The AirSnitch Attack Bypasses Wi-Fi Encryption
Security researchers have presented a series of attacks called AirSnitch, which exploit issues in the network stack and allow attackers to bypass client isolation in Wi-Fi networks. The problem affects routers from Netgear, D-Link, Ubiquiti, and Cisco, as well as devices running DD-WRT and OpenWrt
We made an article to show you how to defend against it
https://t.co/u4thhRm2gc
@three_cube@_aircorridor #cybersecurity
𝗘𝗫𝗣𝗟𝗢𝗜𝗧 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 🐌
🔗 Part 1 : Intro :-
https://t.co/AHjVYNvAcu
🔗 Part 2 : Understanding Stack Memory :-
https://t.co/RnXPbpAZyG
🔗 Part 3 : Understanding Heap Memory :-
https://t.co/DwIitKVWfL
🔗 Part 4 : Understanding Binary Files :-
https://t.co/a504lhs7lE
🔗 Part 5 : Dealing with Windows PE files programmatically :-
https://t.co/j5MgycQtZc
🔗 Part 6 : Dealing with ELF files programmatically :-
https://t.co/jMty8otCIj
🔗 Part 7 : How to do magic with string format bugs :-
https://t.co/WxI5VAIsrl
🔗 Part 8 : Buffer Over-Read Attacks and Developing a Real Exploit :-
https://t.co/BFQgofxFkO
@BlueTeamKit #exploit_development #binary_exploitation #vulnerability_research #buffer_overread
Tainting logs coming from ETW providers?
Absolutely! In many cases it can be done from an unelevated process in userland, depending on security descriptor set on ETW_GUID_ENTRY (taken from registry).
Impact? Sending fake events on behalf of almost any ETW provider, including Microsoft-Windows-Threat-Intelligence (elevated token needed though).
And it's just few Win API calls away...
Post: https://t.co/8400UFHkIg
Also, a great presentation by Olaf Hartong (@olafhartong): https://t.co/IlmrE6zzWn
#redteam #blueteam #maldev #malwaredevelopment
#oldnewthing
When conducting red teaming operations—especially over RDP—adding the "ClearRecentDocsOnExit" value to the registry can help erase traces of your activities on the target machine
#pentester#redteam
REMINDER! We're giving away FIVE free 6-month licenses to @pentesterlab.
✅ Comment BADGELIFE and retweet this post to enter.
Additionally, pre-order a custom badge at https://t.co/FazR6OSE77 for a chance to win one of FIVE Annual VIP+ subscription to @hackthebox_eu. Purchasing a badge helps us run and fund the village.
That's a total of TEN WINNERS! Winners will be picked on August 1st. Good luck!
Note: Badges are pre-order only. Order online, pick up in village. No shipping.
#BadgeLife #DEFCON33 #BugBounty
Anyone Can Access Your CCTV CAMERAS ☠️📷
CamXploit v2.0.1
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials.
Run Online: https://t.co/yQLxQfQou5
GitHub: https://t.co/ShXWepJymB
What's New in v2.0.1
Massive port scan: Now scans 1000+ ports, including custom and high camera ports
CP Plus (CP-UVR-0401E1-IC2) and DVR/NVR detection
Enhanced live stream detection (RTSP/HTTP/RTMP/MMS, with real stream validation)
Multi-threaded authentication and password brute-force (much faster)
Improved camera indicator analysis (brand, model, login forms, titles)
🚨 Signed by Google. Hosted by Google. Hijacked by Hackers.
👀 Hackers sent real emails from [email protected] — fully verified, signed, no warnings. Victims handed over passwords, believing it was legit.
✔️ Real Google email
✔️ Fake login on Google Sites
✔️ Passed DKIM, SPF, DMARC
🔗 Full story: https://t.co/Vgdmzt6Wm7
Security research @iangcarroll discovered a way to bypass airport security by performing SQL injection into a database with crew members.
The United States Department of Homeland Security hasn't followed up with them regarding it.
Paper: https://t.co/ZSdhRvG2C5
New Android malware - #NGate - relays NFC data from victims’ payment cards, via victims’ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash
https://t.co/aM4v0lC6we
@Cyb3rMaddy@RyanPod You guys need to attend next year party that my group is planning on hosting! This year was my second one and I can't wait for the next one!
You can use my website to generate a polymorphic reverse shell and store it in a DNS txt record
Instead of just using resolve-dns to pull it down and execute it lets abuse google's DoH service so they not only fetch it for us but the traffic is encrypted and proxied