June 5, 2022

                June 5, 2022

            June 5, 2022

JF Bastien @jfbastienI often think about this (now deleted) @johnregehr tweet:

C is awesome because it defers problems to runtime, at which point people might not be able to find me.9:04 PM ∙ Jul 31, 2020
1,049Likes207Retweets-
How to exploit the confluence 0day.
HTTPVoid @httpvoid0x2f
Thread - Confluence Blind OGNL Injection analysis from our limited java knowledge. From vulnerable sink to becoming admin of the confluence instance. #CVE-2022-26134. Tested on latest vulnerable version 7.18.0.3:16 AM ∙ Jun 4, 2022
399Likes117Retweets
-
If you want to have a simple private Tor-alike system, this seems like a good starting place.
UPnProxyChain: a Tool to Exploit Devices Vulnerable to UPnProxy

https://shufflingbytes.com/posts/upnproxychain-a-tool-to-exploit-devices-vulnerable-to-upnproxy/

Code: 

https://github.com/ValtteriL/UPnProxyChain

ProTip:
nmap -sU -p 1900 —script=upnp-info <target>
And if you want to fuck with the above:

https://github.com/chadillac/UPnProxyPot

-
In completely unrelated news, for the first time the Russia authorities are saying something in public about the last three months of non stop hacking.
Lukasz Olejnik @lukOlejnikRussia will make executives personally liable for cyber/information security. "it has been pentesting (finding vulnerabilities for a reward by “white hackers”) by the whole world for 3 months now". The government is aware of the recent "free audits" ... gazeta.ru/tech/2022/05/3…
3:13 PM ∙ Jun 4, 2022
11Likes4Retweets
Crypto. Scam. Fraud. (Strong, “and nothing of value was lost” vibe)
OKHotshot @NFTherder
🚨BAYC & OtherSide discords got compromised‼️

Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen 

Proper permissions could prevent this 
10:46 AM ∙ Jun 4, 2022
1,267Likes497Retweets
-
Longhorn @never_released
Horrifying out of Microsoft. The false positive rate won't be exactly pretty...

I wouldn't be surprised if this results in quite some communications in affected orgs being moved to other channels... 
1:37 PM ∙ Jun 3, 2022
1,163Likes292Retweets
Dave, 2022 edition @6502_ftw
These are prime examples of what happens when you develop a piece of technology without stopping to think how it could be misused. 
Longhorn @never_releasedHorrifying out of Microsoft. The false positive rate won't be exactly pretty...

I wouldn't be surprised if this results in quite some communications in affected orgs being moved to other channels... https://t.co/EY3I2cGVad2:12 PM ∙ Jun 3, 2022
341Likes124Retweets
-
God Is A Tulpa @kristy_clueless
I love how every part of this headline is pure chaos 
10:42 AM ∙ Jun 4, 2022
11,958Likes2,099Retweets
-
Andrew Kelley @andy_kelley
Who called it "malloc()" and not "see_you_later_allocator()" ?9:09 PM ∙ Jun 3, 2022
7,119Likes918Retweets
-
This is excellent.

-
Omri Elisha @AnthroOmri
We memorized phone numbers. We memorized driving directions. No one knew what we looked like. No one could reach us. We were gods.8:45 PM ∙ Nov 13, 2021
120,703Likes15,692Retweets
-
UAV records itself getting shot down.

-
raptor @0xdeaIs exploiting a NULL pointer deref for LPE just a pipe dream?

Very cool Windows vuln-dev blog post by @izobashi

thezdi.com/blog/2022/6/1/…
7:33 AM ∙ Jun 5, 2022
13Likes3Retweets
-
Dreadnought Holiday @TheDreadShips
As old Shakespeare (W) nearly put it, some are born misfortunate, some achieve misfortune, and others have misfortune thrust upon them.

And sailing into the heart of the Venn diagram of unfortunate outcomes, albeit just a little bit late, comes Vice Admiral John Nevell. 
9:54 PM ∙ May 30, 2022
164Likes39Retweets
-
Archaeology & Art @archaeologyart
The Roman Empire’s 250,000 miles of road re-imagined as a subway transit map. Created by Sasha Trubetskoy @sasha_trub. 
8:59 PM ∙ Jun 2, 2022
5,546Likes1,437Retweets

Don't miss what's next. Subscribe to the grugq's newsletter: