CVE-2023-53634

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPFTRAMPFCALLORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the...

Exploit for Code Injection in Rejetto Http_File_Server

POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - C...

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-PoC : HTML5 Video Player 2.5.27 - Unauthentica...

Defending Against APTs: A Learning Exercise with Kimsuky

The “evolving threat landscape” is a term we often hear within webinars and presentations taking place across the cybersecurity industry. Such a catch-all term is intended to capture the litany of threat groups and their evolving tactics, but in many ways it fails to truly acknowledge the growth ...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

SUSE-SU-2021:0853-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19734 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check bsc1179664. - Fixed ...

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

T14M4T - Automated Brute-Forcing Attack Tool

t14m4t is an automated brute-forcing attack tool, wrapper of THC-Hydra and Nmap Security Scanner. t14m4t is scanning an user defined target or a document containing targets for open ports of services supported by t14m4t , and then starting brute-forcing attack against the services running on...

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence AI has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade...

rlpr <= 2.04 msg() Remote Format String Exploit

No description provided by source. by jaguar !/usr/bin/python import os, sys, socket, struct, time, telnetlib class rlprd: fd = None pad = 2 00000000 31DB xor ebx,ebx 00000002 F7E3 mul ebx 00000004 B003 mov al,0x3 00000006 80C304 add bl,0x4 00000009 89E1 mov ecx,esp 0000000B 4A dec edx 0000000C C...

Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks

Stuxnet case is considered by security expert the first concrete act of cyber warfare, a malware specifically designed to hit SCADA systems inside nuclear plants in Iran. The event has alerted the international security community on the risks related to the effects of a cyber attack against...

snmp-netstat NSE Script

Attempts to query SNMP for a netstat like output. The script can be used to identify and automatically add new targets to the scan by supplying the newtargets script argument. Script Arguments max-newtargets, newtargets See the documentation for the target library. creds.service, creds.global See...