π Exciting Weekend Project Reveal: wpad.je Tracker π π I'm thrilled to share the results of my latest weekend project: the wpad.je Tracker! This innovative tool provides fascinating insights into web traffic patterns and proxy usage. https://wpad.je π₯οΈ Top Stats After Just One Weekend: 273 requests from a single IP (99.65.78.*) 463 requests
Bolt.new: The Public Workspace Roulette - Stackblitz's Unintended Feature In the world of technology, there's often a fine line between a "feature" and a "vulnerability." Recently, I stumbled upon a very interesting quirk in Stackblitz's new service, Bolt.new, and well... let's just say it might make you question
The Day I Almost Became a Solar Supervillain Picture this: It's a scorching summer day, and I'm sitting in my dimly lit home office, cursing at my air conditioner for choosing the hottest day of the year to break down. As I fan myself with an old magazine, I start daydreaming about having unlimited
Exchange π for now and ever Drei Monate nach der #Cybersicherheitswarnung des @BSI_Bund zu #verwundbaren #Exchange-Servern (https://t.co/dbWKEr4FpR) sind aktuell noch immer mindestens 42% bzw. 18.000 der Exchange-Server mit offenem #OWA in Deutschland fΓΌr eine oder mehrere #RCE-#Schwachstellen verwundbar. pic.twitter.com/LxDDaKouBX β CERT-Bund (@certbund) June 18, 2024 Exchange on Premise,
Bye Bye pcTattletale - When your SHIT hits the fan Over the last week, I enjoyed seeing how a stupid stalkerware provider was completely knocked out. It all started on the 22nd of May, when TechCrunch reported about "Spyware found on US hotel check-in computers". A week before the security researcher Eric Daigle contacted TechCrunch about the issue.
Cyberwar β€οΈ The way I like It seems that in russia a LED wall has been hijacked. The text "Happy new year!" has been replaced by "Slava Ukraini!" instead. A Russian from Velikiy Novgorod city has purchased Christmas lights that were supposed to spell "Happy new year!" He received lights
Operation Triangulation The guys from Kaspersky revealed a crazy iOS attack chain that they caught in action against some of their employees. The complete attack chain is just millions of $$$ in exploit prices. For example, the initial PDF exploit is caused by a True Type code part from the early 90s. 25
My Google Play API Today it finally happened, after more than a decade of mobile app pentests and security reviews I was so fucking bored of how complicated it could be to just get the latest APK of a certain Android App without using a real Android device or a proper Emulator with all
Current Twitter Phish My timeline is currently flooded with posts like the following: Following the link https://funroundy.online/twitterworth will bring you to a Twitter app that want's some all permissions to completely take over your account. So be aware and always use your brain :)
When M$ fails to RTFM I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts. How did I do it? Well, it all started with a simple click in @Azureβ¦ π This is the story of #BingBang π§΅β¬οΈ pic.twitter.com/9pydWvHhJs β Hillai Ben-Sasson (@hillai) March 29,
Cropping images should be easy Let's begin with an AI written feature description of a modern image cropping function: π‘Crop images to remove any unwanted elements with precision and finesse. Utilizing my experience and expertise, I can craft your desired product from a photo with detailed accuracy. Crafting with care and attention-to-detail, no
IT Outsourcing it almost never works That's my personal opinion, that I collected over almost two decades of all weird IT stories. The following story makes me also believe, that Microsoft choose a shady supplier ββββββββββββββββββfor some support tasks. I can't believe it. My official Microsoft Store Windows 10 Pro key wouldn&
Good and cheap VPS'es As a security guy, I like to explore the Internetz. Therefore, having a system with good connectivity and sufficient resources is key. Over the years I tested a lot.β For some of the short-living tasks, I just start an instance on AWS, Linode or DigitalOceans. All have their pros and
Welcome 2023 with lot's of memes Hi guys, new year, worls is still collapsing. So, as this trend is going on and so much weird things are happening on a daily basis. I think it's time to spread some love/hate with more memes. Thankfully, https://github.com/jacebrowning provides a very feature-rich meme
/imagine prompt:hacker in cyberpunk style holding a commodore 64 Let's add some more doomsday atmosphere β οΈ β’οΈ β οΈ There are several ways to make use of AI for your art skills :D Because I'm lazy, I just added the Midjourney Bot to my own Discord server. You can find it in the App Directory: Then it's
RFC3966: Parsing phone numbers is hard :D Did you know you can hide your payloads in phone numbers? βοΈπ± RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!π₯#BugBountyTips #NahamCon2022EU pic.twitter.com/tNUVyZu7Oz β INTIGRITI (@intigriti) December 17, 2022
Log4Shell one year later They are pretty cozy! π #log4shell #anniversary https://t.co/Uv7Ld7S0zu pic.twitter.com/F7r4UKxd7z β Alvaro MuΓ±oz πΊπ¦ (@pwntester) December 14, 2022
Bookmarklet to extract all URLs from DOM I've created a javascript bookmarklet that will extract all endpoints (starting with /) from your current DOM and from all the all the external script sources embedded on the page. You can find it here, if you want to try it out:https://t.co/1geip38VIh#bugbountytips pic.twitter.
ChatGPT for Hackers Unleashing the Power of ChatGPT for Bug Bounty and Penetration Testing Credit: @cyph3r_asrhttps://t.co/HcFDcro9s8 #cybersecuritytips #infosec #ChatGPT #bugbountytips #hacking β 7h3h4ckv157 (@7h3h4ckv157) December 6, 2022 Very nice summary about all kind of security stuff, that people already used ChatGPT for. Unleashing the Power of ChatGPT for Bug Bounty
ASUS are the masters of failsafe code Dear @ASUS , I guess this is not the right way π #bugbounty pic.twitter.com/oVK6cxNcY6 β Akash Pawar ~ ΰ€΅ΰ₯ΰ€°ΰ€Ύ (@0xVeera) December 11, 2022 Let's think about that brilliant code behind ... otp = RANDOM_INT(6) user.session.otp = otp if sms.gateway.isAlive(): sms.gateway.send(user.number, otp)
Let's start some more regular blogging ... I run this blog since 2015 and as you can see, I was able to publish two posts :-D Sooo, today Β I will start to ab(use) this place for my regular shitposts :)
Blaupunkt Smart Home Alarm Q3x00 vulns Introduction As IoT is a huge topic nowadays and a lot of vulnerabilities have been found on that devices during the last months my team and I took a quick look at the IP based Smart Home Alarm system Q3000 of Blaupunkt. The system consists of a controller called ("
Advanced CSRF Attacks against Modems, Routers, Accesspoints and other internal network devices Introduction In 2014 a lot of vulnerabilities were detected in SOHO devices. In addition to critical flaws, which allow unauthenticated attackers to execute arbitrary code, there are a mass of CSRF vulnerabilities which allow a remote attacker to change different settings within the vulnerable SOHO devices. There is also an