Волосатый бублик

@hybgl

All credits to authors.

إظهار المزيد

روسيا83 190لم يتم تحديد اللغةالتكنولوجيات والتطبيقات12 789

مشاركات الإعلانات

5 622

المشتركون

-424 ساعات

+67 أيام

+25630 أيام

3 246

عرض المشاهدات

لا توجد بيانات24 ساعات

لا توجد بيانات48 ساعات

57.76%

معدل المشاركة

لا توجد بيانات24 ساعات

لا توجد بيانات48 ساعات

الإشارات

لا توجد بيانات7 أيام

لا توجد بيانات30 أيام

لا توجد بيانات

المشاركات في اليوم

~ 11

ردود

~ 4

تعليقات

~ 57

إعادة

المشتركون
التغطية البريدية
ER - نسبة المشاركة

جاري تحميل البيانات...

Photo unavailableShow in Telegram

[ NetExec v1.2.0 - ItsAlwaysDNS ] https://www.netexec.wiki/news/v1.2.0-itsalwaysdns New features: — NetExec is available on Kali — It's Always DNS (--dns-server added) — New Credential Looting — More options to use LDAP protocol — Rework of the Powershell command execution If you want to read about all changes in detail or download the latest standalone binaries check out the GitHub page: https://github.com/Pennyw0rth/NetExec/releases/tag/v1.2.0

إظهار الكل...

👍 2

Photo unavailableShow in Telegram

CVE-2024-39929 https://censys.com/cve-2024-39929/

إظهار الكل...

👍 1

Photo unavailableShow in Telegram

Updated: DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind. https://github.com/login-securite/DonPAPI

إظهار الكل...

👍 3

Repost from APT

01:49

Video unavailableShow in Telegram

🖼️ Microsoft SharePoint Server 20219 — RCE PoC for: — CVE-2024-38094 — CVE-2024-38024 — CVE-2024-38023 🔗 Source: https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC #sharepoint #poc #rce #cve

إظهار الكل...

Microsoft SharePoint Server 2019 RCE (Fixed in Jul Patch).mp43.79 MB

👍 8

https://www.youtube.com/watch?v=1DseeBdRU3U&list=PLJK0fZNGiFU_Zh8PkjCws_Rw_8WdWKyd7 Свеженькие "аудиокниги" выложили, может кто-то уснуть не может.

إظهار الكل...

Domain Persistence: Detection, Triage, and Recovery - Josh Prager & Nico Shyne [SO-CON 2024]

We'll dive into Active Directory domain persistence techniques focused on identifying attacks and reclaiming control over organizational domains after a breach. The presentation explores various advanced adversarial techniques such as credential theft on domain controllers, NTDS access, DCSync, and the creation of Golden and Diamond Tickets. It emphasizes the importance of detecting these methods to effectively triage and counteract them. The presentation highlights the need for organizations to be vigilant in monitoring and securing their domains, as adversaries continually seek innovative ways to maintain access, posing significant threats to data security. Additionally we'll cover post-compromise strategies, detailing the steps necessary for rotating domain secrets and enhancing Windows Security event auditing to better detect domain persistence activities. We'll provide a comprehensive guide on resetting and securing various account types, including machine, user, and service accounts, and emphasizes the criticality of rotating the KRBTGT account to prevent the abuse of Golden Tickets. This presentation will serve as a starting guide for critical technique detection generation and organizational recovery scenarios.

👍 5

Photo unavailableShow in Telegram

[ regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server ] CVE-2024-6387

Affected OpenSSH versions:
— OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
— Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
— The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
— OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

Blog by Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server Check FAQ for any other questions and... ~~Update ASAP (+ fail2ban)~~

إظهار الكل...

👍 13👎 8😁 4😢 1

Photo unavailableShow in Telegram

[ Bypassing SSRF Filters Using r3dir ] r3dir: redirection service designed to help bypass SSRF filters that do not validate the redirect location. It allows you to: - Set the redirection target via URL parameters or subdomains; - Control HTTP response codes; - Obfuscate the target URL with Base32 encoding; - Bypass some allowlist filters. Author: Senior Security Consultant Vladyslav H. Blog: https://www.leviathansecurity.com/blog/bypassing-ssrf-filters-using-r3dir Tool itself: https://github.com/Horlad/r3dir

إظهار الكل...

👍 7

https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

إظهار الكل...

GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5

Learn more about GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).

😁 15👍 2

#windows #lpe Windows LPE ( CVE-2024-30088) Уважаемые люди говорят что работает. ithub.com/tykawaii98/CVE-2024-30088

إظهار الكل...

👍 4

Photo unavailableShow in Telegram

#proxy #ssh #tunel [ TREVORproxy ] A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses! https://github.com/blacklanternsecurity/TREVORproxy

إظهار الكل...

👍 10👎 5

اختر خطة مختلفة

تسمح خطتك الحالية بتحليلات لما لا يزيد عن 5 قنوات. للحصول على المزيد، يُرجى اختيار خطة مختلفة.