Cybersecurity information flow

Hi Guys!!!
Today, I am writing article about Admin Account Takeover Bug which I found on the Private program. I mostly works with the Private programs and was waiting for these programs to move to public so i could disclose this bugs. I waited so long and don’t know when this would happen so started to write articles again about my findings.
Obviously, I could not disclose the name of the program name so we would call it example.com throughout this article. I work with this program since long. This program regularly sends the update about the new functionality introduced.
Recently we got the update from the program that they introduced new functionality called “custom role” where admin can assign custom permissions to user and define a new role.
Custom Role Permission
As per the above screenshot , Admin could assign user management permission to custom role user.
Next step was login with this custom role user and navigate to the user management functionality. As it should be this user was not able to change t

Hi Fellow Hackers!!!
Happy New Year!!!
This Write-Up is about the same program i mentioned in my another article “https://medium.com/@ronak-9889/admin-account-takeover-ab7535fe0fdb”
As mentioned in that write-up this program introduced new feature called “Custom role” which allows admin to create user with custom permissions. One of the permission which could be assigned was “Access to security section”
As seen above Imagine Admin has created user with the custom role which has only “access to security section” admin permission.
As seen in below screenshot admin has created custom role “test scim ” and assigned it to user “james parker”.
Security section of this application was containing feature “SCIM provisioning” which allows to create,update,delete user data through Identity Provider.
Those who are not familiar with SCIM , I am referring below link to understand the concept
SCIM
There were many identity provider options available but i used OKTA to test this.
To complete the setup one need to generate SCI

Hello Community,
This article is about the Web meeting App, which i was invited as a part of their private program. This was the first time that i was testing web meting app.
As usual, I started playing with the functionalities and inspecting the traffic. As this is the real time traffic Majority of the functionality was over Web Socket.
I would recommend below link to understand how to inspect and play with the web socket traffic
Testing for WebSocket vulnerabilities with Burp Suite
I found two access control Bugs while testing this app, which i have described below
Bypass Public chat restriction
This was the Web meeting app and it has two roles Presenter/Meeting Admin and attendee. As per below screenshot Presenter could set webinar option to allow only Private chat.
Webinar Options
Using the Presenter account i enforced private chat only in webinar.
Now i joined as attendee in another browser and as expected i was only able to send chat to presenter.
Private Chat Only
I sent message to presenter and interc

Cyber-attacks, malware, and aspects of ransomware.
Continue reading on InfoSec Write-ups »

" 网络攻击、恶意软件以及勒索软件的相关方面。\n继续阅读InfoSec Write-ups »"

WolvCTF 2024
Hello Fellas, How are you guys doing? I hope you are all well. Today in this writeup, we will solve all the challenges of forensics from the WolvCTF 2024. Kudos to the forensic challenge author and all the team members for making this CTF go smoothly, and honestly, I enjoyed this CTF.
Let’s begin….
Challenge 1:
Level: Beginner
Challenge Title: Hidden data
Challenge Description: WOLPHV sent me this file. Not sure what to comment about it
Link for challenge: https://mega.nz/file/Z9JhVDaA#A5tunQhSxWZZkb4K_I9A9E3mq6ae81Gp0Wa81Mve0m4
Challenge File
So, let us start with the file command.
And there it was: in the comment’s value is the flag. (The file command is used to see what type of file it is).
Challenge 2:
Challenge Name: Eternally Pwned: Infiltration
Challenge Description: I recently had my passwords and other sensitive data leaked, but I have no idea how. Can you figure out how the attacker got in to my PC?
Link for challenge: https://mega.nz/file/RloS0LoI#1twPNxzOwEKgO8Pl-Drpi9ablFG1Cj1QuxooiU

A minimal TLS 1.2 client implementation in a pure Bash script

Inject ELF into remote process

波兰政府宣布，疑似与俄罗斯军事情报局（GRU）有关的威胁攻击者一直在“袭击”波兰政府机构。

近日，波兰政府宣布，疑似与俄罗斯军事情报局（GRU）有关的黑客一直在“袭击”波兰政府机构。 CSIRT MON（波兰国防部长领导的计算机安全事件响应小组）和 CERT Polska（波兰计算机应急响应小组）近期发现很多资料，证实了疑似具有俄罗斯背景的黑客组织 APT28 在一次大规模网络钓鱼活动中，攻击了多个波兰政府机构。 黑客通过发布一些网络钓鱼邮件，试图诱使收件人点击显示为”获得更多有关一名神秘的乌克兰妇女向波兰和乌克兰高级当局 “出售 “二手内衣信息的链接。一旦点击链接，收件人就会被重定向到多个网站，然后进入一个下载 ZIP 压缩包的页面。 据悉，该压缩包包含了一个伪装成 JPG 图像文件的恶意可执行文件以及名为 DLL 和 .BAT 脚本的隐藏文件。 在受害目标打开伪装的可执行文件后，隐藏的脚本就会立刻自动运行，脚本会在 Microsoft Edge 浏览器中显示一张泳装女子的照片，分散受害者的注意力，同时”偷偷“下载 CMD 文件并将其扩展名更改为 JPG。 值得一提的是，此次网络攻击活动中使用的策略和基础工具与另一起网络攻击运动中使用的策略和基础工具非常相似，APT28 组织成员使用“以色列-哈马斯冲突”作为诱饵，给 13 个国家（包括联合国人权理事会成员）的官员“提供”带有 Headlace 恶意软件的后门设备。 APT28 黑客组织自 2000 年代中期浮出水面以来，组织发动了许多备受瞩目的网络攻击时间。2018 年，业内很多从业者将其与 GRU 的军事单位 26165 联系在一起。 据悉，APT28 组织不仅可能是 2016 年美国总统大选前入侵民主党全国委员会（DNC）和民主党国会竞选委员会（DCCC）的幕后黑手，也有可能是 2015 年入侵德国联邦议会（Deutscher Bundestag）的幕后真凶。 2018 年 7 月，美国当局曾指控 APT28 多名成员参与到 DNC 和 DCCC 网络攻击事件中，欧盟理事会在 2020 年 10 月因联邦议院网络攻击事件，宣布制裁 APT28 组织。 一周前，北约、欧盟以及一些国际合作伙伴正式谴责了针对包括德国和捷克在内的多个欧洲国家的长期 APT28 网络间谍活动。德国表示，APT28 组织入侵了社会民主党执行委员会成员的多个电子邮件账户。捷克外交部也透露，APT28 在 2023 年袭击了捷克境内的一些机构。 美国国务

A LLM interface that pays homage to rabbit r1 on Playdate.

🔥🕷️ Crawl4AI: Open-source LLM Friendly Web Crawler & Scrapper

详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。

proof-of-concept for generating Java deserialization payload | Proxy MemShell 反序列化概念验证工具 | 动态代理实现内存马

EmploLeaks是一款针对企业安全的组织员工信息收集OSINT工具，并以此来判断组织内部的网络安全态势。

波兰政府宣布，疑似与俄罗斯军事情报局（GRU）有关的威胁攻击者一直在“袭击”波兰政府机构。

要发掘人工智能的巨大潜力，这些保护系统必须具备强大的安全性，否则可能面临跨组织和跨国家的限制甚至禁令。

From Bounty Platform to Hunting Tricks
Continue reading on InfoSec Write-ups »

" 从赏金平台到狩猎技巧\n继续阅读InfoSec Write-ups »"

In this write-up, I share my journey of uncovering a Cross-Site Scripting (XSS) Vulnerability within the search functionality and course tags of the open-source CMS/LMS known as Frappe. This ended up in me earning/discovering a CVE (2023–5555).
A SAST (Static Application Security Testing) tool is software that analyzes source code or compiled versions without running the program. It hunts for security vulnerabilities, coding errors, and compliance with standards.
Introduction
With the knowledge that a CMS often presents ample opportunities for XSS vulnerabilities, I embarked on an experiment by scouring GitHub for “Open Source CMS.” My search led me to the Frappe LMS repository (Frappe LMS Repository), boasting 300 forks and almost 700 stars. One might assume that an open-source project with such popularity would prioritize security. However, my findings suggested otherwise.
Credited !
Leveraging SemGrep for Analysis
To expedite the process, I employed the remarkable free code analysis tool, SemGrep. SemGrep 

Recon on Steroids — Discover EVEN MORE Subdomains
Won’t you love to find the website or asset that nobody else has found, test it, and find some serious vulnerability that will result in a big fat paycheck? Yes, it is possible! If you’re thinking outside the box! The big programs, which have “all our assets in scope”, “everything that they own in scope” or something similar mentioned in their policy, could unlock the path to finding untested areas. I will show my own unique methods to discover more core subdomains. This will probably even surprise the program managers when they realize that you have found an asset they have no idea that they own.
https://medium.com/media/0c0d86ed2de5dedb577d8b01a22723fd/href
Main Website Recon
If you saw some of my videos from the recon playlist, you know that I show most of my examples of the Coca-Cola company. I usually prepare a list of root domains in the wildcards.txt file. Let’s try populating this file.
The first thing that I gonna show you, is just doing simply stupid

Hello Guys! Hope you are doing well in this pandemic.
This write up is about Bug, Which I found in private program before six months and resolved before two months. As I mentioned in my previous blog posts, I go by functionality to hunt for Bugs. I loved this bug due to how simple IDOR could create a Huge impact if linked with the existing functionality.
As this bug was reported to private program, I won’t be able to disclose program name. I would mention it as Redacted.com throughout this blog post. For better understanding, I would just mention that it is an app to generate forms for surveys, quiz and more, collect responses from those forms as well as integrate with other services.
Mostly I look for Business logic, IDORs and server-side bugs while hunting. I don’t follow any predefined or fixed methodology but just go with some basic recon, Try to understand normal flow of application and then go for hunting.
This bug was in the integration functionality. First I would describe basic flow of this functiona

Hi Fellow Hackers!!!
Happy New Year!!!
This Write-Up is about the same program i mentioned in my another article “https://medium.com/@ronak-9889/admin-account-takeover-ab7535fe0fdb”
As mentioned in that write-up this program introduced new feature called “Custom role” which allows admin to create user with custom permissions. One of the permission which could be assigned was “Access to security section”
As seen above Imagine Admin has created user with the custom role which has only “access to security section” admin permission.
As seen in below screenshot admin has created custom role “test scim ” and assigned it to user “james parker”.
Security section of this application was containing feature “SCIM provisioning” which allows to create,update,delete user data through Identity Provider.
Those who are not familiar with SCIM , I am referring below link to understand the concept
SCIM
There were many identity provider options available but i used OKTA to test this.
To complete the setup one need to generate SCI

Hello Community,
This article is about the Web meeting App, which i was invited as a part of their private program. This was the first time that i was testing web meting app.
As usual, I started playing with the functionalities and inspecting the traffic. As this is the real time traffic Majority of the functionality was over Web Socket.
I would recommend below link to understand how to inspect and play with the web socket traffic
Testing for WebSocket vulnerabilities with Burp Suite
I found two access control Bugs while testing this app, which i have described below
Bypass Public chat restriction
This was the Web meeting app and it has two roles Presenter/Meeting Admin and attendee. As per below screenshot Presenter could set webinar option to allow only Private chat.
Webinar Options
Using the Presenter account i enforced private chat only in webinar.
Now i joined as attendee in another browser and as expected i was only able to send chat to presenter.
Private Chat Only
I sent message to presenter and interc

A blazing fast inference solution for text embeddings models

写代码写到心烦，抽空来审审某.net开发的oa源码吧，从完整利用链分析到利用getshell

The platform for customizing AI from enterprise data

要发掘人工智能的巨大潜力，这些保护系统必须具备强大的安全性，否则可能面临跨组织和跨国家的限制甚至禁令。

2024 年 4 月，国内相关政府部门、机构协会相继发布了近十项针对网络安全行业的法规、条例和指南。

该公司强调，被盗信息不包括财务或支付信息、电子邮件地址或电话号码，他们正在与执法部门和第三方取证公司合作调查这一事件。

Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索，Index template快捷替换修改，索引列表信息查看， SQL converts to DSL等