Channel: cKure Red
😃 A new class of vulnerability (on a lighter note). An interesting thread on watching police body cam footages.
https://twitter.com/vxunderground/status/1777121604574560462
https://twitter.com/vxunderground/status/1777121604574560462
X (formerly Twitter)
vx-underground (@vxunderground) on X
For example, based on his understanding of hundreds or possibly thousands of police body cam footage, he has learned that Walmart employee usernames are in the format of https://t.co/TyHsnV1fVs_number
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Please open Telegram to view this post
VIEW IN TELEGRAM
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔚 Telegram fixes Windows app zero-day used to launch Python scripts. Filing link from XSS.is forum.
http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/
PoC video: https://player.vimeo.com/video/932147196
https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/
http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/
PoC video: https://player.vimeo.com/video/932147196
https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/
https://github.com/hakaioffsec/CVE-2024-21338
https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - hakaioffsec/CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11…
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. - hakaioffsec/CVE-2024-21338
The AI-Assisted genocide (as documents of the first-time use of AI to kill humans emerge from active duty personnel in the Israeli army and their media outlets).
The documentary by Al-Jazeera news network was supported by content and news provided by two Israeli news networks, '+972 Magazine' and 'Local Call'. These agencies received information from active Israeli personnel (working IDF members) in the field that have access to the platform and its working. The whistle-blowers cited their conscience to report the unprecedented crime by IDF against the native muslim population of Palestine 🇵🇸 in Gaza and in Jenin, West Bank.
The AI system takes primarily 6 inputs from the Israeli military. In addition, it also uses Google Maps and other sophisticated software made by Google specifically for the support of Palestinian extermination (to which the engineers at google have protested publicly and were fired as a consequence). The recent modified 'Lavender AI' is called 'Gospel' and takes input from social media accounts of Palestinians. Any activity by a Palestinian in the past or present that is against the establishment of the Israeli regime is considered a worthy kill by the AI. The 'Gospel AI' does increase the kill chances of a person if he switched his SIM cards often. This information is provided by government and private companies and entities in Israel using their spyware and telecom hacking and spying software. The AI does take the amount of collateral damage into account while deciding the kill. The amount refers to no. of people (innocents) that will die in order to kill a legitimate target (eg. A person who switched SIM cards often).
The attack by Zionist Jews ✡️ using this AI has a way to feed the collateral damage. Those parameters have been set by the top echelon of the Zionist state. The results of over 50K killed Palestinians (non-alive people directly killed by Israel and non listed humans as in foetuses).
https://www.972mag.com/lavender-ai-israeli-army-gaza/
https://www.theguardian.com/world/2024/apr/03/israel-gaza-ai-database-hamas-airstrikes
https://www.aljazeera.com/news/2024/4/4/ai-assisted-genocide-israel-reportedly-used-database-for-gaza-kill-lists
https://youtu.be/cYQcT2Lv-y4
https://www.instagram.com/reel/C3GId3qtUlp/
https://youtu.be/GFD_Cgr2zho
Please open Telegram to view this post
VIEW IN TELEGRAM
+972 Magazine
‘Lavender’: The AI machine directing Israel’s bombing spree in Gaza
The Israeli army has marked tens of thousands of Gazans as suspects for assassination, using an AI targeting system with little human oversight and a permissive policy for casualties, +972 and Local Call reveal.
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
Please open Telegram to view this post
VIEW IN TELEGRAM
https://j0nathanj.github.io/Dusting-off-the-VM-Escape
Please open Telegram to view this post
VIEW IN TELEGRAM
Jonathan Jacobi’s Blog
How 18-Year-Old Me Discovered a VirtualBox VM Escape Vulnerability
VirtualBox VM Escape Vulnerability - A Research Walkthrough
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - P1sec/QCSuper: QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G…
QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things. - P1sec/QCSuper
https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome
Please open Telegram to view this post
VIEW IN TELEGRAM
Zero Day Initiative
Zero Day Initiative — CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 – a type confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium). He used this bug as a part of his winning exploit that led to code execution in the…
https://csp-evaluator.withgoogle.com/
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/0xda568/IconJector
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - 0xda568/IconJector: Unorthodox and stealthy way to inject a DLL into the explorer using icons
Unorthodox and stealthy way to inject a DLL into the explorer using icons - 0xda568/IconJector
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
HTML Embed Code: