Волосатый бублик

@hybgl

All credits to authors.

نمایش بیشتر

روسيا83 190زبان مشخص نشده استفناوری و برنامه‌ها12 789

پست‌های تبلیغاتی

5 620

مشترکین

-424 ساعت

+67 روز

+25630 روز

3 246

نمایش های پست

اطلاعاتی وجود ندارد24 ساعت

اطلاعاتی وجود ندارد48 ساعت

57.76%

نرخ مشارکت

اطلاعاتی وجود ندارد24 ساعت

اطلاعاتی وجود ندارد48 ساعت

یادکردها

اطلاعاتی وجود ندارد7 روز

اطلاعاتی وجود ندارد30 روز

اطلاعاتی وجود ندارد

پست های در روز

~ 11

واکنش ها

~ 4

نظرات

~ 57

بازنشرها

مشترکین
پوشش پست
ER - نسبت تعامل

در حال بارگیری داده...

Photo unavailableShow in Telegram

[ NetExec v1.2.0 - ItsAlwaysDNS ] https://www.netexec.wiki/news/v1.2.0-itsalwaysdns New features: — NetExec is available on Kali — It's Always DNS (--dns-server added) — New Credential Looting — More options to use LDAP protocol — Rework of the Powershell command execution If you want to read about all changes in detail or download the latest standalone binaries check out the GitHub page: https://github.com/Pennyw0rth/NetExec/releases/tag/v1.2.0

نمایش همه...

👍 2

Photo unavailableShow in Telegram

CVE-2024-39929 https://censys.com/cve-2024-39929/

نمایش همه...

👍 1

Photo unavailableShow in Telegram

Updated: DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind. https://github.com/login-securite/DonPAPI

نمایش همه...

👍 3

Repost from APT

01:49

Video unavailableShow in Telegram

🖼️ Microsoft SharePoint Server 20219 — RCE PoC for: — CVE-2024-38094 — CVE-2024-38024 — CVE-2024-38023 🔗 Source: https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC #sharepoint #poc #rce #cve

نمایش همه...

Microsoft SharePoint Server 2019 RCE (Fixed in Jul Patch).mp43.79 MB

👍 8

https://www.youtube.com/watch?v=1DseeBdRU3U&list=PLJK0fZNGiFU_Zh8PkjCws_Rw_8WdWKyd7 Свеженькие "аудиокниги" выложили, может кто-то уснуть не может.

نمایش همه...

Domain Persistence: Detection, Triage, and Recovery - Josh Prager & Nico Shyne [SO-CON 2024]

We'll dive into Active Directory domain persistence techniques focused on identifying attacks and reclaiming control over organizational domains after a breach. The presentation explores various advanced adversarial techniques such as credential theft on domain controllers, NTDS access, DCSync, and the creation of Golden and Diamond Tickets. It emphasizes the importance of detecting these methods to effectively triage and counteract them. The presentation highlights the need for organizations to be vigilant in monitoring and securing their domains, as adversaries continually seek innovative ways to maintain access, posing significant threats to data security. Additionally we'll cover post-compromise strategies, detailing the steps necessary for rotating domain secrets and enhancing Windows Security event auditing to better detect domain persistence activities. We'll provide a comprehensive guide on resetting and securing various account types, including machine, user, and service accounts, and emphasizes the criticality of rotating the KRBTGT account to prevent the abuse of Golden Tickets. This presentation will serve as a starting guide for critical technique detection generation and organizational recovery scenarios.

👍 5

Photo unavailableShow in Telegram

[ regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server ] CVE-2024-6387

Affected OpenSSH versions:
— OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
— Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
— The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
— OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

Blog by Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server Check FAQ for any other questions and... ~~Update ASAP (+ fail2ban)~~

نمایش همه...

👍 13👎 8😁 4😢 1

Photo unavailableShow in Telegram

[ Bypassing SSRF Filters Using r3dir ] r3dir: redirection service designed to help bypass SSRF filters that do not validate the redirect location. It allows you to: - Set the redirection target via URL parameters or subdomains; - Control HTTP response codes; - Obfuscate the target URL with Base32 encoding; - Bypass some allowlist filters. Author: Senior Security Consultant Vladyslav H. Blog: https://www.leviathansecurity.com/blog/bypassing-ssrf-filters-using-r3dir Tool itself: https://github.com/Horlad/r3dir

نمایش همه...

👍 7

https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

نمایش همه...

GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5

Learn more about GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).

😁 15👍 2

#windows #lpe Windows LPE ( CVE-2024-30088) Уважаемые люди говорят что работает. ithub.com/tykawaii98/CVE-2024-30088

نمایش همه...

👍 4

Photo unavailableShow in Telegram

#proxy #ssh #tunel [ TREVORproxy ] A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses! https://github.com/blacklanternsecurity/TREVORproxy

نمایش همه...

👍 10👎 5

یک طرح متفاوت انتخاب کنید

طرح فعلی شما تنها برای 5 کانال تجزیه و تحلیل را مجاز می کند. برای بیشتر، لطفا یک طرح دیگر انتخاب کنید.