DON'T PLAY CS2!
CS2 currently has a serious vulnerability which could be used for fun or to plant harmful software on PC! Your system can be hacked in no time. This new bug works even with lobby invites, so simple idling in the game menu could be dangerous as well!
2011: 21-year-old George "geohot" Hotz published the PlayStation 3 root key online. This allowed owners to jailbreak the console. Sony soon sued Hotz. Settling out of court, he agreed to numerous terms, including not reverse engineering Sony products or bypassing controls.
Hey
@McDonaldsCanada
, I've tried getting in contact with your team with no success. Over the past few months there have been numerous complaints from your customers about their funds going missing. If you guys would remediate this blaring SQLi on your website it might help.
Next week at
@mandconsulting_
, we're dropping a new tool and blog post we've been working on. I hope you like secrets - and mass exploitation & disclosure of Fortune 100-500s on previously less-documented attack surface.
Months ago
@leet_sauce
,
@ItsNux
and I located an SQL Injection on one of the largest US universities. It turned out to be some open source software, and was used on multiple universities. It ran on ColdFusion and was difficult to pinpoint all the vulns, so I wrote a scanner.
Beautiful write-up and research performed by Ben Barnea from the Akamai team.
-
"An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients."
"The first
Hey uh,
@PepsiCo
, were you aware you have what appears to be a (now dead?) XXE payload/shell on one of your subdomains indexes lol? hxxps://share-ite.brandcentral.pepsico.com
I am super thrilled to announce I've accepted a position with
@NCCGroupInfosec
. 2020s been a pretty weird year considering I was supposed to start earlier this year, but it all worked out in the end. Very excited to build a career with such a great organization. 🥳🥳
My 2019 recap:
- Discovered RCE in EA's Origin client.
- Discovered another RCE in EA's Origin client.
- Discovered a code execution bug in KDE that's been dormant for ~16yrs.
- Discovered an XXE vulnerability in software used by the Federal Reserve.
you gotta appreciate the way they shipped the backdoored object file. added some "test" data to the source tree that gets unxz'd and (dd) carved in a specific way, that is fed into a deobfuscator written in.. awk script and the result gets unxz'd again
Wow, a year ago to the day I began my career in infosec with NCC Group. Working in security was always my dream job as a kid. Through years of dedication, trials and errors, that dream has come true. 13 year old Dom would be proud. Never stop learning. 🙏
it looks like through the publicly available pocs, people aren’t executing javascript yet, so it’s entirely possible it’s just an html injection issue. im personally convinced it can be escalated but only time will tell :)
Not particularly restricted to browser based features. I've had success in custom apps from Electron to Qt based with the following:
custom-app://views/layout.html
to
custom-app://views/../../../../secret.txt
#bugbounty
#bugbountytip
#bugbountytips
#security
#infosec
Browser-Based application LFI
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.
#BugBounty
#BugBountyTip
#BugBountyTips
Testing an application for OOB payloads? XXE, SQLi?
Maybe you just need a public facing HTTP server to mock a response.
My go to without spinning up another box or sshing into one, is Beeceptor.
#bugbountytips
#bugbountytip
#security
#bugbounty
Can we stop calling ppl who DDoS shit hackers? Journos... why the hell do you even call them hackers to begin with? Looking for legitimate answers as I'm confused as hell.
I've run into a bunch of Java based webapps that had directory traversal filters and was able to successfully bypass them by using a backslash (\) rather than forward slash when traversing.
Just remember to try it using curl, because browsers automatically correct "\" to "/".
#bugbountytip
#bugbounty
Directory listing bypass payloads : Any file name or folder name ..%3B/
/%20../
/.ssh/authorized_keys
/.ssh/known_hosts
/%2e%2e/google.com
..%3B/////////////////////////////////
Criminals have been using sophisticated tools to steal cars. And Canadians are rightfully worried.
Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.
🔗:
well that sucks… got yeeted in the NCC layoffs. it was a blast. i’ll need some time to process this before i come up with a better tweet. sending hugs to all of those who were affected ❤️
i would like to clarify while i said xss in my initial post, there isn’t yet evidence to suggest that’s what’s occurring here. it looks like a simple html injection issue here with a limited html subset.
often times in these situations applications have their own ways of
@n00py1
@zer0pwn
@ReneFreingruber
I did manage to find a way to get JS code execution (not through script tags), but this exploit is patched with the latest client update
How to spot a possible entrapment operation online.
- asks for hackers in a public forum
- asks about your skills and previous hacks
- asks you to click on suspicious links
- uses antiqued memes or language in an attempt to fit in "lulz, kek, LOL"
- wants to start a new 'crew'
Wow. I wrote briefly about .URL files in 2019 ( ) and a potential vector to exploit underlying vulnerable software. Really cool to see other tricks people using to abuse them. This one in the tweet shared by
@fuzz_sh
is much better 😅
This works on Windows 11 and both Gmail and MSFT will let it through to the inbox. Confirmed by
@amitchell516
and
@samkscholten
New detection/hunt rule is live for this, which looks for UNC paths inside URL file attachments (h/t
@amitchell516
!):
I've recieved a few inquiries regarding dropping 0days discovered by other researchers on . Obviously with full credit, etc.
If this is something that sounds interesting to you feel free to get in touch with me :)
The amount of personal attacks I've recieved from KDE developers is actually really disappointing.
As the majority of you know, I am a whitehat and have rarely irresponsibly disclosed critical vulnerabilities.
Despite this I'm being painted as a villain for wanting to engage—
Jackie Singh literally took a friendly mouse game and tried to add a racist spin on it in order to create tension. Tell me how THAT'S NOT RACIST in itself.
whos' this prick? I checked they are on my blocklist. but if anyone want to paint their own racist, shitty views onto my little friendly fun mouse they can fuck right off!
Just finished reading “Mashing Enter to Bypass Full Disk Encryption” by
@PulseSecurityNZ
Using a microcontroller with the following code they were able to break the boot process and drop into a root shell. Brilliant and hilarious.