chebuya @_chebuya Twitter profile

Pinned Tweet

chebuya

2 months

How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!

8

121

449

Last Seen Profiles

@Claims_IG_CPCUs

@TheonlyAustin03

@mijustmee

@UpdNoOEBIpjTJST

@suguzwonder

@julanglais

@alynazeer

@CarbonBubble

@Reventxz

@ElnoraF13006

@conkmixie

@Sleasernpyg6X

@bokeplokalmalam

@vlovster

@Reventxz

@JCPinckney

@SEHRadio

@779enjoyer

@butterfliesresf

@NordeaOpen

@TshepisoMalema2

@TyHaliburton22

@xiu0x

@ETonbase

@yilllp060715

@sukastw_bali

@bodyslamband

@N_miki_tsukasa

@MasseAriann

@hoversizer

@ElCelta3

@amtknp

@24_jours

@newchan_hee

@GBRbbq

@ktnNoko

chebuya

@_chebuya

25 days

How I discovered and exploited an Unauthenticated RCE in BYOB (Build Your Own Botnet), an open-source post-exploitation framework for students, researchers and developers with close to 9k stars on GitHub!

chebuya

@_chebuya

25 days

@HackingLZ > claims to be for students, universities, researchers etc > ransomware and XMRig installer functionality being developed > FAQ helps "students" failing to install XMRig properly 🤔😂

1

9

2

48

167

chebuya

@_chebuya

5 months

How I discovered and chained and RCE and an XSS on CHAOS RAT v5.01, allowing an attacker to takeover the RAT server. Taking inspiration from , I also added exploit functionality to rickroll RAT operators.

ACE Responder

@ACEResponder

1 year

Introducing RogueSliver. A tool to disrupt offensive campaigns that use the Sliver C2 framework. • Hijack beacons • Send memes to the attacker • Flood C2 servers #DFIR #RedTeam

10

248

775

1

20

80

chebuya

@_chebuya

5 months

I found a preauth path traversal vulnerability in the Jasmin Ransomware panel allowing an attacker to deanonymize panel operators and dump decryption keys. Jasmin ransomware was observed in a recent TeamCity exploitation campaign ()

0

21

72

chebuya

@_chebuya

6 months

How I discovered a pre-auth XSS vulnerability in NorthStar C2 (CVE-2024-28741) allowing an attacker to execute commands on NorthStar C2 agents Thank you @ACEResponder and @0xocdsec for the inspiration

0

16

49

chebuya

@_chebuya

27 days

The unauthenticated SSRF vulnerability affecting Havoc C2 has been assigned CVE-2024-41570 () To hotpatch your teamserver: 1) Navigate to the Havoc directory 2) Run the command sed -i '/case COMMAND_SOCKET:/,/return true/d' teamserver/pkg/agent/agent.go

chebuya

@_chebuya

2 months

How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!

8

121

449

0

11

29

chebuya

@_chebuya

25 days

@HackingLZ > claims to be for students, universities, researchers etc > ransomware and XMRig installer functionality being developed > FAQ helps "students" failing to install XMRig properly 🤔😂

1

9