two-different-idor-bugs-at-mijn-vvaa-nl-26d7090f33b5 https://t.me/cKure/13720