Channel: cKure Red
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
Please open Telegram to view this post
VIEW IN TELEGRAM
https://j0nathanj.github.io/Dusting-off-the-VM-Escape
Please open Telegram to view this post
VIEW IN TELEGRAM
Jonathan Jacobi’s Blog
How 18-Year-Old Me Discovered a VirtualBox VM Escape Vulnerability
VirtualBox VM Escape Vulnerability - A Research Walkthrough
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - P1sec/QCSuper: QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G…
QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things. - P1sec/QCSuper
https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome
Please open Telegram to view this post
VIEW IN TELEGRAM
Zero Day Initiative
Zero Day Initiative — CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 – a type confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium). He used this bug as a part of his winning exploit that led to code execution in the…
https://csp-evaluator.withgoogle.com/
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/0xda568/IconJector
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - 0xda568/IconJector: Unorthodox and stealthy way to inject a DLL into the explorer using icons
Unorthodox and stealthy way to inject a DLL into the explorer using icons - 0xda568/IconJector
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Where People Go When They Want to Hack You
What do you need to hack any system on the planet? Whatever it is, you can certainly find it on the Zero-day market: a network that consists of the world’s best hackers trading vulnerabilities with governments, cybercriminals and megacorporations. How does…
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
https://betrusted.it/blog/64-bytes-and-a-rop-chain-part-1/
Part 2:
https://betrusted.it/blog/64-bytes-and-a-rop-chain-part-2/
Please open Telegram to view this post
VIEW IN TELEGRAM
Betrusted
64 bytes and a ROP chain - A journey through nftables - Part 1
Dive into the process of vulnerability research in the Linux kernel: focus on CVE-2023-0179 and Local Privilege Escalation (LPE).
https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/
https://m.youtube.com/watch
Please open Telegram to view this post
VIEW IN TELEGRAM
WIRED
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet
Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/hakaioffsec/CVE-2024-21338
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - hakaioffsec/CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11…
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. - hakaioffsec/CVE-2024-21338
OpenAI bans accounts of the mercenaries. Facebook (Meta) follows suit.
Disrupting deceptive uses of AI by covert influence operations.
We have terminated accounts linked to covert influence operations; no significant audience increase due to our services.
-OpenAI
Official statement:
https://openai.com/index/disrupting-deceptive-uses-of-AI-by-covert-influence-operations/
Supporting article by journalists in Israel: https://www.timesofisrael.com/openai-says-it-disrupted-covert-influence-operation-by-israeli-firm-stoic/
Stoic also acted to meddle with elections in India 🇮🇳
https://www.business-standard.com/elections/lok-sabha-election/openai-report-on-lok-sabha-polls-zero-zeno-what-is-israeli-firm-stoic-and-how-it-tried-to-disrupt-lok-sabha-polls-2024-124060100518_1.html
Please open Telegram to view this post
VIEW IN TELEGRAM
Openai
Disrupting deceptive uses of AI by covert influence operations
We’ve terminated accounts linked to covert influence operations; no significant audience increase due to our services.
This media is not supported in your browser
VIEW IN TELEGRAM
Israel 🇮🇱 Palestine 🇵🇸 conflict
Title: Disinformation campaign
Company name: Stoic (Tel Aviv).
Subtitle: The lying Jew ✡️
The company's goal is to spread lies and form a narrative that supports the criminal state; starting at home in Israel.
The company created bots that mimicked African American students and Jewish students as if they were concerned. These accounts commented on Facebook and Instagram in favor of genocide in the Muslim lands (Gaza, Palestine 🇵🇸).
Title: Disinformation campaign
Company name: Stoic (Tel Aviv).
Subtitle: The lying Jew ✡️
The company's goal is to spread lies and form a narrative that supports the criminal state; starting at home in Israel.
The company created bots that mimicked African American students and Jewish students as if they were concerned. These accounts commented on Facebook and Instagram in favor of genocide in the Muslim lands (Gaza, Palestine 🇵🇸).
https://github.com/seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems: Advanced Methods for Extracting…
Advanced Methods for Extracting Information from Isolated Systems - seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems
https://samcurry.net/hacking-millions-of-modems
Please open Telegram to view this post
VIEW IN TELEGRAM
samcurry.net
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive…
HTML Embed Code: