All posts tagged telegram

■■■■■ How to Bypass Golang SSL Verification. https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification https://t.me/cKure/14421

■■■■■Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera. https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase https://t.me/cKure/14420

■■■■■ WAN-to-LAN Exploit Showcase. https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera https://t.me/cKure/14419

■■■■□ [ Tool ] RemoteSessionEnum: Remotely Enumerate sessions using undocumented Windows Station APIs. https://github.com/0xv1n/RemoteSessionEnum https://0xv1n.github.io/posts/sessionenumeration/ https://t.me/cKure/14418

VPN Zero-Day DYK most VPN services can actually make you less secure? Today x.com/PET_Symposium, Benjamin Mixon-Baca will present research done in collaboration with the Citizen Lab about how VPNs can enable an attacker to act as an in-path router between you and the VPN server. The study identifies a new vulnerability called a “port shadow”.…

■■■□□ Burp’s Collaborator can be used to generate custom DNS records. https://x.com/Burp_Suite/status/1813203103052611701 https://t.me/cKure/14415

■■■■□ United States The FBI just announced it had gained access to the password locked phone of Thomas Matthew Crooks, the suspected shooter in the assassination attempt of former President Trump. Shows how far we’ve come from the days of FBI v Apple. https://www.404media.co/fbi-gains-access-to-suspected-trump-shooters-password-locked-phone/ https://t.me/cKure/14414

■■■■■ Data-Leak at Google by Gemini Google’s Gemini AI caught scanning Google Drive hosted PDF files without permission. https://www.tomshardware.com/tech-industry/artificial-intelligence/gemini-ai-caught-scanning-google-drive-hosted-pdf-files-without-permission-user-complains-feature-cant-be-disabled https://t.me/cKure/14413

■■■■□ Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices. https://ieeexplore.ieee.org/stampPDF/getPDF.jsp?tp=&arnumber=9833758 https://t.me/cKure/14412

■■■■□ Hackers use PoC exploits in attacks 22 minutes after release. During the examined period, the most targeted flaws were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203 and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron. A characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains…