November 14, 2024
November 14, 2024
I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful. https://t.co/BvwoP97hOS
— Steven (@0xthirteen) November 12, 2024
Carseat
Python implementation of GhostPack's Seatbelt situational awareness tool
GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool
Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat
Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂.https://t.co/CUKKpErYMG
— Pumpkin 🎃 (@u1f383) November 13, 2024
https://u1f383.github.io/slides/talks/2024_POC-How_I_use_a_novel_approach_to_exploit_a_limited_OOB_on_Ubuntu_at_Pwn2Own_Vancouver_2024.pdf
2024_POC-How_I_use_a_novel_approach_to_exploit_a_limited_OOB_on_Ubuntu_at_Pwn2Own_Vancouver_2024.pdf
how do you even defend from an army of these chasing you pic.twitter.com/bYzyJRbEtS
— vittorio (@IterIntellectus) November 12, 2024
If you missed my talk at @BlackAlpsConf , you can find the slide deck in my usual repo !
— OtterHacker (@OtterHacker) November 12, 2024
The talk should be published in the end of the year !https://t.co/hdGwIv2KgB
✍️ Exploiting an RCE Vulnerability in the Solana validator by @g1n04h https://t.co/bYu0a8SSenhttps://t.co/0rxxr1IvlK
— Alex Plaskett (@alexjplaskett) November 13, 2024
GitHub - watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit: Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE - https://t.co/3UK6DNkox1
— blueblue (@piedpiper1616) November 12, 2024
[#POC2024] Slides are up NOW!https://t.co/BXqF1wYUIO
— POC_Crew 👨👩👦👦 (@POC_Crew) November 14, 2024
Note that blank spaces will be updated shortly with the latest version of the slides 😘 pic.twitter.com/m3ZSzZVVmE
🚨 Awesome Lazarus Pivot Alert! 🚨
— Chris Duggan (@TLP_R3D) November 13, 2024
Group-IB just released their latest findings on "Stealthy Attributes of APT Lazarus." You can check it out here: https://t.co/rnI9xUkpBC. 👀
I initially flagged these IPs back in August 2024, highlighting the infrastructure linked to North… pic.twitter.com/TmsgGvTTvM
An investigation into a suspicious insurance claim filed by four Los Angeles-area residents revealed a scheme where someone wore a bear costume and scratched up the inside of three cars, officials said.
— ABC7 Eyewitness News (@ABC7) November 14, 2024
Get the details at https://t.co/lcXKmWJnJM pic.twitter.com/k74BJu4s8R
I heard that we "need more secure software, not more security software".
— lcamtuf (@lcamtuf) November 13, 2024
I think the two are orthogonal. Most security products aren't meant to mitigate software bugs. They help manage enterprises - in particular, catch human mistakes & malicious actors, and keep track of goods.
Interesting Gmail Prv-Esc Exploit you can exploit most organization that use @GoogleWorkspace, and won't be fixed indicated by Google.
— retr0reg (@retr0reg) November 13, 2024
I found this unintentional when working on SMTP/ DMARC, and accidentally forged my head-of-school's gmail account, bypassed access-control, and… pic.twitter.com/ORqHGeUkU3
