Re @x1m_martijn @TheParanoids @intigriti Beterschap! Hopelijk zien we elkaar een andere keer!

#1337up0822 is awesome! Some many great hackers and exciting bounties/bonusses 🤯 Thanks for having me! @TheParanoids @intigriti (Tried to make a co...

With this I'm trying something different. As my talk will about my tooling, the Q&A "workshop" can just be me answering questions about how to use it ...

CVE-2022-37292 Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the...

CVE-2022-37245 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.

CVE-2022-37244 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after l...

CVE-2022-37243 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.

CVE-2022-37242 MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.

CVE-2022-37241 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax en...

CVE-2022-37240 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.

CVE-2022-37239 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpo...

CVE-2022-37238 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest paramet...

CVE-2022-22728 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote at...

CVE-2022-37824 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.

CVE-2022-37823 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.

CVE-2022-37822 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.

CVE-2022-37821 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince.

CVE-2022-37820 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.

CVE-2022-37819 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime.

CVE-2022-37818 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.

CVE-2022-37817 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.

CVE-2022-37816 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.

有个傻缺被tk拉黑后跑我评论区吐过几次槽，挨不着的那种。后来发现其发言比较闹心，送TA走了，不为已甚，只是移除了对自己的关注，好聚好散嘛。谁知这货阴魂不散又来闹心，我算明白TA为啥被tk拉黑了，这不是提醒我附加伤害么，真特么贱！

转发微博

RT 0xdf: New video solving the forensics challenge I created for the @hackthebox_eu Business CTF this summer, mbcoin. Challenge is available on HTB ri...

RT hackaday: Everything You Didn’t Know You Need to Know About Glitching Attacks

What's the best way to end a kick-off call? 🤩 Paying out the first exceptional and awarding the Speedster bonus for the fastest critical to the one...

🏎️ We’re live! 🏎️ Join the YouTube livestream now for the latest coverage of the #1337up0822 #LiveHackingEvent

Re @skp00 It’s so good to see you again Sean! The Paranoids are BACK! 🔥

It’s lights out and away we go! 🏁 The security researchers for @TheParanoids #LiveHackingEvent are already hunting for vulnerabilities. Catch us o...

dBmonster - Track WiFi Devices With Their Recieved Signal Strength

RT Theori: Our intern @_qwerty_po was destined to analyze a recent Linux kernel LPE vuln (CVE-2022-32250), a bug found and reported by @FidgetingBits....

More hackers adopt Sliver toolkit as a Cobalt Strike alternative

dBmonster - Track WiFi Devices With Their Recieved Signal Strength

Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

Man-in-the-Middle Phishing Attack

RT DoD Emerging Technologies: The Cybersecurity and Infrastructure Security Agency (#CISA), Stakeholder Engagement Division, Department of Homeland Se...

Re @h1pmnh Actually I am preparing a new presentation about JDBC attacks, including some new tricks.😀

前阵子有个小兄弟找我，说遇到一些工作上的事，很愁，愁得精神都快出问题了。所以想跟我聊聊。微信语音一接通，听声音就感觉他确实很焦虑。话也说不明白了，特别絮叨，说的很乱。我一听，感觉他这是有心魔。要是他在那边絮絮叨叨说，我在这边絮絮叨叨劝，就不会有用。这种情况必须当头棒喝，摄其心神 ...全文

还有这么丢人现眼不懂瞎讲的人 查看图片

张天爱和古力娜扎没有看上我，张天爱和古力娜扎都看上了徐开骋。为什么这个事网友们都表示想不通......我自己倒没觉得多奇怪，毕竟她俩没见过我

还有这么不懂瞎讲的，NB

前两天，我们提到勒索攻击已经成“全球公敌”，在攻击对象的选择上，关键基础设施正成为勒索组织的“活靶子”。近期，欧洲国家希腊最大的天然气分销商证实，由于遭受勒索攻击，多项在线服务被迫关闭，部分数据遭泄露。当前，欧洲各国对天然气的依赖程度比较高，这起攻击事件，也令一些人担忧即将到来的 ...全文

用ja3进行反爬是啥时候开始流行的呢？看到好多魔改ja3的

GitLab存在严重漏洞，允许通过Github导入实现远程命令执行本周一，GitLab发布了其社区版（CE）和企业版（EE）的15.3.1、15.2.3、15.1.5版本，其中包含重要的安全修复程序。在公告中，GitLab强烈建议用户立即将其GitLab升级到这些版本之一，因GitLab CE/EE中存在一个高危漏洞。GitLab是一个使用Git作为代码管理工具，并在此基础上搭建起 ...全文

【极客市集】展商招募，峰会现场（2022 SDC）分享你的黑科技！看雪第六届安全开发者峰会将于上海·10月23日举办我们为所有热爱网络安全技术的极客们量身打造【极客市集】极客精神的魅力在于不断打破规则、制造变量。我们诚邀各位能人异士来2022 SDC 现场，分享您的得力“武器”重要的事情说三遍：场地 free！free！free！您只需带上您的 ...全文

实现一个压缩壳，并给它加点“料”实现压缩壳，必须对PE格式十分熟悉，其次，解压缩代码需要编写shellcode，也是十分麻烦的环节。有了两者的结合，我们才能写好一个真正的压缩壳。

Bugger me sideways, actual sunshine.

Re @Jean_Maes_1994 Good luck 🍀

RT Moloch: Sliver v1.5.23 * Out of the box PPID Spoofing * Out of the box integrations with @egeblc's x64 shikata ga nai encoder variant * Bug fixes