Discover and read the best of Twitter Threads about #zeroDay
Most recents (8)
@ParrotCapital @JackInabinet @9thdecimal @Cryptadamist @MikeBurgersburg @ExkrementKoin @crypto1nfern0 @vidar_research @AureliusValue @AlderLaneEggs @Annihil4tionGod what we are witnessing is akin to what happens when a hacker targets a vulnerability in a system and is able to release malware and it causes havoc to its target.
@ParrotCapital @JackInabinet @9thdecimal @Cryptadamist @MikeBurgersburg @ExkrementKoin @crypto1nfern0 @vidar_research @AureliusValue @AlderLaneEggs @Annihil4tionGod There is literally hundreds of zero day attacks in crypto. But rather than addressing bad actors and patching vulnerabilities in the ecosystem. - they were embraced as innovation - literal onramps to the promised land.
@ParrotCapital @JackInabinet @9thdecimal @Cryptadamist @MikeBurgersburg @ExkrementKoin @crypto1nfern0 @vidar_research @AureliusValue @AlderLaneEggs @Annihil4tionGod The Signet walled garden is a perfect example - if a bad actor gets into your walled garden as soon as its flagged you excise them and patch the vunerability. If you don't they propagate and destroy your garden. Instead those who could have, should have taken action
🚨 Halborn discovered massive #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!
🧵👇...
🧵👇...
1/ In March 2022, Halborn started to evaluate #dogecoin under a contract and found several vulnerabilities which were fixed by the Dogecoin team.
Since your malicious cyberattack timelines matched cybersecurity’s research to strengthen security for years and now, you hack alone but with a cooperative goal to damage national security. Which Advanced Persistent Threats group/s #APTs are you in, #Animez_UK? 
Converting traditional crime to cyber-enabled crime and becomes a malicious attacker against the UK, for
1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.
#Animez_UK
1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.
#Animez_UK
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
#Animez_UK
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
#Animez_UK
Having fun with cyberstalking #UKGOV, attacking organisations, universities & individuals connected to the justice system, UK #military against #NCSC, treating #intelligence & #GCHQ as jokes to your 15- 20 yrs malicious #hacking for #China & #Russia inside #Britain, @Animez_UK?01
Converting #traditional crime to cyber-enabled crime and becomes a malicious #cyberattacker against the UK, for
1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.
@Animez_UK @NCSC
02
1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.
@Animez_UK @NCSC
02
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
@Animez_UK @NCSC
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
@Animez_UK @NCSC
🚨 Halborn Discovers Zero-Day in CosmWasm 🚨
Read below for a 🧵 on our zero-day vulnerability in @CosmWasm smart contracts across 20+ blockchains…
Read below for a 🧵 on our zero-day vulnerability in @CosmWasm smart contracts across 20+ blockchains…
1/ Last month, Halborn security researcher @OwlAtNite discovered a #zeroday vulnerability from the lack of normalization of addresses in Bech32 specification (a format for SegWit addresses) in #CosmWasm.
2/ This critical vulnerability allows an attacker to bypass validity checks or break storage keys🔑 under certain conditions.
Want to find RCE on Web Applications? 🚀
Here are some ways to escalate or direct RCEs in Bug Bounties
A thread🧵
#bugbounty #bugbounties #wapt #rce #zeroday
Here are some ways to escalate or direct RCEs in Bug Bounties
A thread🧵
#bugbounty #bugbounties #wapt #rce #zeroday
1. LFI with Log Poisoning :
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…
(2/n)
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…
(2/n)
2. Via File Upload :
➼ Upload .php reverse shell
➼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
➼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
➼ Upload .php reverse shell
➼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
➼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
a NSO diz que seu spyware PEGASUS é "só" para combater crime e terror, e que os governos que usam o sistema se limitam a isso.
NA VERDADE, o software é vendido a governos autoritários e corruptos e usado para PERSEGUIR oponentes, ativistas e jornalistas: bit.ly/3ewjj11.
NA VERDADE, o software é vendido a governos autoritários e corruptos e usado para PERSEGUIR oponentes, ativistas e jornalistas: bit.ly/3ewjj11.
#PEGASUS transforma qualquer smartphone num dispositivo de #VIGILÂNCIA 24/7/365. captura seus contatos, chamadas de áudio e vídeo, mensagens que você envia ou recebe, rouba fotos. ativa câmera, microfone, GPS,... e ainda pode descobrir com quem você anda: bit.ly/2VQxOpT.
EM 2019, #WhatsApp revelou que #PEGASUS tinha invadido 1.400+ dispositivos, explorando uma vulnerabilidade #zeroDay. fazia uma chamada e, mesmo que o alvo NÃO atendesse, o código se instalava e desaparecia do radar. bit.ly/3evOKsu. mas o ZAP era, e é SÓ uma das entradas.
Keeping up to date...
Here we go again, this time - 14.0 release
