RT @an0n_r0
Reproduced the MS-MSDT Office RCE (on up-to-date Win10 and up-to-date Office 2019). Had some troubles with building the appropriate docx with external HTML reference, so quickly made some notes how to do it, step-by-step: https://gist.github.com/tothi/66290a42896a97920055e50128c9f040
For those not following the new Office RCE, dubbed #follina, enjoy: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
RT @ErSurajShukla
7 Layer of OSI model with all Work Details :-
1) - Application
2) - Presentation
3) - Session
4) - Transport
5) - Network
6) - Data Link
7) - Physical Layers
#Linux #infosec #cybersecurity #cyber #infosecurity #Pentesting #nmap #cyberattack #ransomware #security #AWS #Linux
Yet another 0-click (when preview panes are enabled on the explorer) vulnerability... 😞 https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html
RT @KyleHanslovan
For the detection engineers and hunters chasing MS-MSDT/#Follina, keep an eye on child processes with sdiagnhost.exe parent process. #BlueTeam 💙
RT @rootredrain
A New Exploit Method for #CVE20213560 PolicyKit PE published from @ykco_z
http://noahblog.360.cn/a-new-exploit-method-for-cve-2021-3560-policykit-linux-privilege-escalation-en/
Here are the links to GoFundMe and Paypal. The details are on this toot and following thread https://masto.pt/@brunomiguel/108358516108096181
TL;DR: I have fibromyalgia and things are so complicated that I have to ignore the shame and pride, and ask for help.
Links:
- https://gofund.me/d743dcab
- https://paypal.me/brunoalexandremiguel
Boosts are appreciated
I must say.... she did #LostThatLovinFeeling. What a movie! #TopGun #TopGunMaverick
RT @HuskyHacksMK
🤔Ever wonder how red teams set up their C2 infrastructure?
@mttaggart invited me on his stream to demonstrate how to provision hybrid cloud red team infrastructure and do so safely. One of my favorite streams to date!
RT @BlnaryMlke
start scrolling and laugh https://bgp.tools/prefix/2001:8a0::/32#dns
https://www.reviewgeek.com/118915/duckduckgo-isnt-as-private-as-you-thought/
TLDR: not only was DDG using Bing for its image results (most people knew this much) it was also helping MSFT track people, by explicitly not blocking Microsoft tracking cookies (and more). What's more, the contract with MSFT prevented them from disclosing the fact that they don't block MSFT tracking.
#Privacy #Tracking #Cookies #DuckDuckGo #DDG #Microsoft #Bing #Betrayal #Search #WebSearch #SearcEngines #IThoughYouWereTheGoodGuys
Another category on #HTB fully pwned. This time is the "mobile" category. (yesterday I finished the "web" category)
RT @Hakin9
Linux Smart Enumeration - tool for pentesting and CTFs https://hakin9.org/linux-smart-enumeration/
#infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows #network #CTF