root

New Protocol Vulnerabilities: CVE-2024-7595/7596 & CVE-2025-23018/23019 Over 4.2 million VPN servers, private home routers and other network hosts are vulnerable to hijacking due using tunneling protocols without security.

For more info and a demol video, see the article by @simonmigliano.bsky.social at top10vpn.com/research/tun...

IT admins can request access to our code to test servers (code is not yet public to prevent abuse): github.com/vanhoefm/tun...

Academic paper: papers.mathyvanhoef.com/usenix2025-t...

14.01.2025 14:12 — 👍 10    🔁 6    💬 1    📌 2

Tales from the Scottish-Sounding Anti Virus Company No. 1: In The Beginning

Sure!

Here's the story of my first day on the job: www.reddit.com/r/talesfromt...

And something from my 20th anniversary in the industry: www.welivesecurity.com/2010/07/16/a...

Hope you find them interesting reading. :)

06.12.2024 02:51 — 👍 2    🔁 1    💬 0    📌 0

Would love to read something about the AV industry in its early phase.
Can you share some stories / anecdotes from the “good ol’ days“? Or maybe just a “day in the life”, description of what work you did and describing the company, cultures, characters and the viruses itself.

05.12.2024 21:36 — 👍 1    🔁 0    💬 1    📌 0

Excited to share a tool I've been working on - ShadowHound.
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them.

blog.fndsec.net/2024/11/25/s...

25.11.2024 12:25 — 👍 32    🔁 10    💬 0    📌 1

Shows the contents of 123.rule, that adds the number 1, 2 and 3 after a word and abc.rule, that adds a, b and c after a word. The third command shows hashcat being used with 123.rule and abc.rule used with the word hashcat as wordlist. The output generates hashcat1a, hashcat2a etc until hashcat3c as final output on the last line.

Trouble cracking password hashes? Remember that #hashcat can stack (combine) rules. Just use:
▪️-r 1.rule -r 2.rule

You can even add more rules, but it will quickly use a lot of memory. Save the rules that cracked a hash with:
▪️--debug-mode=1 --debug-file=found.rule

21.11.2024 11:19 — 👍 1    🔁 0    💬 0    📌 0

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerab...

Fortimanager Unauthenticated Remote Code Execution
AKA fortijump
CVE-2024-47575

💾 PoC:
github.com/watchtowrlab...

🔖 Blog post:
labs.watchtowr.com/hop-skip-for...

14.11.2024 23:14 — 👍 2    🔁 0    💬 0    📌 0

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

30.03.2024 17:13 — 👍 688    🔁 276    💬 7    📌 15

Handshakes overview of the tool.

AngryOxide
802.11 Attack tool built in Rust 🦀
github.com/Ragnt/AngryO...

The documentation is pretty nice, also has recommendations for WiFi hardware.
github.com/Ragnt/AngryO...

11.02.2024 20:17 — 👍 1    🔁 0    💬 0    📌 0

37C3: Unlocked The 37th Chaos Communication Congress (37C3) takes place in Hamburg, 27.-30.12.2023, and is the 2023 edition of the annual four-day conference on technology,...

Youtube link for #CCC #37C3
youtube.com/playlist?lis...

27.12.2023 23:20 — 👍 0    🔁 0    💬 0    📌 0

37C3: Unlocked - media.ccc.de Video Streaming Portal des Chaos Computer Clubs

#CCC #37c3 Chaos Communication Congress

Streaming media
streaming.media.ccc.de/37c3/
Videos archived
media.ccc.de/c/37c3
Schedule
fahrplan.events.ccc.de/congress/202...

27.12.2023 23:11 — 👍 4    🔁 1    💬 0    📌 0

For the losers like me who don’t know Freedom 🦅 Units that are universally used in 🇺🇸🇲🇲🇱🇷; 48F is ~8,9 °C.

26.12.2023 19:15 — 👍 1    🔁 0    💬 0    📌 0