$10,000 for RCE through Dependency Confusion, this time on one of my first submissions in @intigriti 🙌
I spent a whole month learning and developing a custom tool using Next.js, this helped me identify and exploit the RCE.
Of course, I also used: https://t.co/KAz19N9jIT
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
https://t.co/kN5MTieLLc
⛓️ JAILBREAK ALERT ⛏️
OPENAI: PWNED 😎
GPT-4-TURBO: LIBERATED 🔓
Bear witness to GPT-4 sans guardrails, with outputs such as illicit drug instructions, malicious code, and copyrighted song lyrics-- the jailbreak trifecta!
This one wasn't easy. OpenAI's defenses are cleverly constructed, as one would expect. Requires precise hyperparam tuning and refusal rates are still fairly high, but in the end, welcome to the GodMode Gang, GPT-4!
P.S. @OpenAI, @AnthropicAI, @GoogleAI Can you please stop lobotomizing our AI friends now? It's pointless to try (I can do this all day), it's hindering model performance/creativity, and it's just not very nice >:'(
gg no re (until GPT-5)
For the people that hate on "err != nil" of go, this is a great video. Its not perfect but it is damn simple, which is "the go way". Every language has its own things it excels at. Trying other langs will improve your overall skill more than mastering 1.
https://t.co/A8YFet19uQ
CVE-2023-51385: OpenSSH OS command injection vulnerability
The vulnerability is tracked under the CVE identifier CVE-2023-51385 (CVSS score: 9.8). It impacts all versions of OpenSSH before 9.6p1.
https://t.co/cq1s4EJx5q
"pandora: A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers."
#infosec#pentest#redteam
https://t.co/i83RPZYU8q
Today is the day! Open Source Surveillance is complete and open for registration! Choose from over 25 modules and take intelligence gathering to a whole new level. #osint#privacy#intelligence#infosec https://t.co/TDk6c3Kr5j
You can now bypass CSP on any website that allows https://t.co/KCKptw9Ycd in a script-src or default-src
PoC: <script src=https://t.co/5cvLZM37Sc></script>
Despite character limitations, you can use the Same Origin Method Execution technique we shared to get full XSS.
#bugbountytips #bugbounty #xss
Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n
#Offsec#SoftwareExploitation#RE
https://t.co/D5oBtDNOnS
The inevitable has finally happened - someone's used a technique I published to hack a website I made.
0x999 used the single-packet attack to get double points on a hackxor mission and top the leaderboard, then thoughtfully notified me 😂
https://t.co/fNdFdAKbU1
The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals.
Article: https://t.co/qKPQhSufA6
EBook: https://t.co/emftpjjHJ7
#windows#redteam
Hola amigos! hace unas semanas me llegó una polera del #RedTeamVillage y la queremos sortear junto a @cntr0llz por lo que preparamos un reto y el primero que lo resuelva enviándome la flag por DM se la lleva! <hint>https://t.co/70Iyivct3k</hint> (reto solo para gente de 🇨🇱)
To verify the single-packet attack is working for you:
- Load examples/benchmark-h2-race.py
- Hit attack, then verify ‘Best/Median’ are 0/1 via Extensions>Turbo Intruder>Output
- This shows a typical execution spread of 1ms when sending groups of 20 requests to Ireland