Olivia
Online
Anas
@ZeroMemoryEx
Cyber Security Consultant | Security Researcher
Joined December 2019
508 Following
2K Followers
274 Posts
Pinned Tweet
And since it's an arbitrary file deletion, we can easily use it to exploit the MSI installer rollback to achieve privilege escalation :)
https://t.co/gwBdYHeJWx
Shoutout to the homies at "IObit Malware Fighter".
Their IMFForceDelete driver is so wildly vulnerable, and poorly written, you can have their driver arbitrarily delete any file on the machine with 0 privileges and literally 1 line of code
Thanks @_mmpte_software for sharing
@Haus3c Unfortunately, you can’t!
@Haus3c You need to check the certificate details to see if you can use it to dump PPL processes.
@provocateur_io @SFNloubnan you think the U.S. doesn’t have transportation? They don’t need Al Boraq to go from LA to San Francisco in 3 hours they already have flights that take only about 1 hour and 20 minutes.
@Salsa12__ what do you mean by help disable PPL/PP by manipulating links ?
@rustdesk @ESET @anydesk @TeamViewer beside that i also found that it was used by several cybercriminal groups, including BlackBasta, as early as 2022.
@rustdesk @ESET @anydesk @TeamViewer No idea, but from my point of view, a threat actor can easily deploy it stealthily, while other remote desktop apps are harder due to the message box that appears when someone tries to connect.
I published a blog post explaining the features of Chaos-Rootkit and how each one works internally.
https://t.co/noIGKuSsxb
@0x_alibabas Thanks. didn’t try BaitAndSwitch. when I suggested a redirect policy, it wasn’t an option they said it was incompatible with their SDK. It also took a long time for them to implement a fix, so I gave up testing.
I’ve released a PoC and a technical write-up for a local privilege escalation vulnerability I discovered last year and reported to Lenovo PSIRT, affecting many gaming laptop brands, including Lenovo, MSI, Thunderobot, and others.
https://t.co/f5K1JfGu8S
write up https://t.co/F7OdHxlAnm
@7N7 Then calls DuplicateHandle with the DUPLICATE_CLOSE_SOURCE option which should close it in the source process allowing you to open it freely and dump everything without the user noticing.
@7N7 2. The last issue was that browser processes open the cookies database file with sharing flags that prevent other processes from accessing it. To bypass that you can enumerate handles until you find the right one via NtQuerySystemInformation
@7N7 If I remember correctly, if the user is already using the browser and you inject the DLL, it closes once creds are dumped. I didn’t look deeply, but I just run the browser with a new profile (since you can’t spawn two instances), headless then inject dll and pull data via RPC.
@7N7 Yeah it’s a lot of effort since you have to handle both ABE and the classic one in ABE some maldevs focus on stealth while others don’t because the browser closes and users notice i can share what I did if you’re interested or you can figur it out yourself if you like challenges.
@7N7 Damn, too many things waiting for you down there it almost gave me brain damage.
@AUZombie This is their builder. You can see the features since it checks authentication on the client side if you set the response of /api/users to true.
Last Seen Users on Sotwe
Keong G3mbul
Seen from France
khẩu dâm 20cm
Seen from Vietnam
MAYME' 🫧 
LucysTGWorld (150K) 😵💫 BBC | MILFS | TRANS
Seen from Austria
عصام الانسي حسابي الاول محظور
Seen from Turkey
小梨酱
Seen from France
prada
Seen from Korea
爱琳
Seen from United States
brvyg
Seen from Indonesia
Parlak tam pasif
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers