Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…

Detect It Easy 3.06 Program for determining types of files for Windows, Linux and MacOS.

whids - Open Source EDR for Windows

CVE-2022-2959: Linux Kernel privilege escalation vulnerability

Reversing the Pokit Meter's Bluetooth Protocol

Block sued after ex-staffer siphons customer data

Threat actors are using the Tox P2P messenger as C2 server

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

Story of ARM TrustZone reverse engineering

RT j00sean:

Re @exploresecurity Have you had a look at any extensions, such as "Decoder Improved" or "Hackvertor"? You can find these by going to "Extender > BApp...

All I really captured was it sounded like @Twitter doesn’t use @CyberArk

RT Jai Minton: Red Team Tip: 'explorer.exe /root' can be run from the command line - similar to 'cmd.exe /c', only it breaks the process tree and make...

CVE-2022-2957 A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability ...

CVE-2022-36804 Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.1...

RT Nicolas Krassas: CVE-2022-32250 Linux kernel LPE PoC

Recently @fidgetingbits presented at @HacksInTaiwan on a 6 year old Linux kernel use-after-free vulnerability (CVE-2022-32250) which we exploited to g...

未看7-Zip源码，但我看了一眼RFC 2898，理解了前述密码逻辑。加密算法是AES-256，它需要32字节aes-key。无论输入password长短，均经PBKDF2算法变换得到32字节aes-key。PBKDF是"Password Based Key Derivation Function"的缩写，PBKDF2是PBKDF的一种，比如还有PBKDF1。RFC 2898提到，PBKDF2算法所用 ...全文

一看就旺财像

RT Vulns Security: We are very interested in buying 0-day exploit for Microsoft Word Bounty starts from $300K+

CVE-2022-32250 Linux kernel LPE PoC

RT NCC Group Research & Technology: Re @fidgetingbits presented at @HacksInTaiwan on a 6 year old Linux kernel use-after-free vulnerability (CVE-2022-...

Re @fidgetingbits presented at @HacksInTaiwan on a 6 year old Linux kernel use-after-free vulnerability (CVE-2022-32250) which we exploited to gain re...

Re write-up coming soon…

CVE-2022-31197 PostgreSQL JDBC driver SQL injection.

CVE-2022-31197 PostgreSQL JDBC driver SQL injection.

通知一下，Sec-News迁移到代码审计星球的官网了，并且改了样式：网页链接老的链接依旧可以访问，rss订阅地址也会保留一段时间，但建议修改成新地址～

主子和狗🐶都很狗，就是狗主人买瓜水平太差。

在紫禁城的第一夜，他梦见了一个金甲神人。神人说自己不生不灭，无父无母，只有个师父。师父传了通天大道的参悟之法。若悟此道，便可通晓一切过去未来。只是悟道之法需以元神游遍六合八荒，遍采世情为药，纳入炉鼎炼制。自开始修炼，元会运世也有五百多次了。今日至此，正好劫满道成，也算有缘。他 ...全文

欣赏这首诗，你们首先要知道庄之蝶是谁……传承啊，都是传承。//@来去之间: 转发微博

RT Thái "thaidn" Dương: In about 40' I'll give a talk at the US Embassy in Hanoi sharing lessons that @_tint0 and I have learned from years of hack...

We've updated the vx-underground Bulk Malware download collection - Virusshare 434 - 65,000+ unique samples - Files named using Kaspersky naming conve...

Re NOTE: *We are aware this posted on XSS July 14th. Despite being late to the party it is still interesting. *We have no way to determine the validit...

RT Nightmare: swAPI-XSS simple bash script to find swagger API directories and test manually for potential XSS vulnerability سكربت بسيط لف...

Re @thinking_panda You didn’t see when kids were looting shops a couple years back.

CVE-2022-34960 The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve...

CVE-2022-32427 PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledg...

KCon 2022 倒计时2天 KCon 倒计时2天｜不忘初心，让技术更有温度

穷举超长字符串，计算SHA1，只要20个字节全部位于ASCII范围，就制造出了一对zip解压密码。云海跟我说的这事。两个密码对应同一个加密ZIP包。

这不挺好的嘛。有说婚礼花费不高不超过5万，看介绍新娘自己设计婚纱和婚礼，估计花的钱也是新郎新娘自己的。 花自己的钱办婚礼，就算再简单朴实也比花父母巨资办的婚礼好。

潮白河还这么有名呀

以前是去营业厅交易有台风取消交易是应该的。现在都是远程网上交易，一般台风其实没太大的必要取消交易。

RT Soheil Feizi: Adversarial examples, originally observed ~2014, were fascinating cases showing deep nets can be super sensitive to small input pertu...

🔴 Live - Procurando falhas em programas de Bug Bounty! ❗️comandos ❗️cursos ❗️social ❗️prime ❗️blaze❗️vps

Re @AnR_2022 @pdnuclei credits? if I did it and didn't copy it. every strange person;

RT BleepingComputer: Windows Terminal is now the default terminal in Windows 11 dev builds - @LawrenceAbrams

见自己，见天地，见众生

RT Jeff Moss: Where are all the airline inflated emergency practice slides? I’d expect to find novelty amusement practice slides at airports. I’d gi...

任何经济衰退对穷人都不会是好事。

回复@kngiht2018:不是，现炸的肯定是最香，不是也差不了多少。主要是他的酱炸得不行，感觉像水煮的感觉煮得很烂，缺少了炸酱的香味。//@kngiht2018:主要酱不是现炸的