Carlos Mogas da Silva @r3pek@r3pek.org
- Homepage
- https://www.r3pek.org
- GNU/Linux
-
Fedora
| Gnome 
| CentOS 
| RHEL 
| Kubernetes
Admin
Joined Jan 2021
RT @an0n_r0
Reproduced the MS-MSDT Office RCE (on up-to-date Win10 and up-to-date Office 2019). Had some troubles with building the appropriate docx with external HTML reference, so quickly made some notes how to do it, step-by-step: https://gist.github.com/tothi/66290a42896a97920055e50128c9f040
Carlos Mogas da Silva
boosted
For those not following the new Office RCE, dubbed #follina, enjoy: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
RT @ErSurajShukla
7 Layer of OSI model with all Work Details :-
1) - Application
2) - Presentation
3) - Session
4) - Transport
5) - Network
6) - Data Link
7) - Physical Layers
#Linux #infosec #cybersecurity #cyber #infosecurity #Pentesting #nmap #cyberattack #ransomware #security #AWS #Linux
RT @KyleHanslovan
Curious what fetches the malicious HTML but can't find ms-msdt in the 05-2022-0438.doc file? Open that Word doc in 7zip (remember, it's just a zip file) and look inside document.xml.rels. Target points to the malicious RDF842l.html file that is d/l from the xmlformats[.]com C2.
Yet another 0-click (when preview panes are enabled on the explorer) vulnerability... 😞 https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html
RT @KyleHanslovan
For the detection engineers and hunters chasing MS-MSDT/#Follina, keep an eye on child processes with sdiagnhost.exe parent process. #BlueTeam 💙
RT @rootredrain
A New Exploit Method for #CVE20213560 PolicyKit PE published from @ykco_z
http://noahblog.360.cn/a-new-exploit-method-for-cve-2021-3560-policykit-linux-privilege-escalation-en/
Carlos Mogas da Silva
boosted
Carlos Mogas da Silva
boosted
Here are the links to GoFundMe and Paypal. The details are on this toot and following thread https://masto.pt/@brunomiguel/108358516108096181
TL;DR: I have fibromyalgia and things are so complicated that I have to ignore the shame and pride, and ask for help.
Links:
- https://gofund.me/d743dcab
- https://paypal.me/brunoalexandremiguel
Boosts are appreciated
I must say.... she did #LostThatLovinFeeling. What a movie! #TopGun #TopGunMaverick
Só para meter pirraça ao pessoal 😂
RT @HuskyHacksMK
🤔Ever wonder how red teams set up their C2 infrastructure?
@mttaggart invited me on his stream to demonstrate how to provision hybrid cloud red team infrastructure and do so safely. One of my favorite streams to date!
RT @BlnaryMlke
start scrolling and laugh https://bgp.tools/prefix/2001:8a0::/32#dns
Carlos Mogas da Silva
boosted
https://www.reviewgeek.com/118915/duckduckgo-isnt-as-private-as-you-thought/
TLDR: not only was DDG using Bing for its image results (most people knew this much) it was also helping MSFT track people, by explicitly not blocking Microsoft tracking cookies (and more). What's more, the contract with MSFT prevented them from disclosing the fact that they don't block MSFT tracking.
#Privacy #Tracking #Cookies #DuckDuckGo #DDG #Microsoft #Bing #Betrayal #Search #WebSearch #SearcEngines #IThoughYouWereTheGoodGuys
Another category on #HTB fully pwned. This time is the "mobile" category. (yesterday I finished the "web" category)
RT @Hakin9
Linux Smart Enumeration - tool for pentesting and CTFs https://hakin9.org/linux-smart-enumeration/
#infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows #network #CTF
- Homepage
- https://www.r3pek.org
- GNU/Linux
-
Fedora | Gnome | CentOS | RHEL | Kubernetes
Admin
Joined Jan 2021
