Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


u0m3 last won the day on October 4 2019

u0m3 had the most liked content!

Community Reputation

413 Excellent

About u0m3

  • Rank
    Registered user
  • Birthday 12/14/1987

Profile Information

  • Gender
  • Location
  • Interests


  • Location

Recent Profile Visitors

6043 profile views
  1. Abstract: Browsers are complicated enough to have attack surface beyond memory safety issues. This talk will look into injection flaws in the user interface of Mozilla Firefox, which is implemented in JS, HTML, and an XML-dialect called XUL. With an Cross-Site Scripting (XSS) in the user interface attackers can execute arbitrary code in the context of the main browser application process. This allows for cross-platform exploits of high reliability. The talk discusses past vulnerabilities and will also suggest mitigations that benefit Single Page Applications and other platforms that may suffer
  2. Link: https://github.com/EdOverflow/can-i-take-over-xyz Este un repository pe GitHub ce contine discutii/lista cu CDN-uri sau alte servicii de web hosting, susceptibile la sub-domain take-over.
  3. Synopsis: Blog series about Alex Matrosov and Alexandre Gazet joint Black Hat research "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" presented last week in Vegas. Link: https://medium.com/@matrosov/breaking-through-another-side-bypassing-firmware-security-boundaries-85807d3fe604 Via:
  4. Series Overview This series is intended for readers who are interested in reverse engineering, but have only opened a debugger a handful of times. If you have trouble with certain concepts of reverse engineering, tooling, disassembly or debugging then you’ve come to the right place. Starting from the ground up we’ll work our way to advanced topics that aid in automating the reversal process such as heuristic analysis using a disassembly engine, and return oriented programming. If you’re new it’s recommended you start from the first article and work your way through the series, as it’s mea
  5. Description: Link: https://github.com/dowjones/hammer
  6. Oamenii acestia nu au "gandit in afara cutiei", ci "in afara sistemului solar"...
  7. Synopsis: A simple misconfiguration can lead to Stored XSS. Link: https://medium.com/@nahoragg/chaining-cache-poisoning-to-stored-xss-b910076bda4f
  8. Synopsis: In external and red team engagements, we often come across different forms of IP based blocking. This prevents things like password brute forcing, password spraying, API rate limiting, and other forms of IP blocking like web application firewalls (WAFs). IP blocking has always been a simple and common way of blocking potentially malicious traffic to a website. The general method of IP based blocking is to monitor for a certain type of request or behavior, and when it is found, disable access for the IP that the request or behavior came from. In this post, we walk thr
  9. Ce propune domnul @kadytgv este deja pus in aplicare de anumiti indivizi (nu stiu cu ce grad de succes). Website: https://www.tracelabs.org/ Promo:
  10. Ca sa va distrati putin si sa va gadilati paranoia https://iknowwhatyoudownload.com/en/peer/ (nu functioneaza decat cu IPv4). Parerea mea (total neavizata si lipsita de orice urma de importanta), daca vrei neaparat sa nu ai probleme, inchiriezi un server intr-un datancenter ce este intr-o tara cu legislatie mai laxa din acest punct de vedere (ideal ar fi si sediul acelei firme sa fie tot intr-o astfel de tara), si tii acolo clientul de torrents. Iar de acolo le iei prin ssh (scp/sftp). Daca ceea ce am prezentat mai sus suna prea complicat, o alta sugestie ar fi sa:
  11. Synopsis: Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more. Link: https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 Stiu ca e destul de "fumat" subiectul, dar mi s-a parut interesant articolul.
  12. Link: https://github.com/Kevin-Robertson/InveighZero Source:
  13. Title: Analysing RPC With Ghidra and Neo4j Synopsis: Hunting for new lateral movement techniques or interesting ways to execute code can be a nice way to sink some free time. With Windows spawning numerous RPC services on boot, finding unusual execution techniques is sometimes as simple as scratching just below the surface. And often the payoff far outweighs the time to discovery, with SOC or EDR vendors focusing on the more common published techniques, identifying a new way to introduce code execution on a host can throw a spanner in the works of the investigating team. In pr
  14. u0m3

    Fun stuff

    Asta e o postare in stilul Times New Roman, nu? Ca daca e realitatea... e vai de noi.
  • Create New...