so.cl

If I were to take a wild guess, none of the people drooling over the idea of war actually want to face its horrors. But they love the idealized, movie-esque idea of war.

I learn from the mistakes of people who take my advice.

I cant tell whether the Internet is dead because people have gotten more bitter as they have gotten older or the younger generation is very angry.

Lately, I came across with KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.

This post walks through the journey I took and the hurdles I encountered to make process injection via KernelCallbackTable work according to what I wanted. Adventures with KernelCallbackTable Injection

Wow! Check out this SQL CoinsIO file, right there on their server, up for grabs. Any bets on how long it will take them to remove it?

Start with a domain, and we’ll find everything about it, outputs a handy .json file with all the data for further investigation.

Runs as fast as your computer/network/DNS resolver allows it to be. Test run for 10.000 subdomains tested all of them in ~20 seconds with concurrency set to 16 on a machine with 16 (logical) cores. Skanuvaty - dangerously fast dns/network/port scanner, all-in-one

Features:

• Finds subdomains from root domain
• Finds IPs for subdomains
• Checks what ports are open on those IPs (Notice: not yet implemented)

This is a report I created for one of the engagements I performed recently. The goal of the engagement was to find out if there is a way to steal credit card details by using client side vulnerabilities. Everything after this is a report as a whole.

I was engaged to perform a restricted depth first assessment of a web application “XYZ” to verify if there is a way to exploit client side vulnerabilities to steal credit card information of the users. As a result of the engagement, I was successful to exploit a self cross site scripting chained with cross site request forgery to steal the victims credit card details. This document details my approaches , findings and ways to remediate the vulnerabilities.How I chained two vulnerabilities to steal credit card details

About a year ago, when I started my first forays into HackerOne, I discovered one of the most impactful bugs I’ve ever come across. It was January 2021, when I received a private invitation to a VDP (Vulnerability Disclosure Program), it was from an airlines group. So I decided to try hacking in that program, because at that time I didn’t give much priority to bounties, due I wanted to learn and earn my first points on the platform.

After a few minutes investigating the scope of the page, I realized that they were using a unified login system for most of the companies that were in the scope, mostly airline websites, among others. I decided to analyze the “Forgot your password?” endpoint, first. So I entered my email and waited for the email where I would receive the link to change the password. How I hacked one of the biggest airlines group in the world

Brave is rolling out a new feature called De-AMP, which allows Brave users to bypass Google-hosted AMP pages, and instead visit the content’s publisher directly. AMP harms users’ privacy, security and internet experience, and just as bad, AMP helps Google further monopolize and control the direction of the Web.

Brave will protect users from AMP in several ways. Where possible, De-AMP will rewrite links and URLs to prevent users from visiting AMP pages altogether. And in cases where that is not possible, Brave will watch as pages are being fetched and redirect users away from AMP pages before the page is even rendered, preventing AMP/Google code from being loaded and executed. Brave De-AMP: Cutting Out Google and Enhancing Privacy

Killnet is playing with the NATO CCDCOE (NATO Cooperative Cyber Defence Centre of Excellence) infrastructure.

NATO, WE’RE FUCKING YOU WHILE YOU’RE DOING A CYBER TOURNAMENT. LET’S PLAY FOR REAL 😚

They seem serious because they’re going for the Estonian airports infrastructure (they went for the Polish and Czech airports websites the days before), main Tallinn airport website is down.

I guess this calls for Anony🐭 to release another version of VLC Player.

Were you also sickened by the invasion of Libya? Afghanistan? Iraq? Were you sickened when the Spanish police was attacking Catalans who were just voting? Fuck you, asshole. No, really, fuck you.

Check Point Research discovered vulnerabilities in the ALAC format that could have led an attacker to remotely get access to its media and audio conversations.

MediaTek and Qualcomm, the two largest mobile chipset manufacturers in the world, used the ALAC audio coding in their widely distributed mobile handsets, putting millions of Android users’ privacy at risk.

Research, dubbed “ALHACK” finds Two thirds of all smartphones sold in 2021 are vulnerable.

Qualcomm and MediaTek acknowledged the vulnerabilities flagged by CPR, putting patches and fixes in response. Largest Mobile Chipset Manufacturers used Vulnerable Audio Decoder, 2/3 of Android users’ Privacy around the World were at Risk

If your recommended security “experts” are Amanda “malware unicorn” Rousseau, Marcus “malwaretech” Hutchins, Thomas “tfatcek” Ptacek or the South African asshole formerly known as thegrugq, you need to reconsider your career choices.

Same thing if you link to Bleepingshithole news crap.

My condolences to thegrugq, who went from selling 0days for “hundreds of thousands” bucks to begging for coffee money on Patreon.

Life sucks, doesn’t it, Tchad?

If a product has an ad, it’s money not spent on improving the product and is instead money spent on trying to psychologically manipulate people into buying your shitty broken product.

If a site requires ads to survive then it would be better if it didn’t.

EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. EvilSelenium

Features:

• Steal stored credentials (via autofill)
• Steal cookies
• Take screenshots of websites
• Dump Gmail/O365 emails
• Dump WhatsApp messages
• Download & exfiltrate files
• Add SSH keys to GitHub

Visual Studio Tools for Office (VSTO) has the capability to export an Add-In which is embedded inside an Office document file (such as a Word DOCX). If this document is delivered in the right way (to avoid some inbuilt mitigations) it provides rich capabilities for attackers to phish users and gain code execution on a remote machine through the installation of a word Add-In.

Office itself even provides an automatic update capability, which can be used by attackers to update payloads remotely. Make phishing great again. VSTO office files are the new macro nightmare?

Moriarty tries to find important information about a specific phone number. Moriarty Project

Features

• Tries to find the owner of the phone number.
• Spam risk.
• Comments about the phone number.
• Linked social media platforms.
• Reports, searches, DuckDuckGo results etc.

Collection of most common WordPress malware collected over the years. Files are organized in directories by the day discovered by CXS or Imunify360. WordPress Malware