Google Dork - Sensitive Docs 📄

ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx
intext:“confidential” | intext:“Not for Public Release” | intext:”internal use only” | intext:“do not distribute”

Discover internal files 👀

Wrote a Keylogger in Rust that Bypasses Almost All AV Engines.

Code: github.com/Whitecat18/Rus…

#maldev #offensiverust #redteam #keylogger #rustlang #cybersecurity

New TCP Keylogger[Beta]: Now you can receive the logs directly from victim using receiver.

[+] TCP Keylogger: github.com/Whitecat18/Rus…

[+] TCP Receiver: github.com/Whitecat18/Rus…

#keylogger #maldev #pentesting #redteam #cybersecurity #hacking #pwned #infosec

How to detect a fake account

A detailed multi-step guide on how to determine (and justify it in the report) whether a social media account is fake or not.

sowel.soxoj.com/Instructions/H…

(part of SOWEL - Socmint Weaknesses Enumeration List)

Contributor Soxoj

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM labs.nettitude.com/blog/cve-2024-…

A GitHub flaw (or bad design decision) is being abused to distribute malware through URLs linked to Microsoft’s repository, and others, to make the files appear trustworthy.
bleepingcomputer.com/news/security/…

Google Dork - Login Pages 🔑

inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:example[.]com

Find hidden login pages and admin panels 👀

The MITRE Corporation says state hackers breached its systems in January 2024 by chaining two Ivanti VPN zero-days - Sergiu Gatlan
bleepingcomputer.com/news/security/…

🚨URGENT🚨A Zero-day exploit for WhatsApp is up for sale.

#DarkWeb Informer #DarkWeb #Cybersecurity #Cyberattack #Cybercrime #Infosec #CTI #0Day #ZeroDay #WhatsApp #Exploit

Details:

- Supports #Android and iOS
- RCE
- Attack type - 1Click
- Payload - Image 
 - Control Over

ZIP embedding attack on Google Chrome extensions : readme.synack.com/exploits-expla…

A 13 year old coded a botnet control framework that utilizes pastebin and github for control of hosts in red teaming…

This makes the hacker in me so hopeful.

Check out pastebomb when it’s dropped!

🤔

Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool

Source: github.com/Syslifters/Off…

#Hacking #infosec urity #infosec #Pentesting #redteam #pwn #CyberSecurity #CTF #CyberSecurity #cybersecuritytips

Vulnerability in Putty:

'attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key'

* Revoke keys immediately including public in authorized_keys
* Generate a new key pair and replace

chiark.greenend.org.uk/~sgtatham/putt…

passwords + chatgpt = no good

horus : An OSINT / digital forensics tool built in Python : github.com/6abd/horus

Be alert that there is Qakbot being spread in the wild:
49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0

Campaign: tchk08

ITW URLs on Virustotal:
upd5[.]pro
upd112.appspot[.]com

#BREAKING : US Gov't confirms Russia has cyber-hacked our own gov't *just a few days ago* (11 April).

#CISA reports the Russia-hacking operation, called Midnight Blizzard, successfully infiltrated our gov't by penetrating #MICROSOFT .

#Context : #Microsoft is the main provider of

Complex hidden LSASS dump using C++ and MASM x64.

github.com/Meowmycks/LetM…

🔥POC github.com/h4x0r-dz/CVE-2…