2023-06-11 | Hacker Trends

06/10

06/11

06/12

7 Posts

Charles Fol on Twitter: "#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability @DDXhunter and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate" / Twitter

https://twitter.com/cfreal_/status/1667852157536616451

Charles Fol on Twitter: "#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability @DDXhunter and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate" / Twitter

5 Posts

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

5 Posts

#NahamCon2022EU: Story of an RCE on Apple Through Hot Jar Swapping by Frans Rosen - YouTube

https://www.youtube.com/watch?v=A-O-irpqUWQ

#NahamCon2022EU: Story of an RCE on Apple Through Hot Jar Swapping by Frans Rosen - YouTube

4 Posts

Hackers steal $3 million by impersonating crypto news journalists

https://www.bleepingcomputer.com/news/cryptocurrency/hackers-steal-3-million-by-impersonating-crypto-news-journalists/

Hackers steal $3 million by impersonating crypto news journalists

4 Posts

Abusing undocumented features to spoof PE section headers | secret club

https://secret.club/2023/06/05/spoof-pe-sections.html

Abusing undocumented features to spoof PE section headers | secret club

3 Posts

GitHub - nettitude/SharpWSUS

https://github.com/nettitude/SharpWSUS

GitHub - nettitude/SharpWSUS

3 Posts

GitHub - nyxgeek/onedrive_user_enum: onedrive user enumeration - pentest tool to enumerate valid o365 users

https://github.com/nyxgeek/onedrive_user_enum

GitHub - nyxgeek/onedrive_user_enum: onedrive user enumeration - pentest tool to enumerate valid o365 users

3 Posts

CipherIT Extractor · GitHub

https://gist.github.com/c3rb3ru5d3d53c/3fede678ae5fc531cb84d932511f849f

CipherIT Extractor · GitHub

3 Posts

Strava heatmap feature can be abused to find home addresses

https://www.bleepingcomputer.com/news/security/strava-heatmap-feature-can-be-abused-to-find-home-addresses/

Strava heatmap feature can be abused to find home addresses

3 Posts

googlesource.com access_token leak (Awarded $7500) | Writeups

https://ndevtk.github.io/writeups/2023/06/11/googlesource/

googlesource.com access_token leak (Awarded $7500) | Writeups

3 Posts

GitHub - bcoles/kasld: Kernel Address Space Layout Derandomization [ KASLD ] - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing Kernel Address Space Layout Randomization (KASLR).

https://github.com/bcoles/kasld

GitHub - bcoles/kasld: Kernel Address Space Layout Derandomization [ KASLD ] - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing Kernel Address Space Layout Randomization (KASLR).