ocdsec's Avatar

ocdsec

@ocdsec.bsky.social

๐Ÿดโ€โ˜ ๏ธ ๐Ÿ’š ๐Ÿ‡บ๐Ÿ‡ฆ computer tester | 603,628 kmยฒ

202 Followers  |  473 Following  |  11 Posts  |  Joined: 14.11.2024  |  2.0452

Latest posts by ocdsec.bsky.social on Bluesky

Preview
China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing.

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

02.08.2025 22:43 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
New Batavia spyware targets Russian industrial enterprises Since March 2025, fake contract emails have been spreading Batavia spyware in targeted attacks on Russian organizations.

New Batavia spyware targets Russian industrial enterprises

07.07.2025 20:05 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

06.06.2025 23:44 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Powershell: after 5 "type .\5\test.txt" calls, the test.txt file is a symlink to win.ini CMD: A single "type .\6\test.txt" call results in every single file being printed, including the final win.ini symlink

Powershell: after 5 "type .\5\test.txt" calls, the test.txt file is a symlink to win.ini CMD: A single "type .\6\test.txt" call results in every single file being printed, including the final win.ini symlink

From over at the Bad Place:
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/

Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will [โ€ฆ]

[Original post on infosec.exchange]

25.02.2025 22:49 โ€” ๐Ÿ‘ 17    ๐Ÿ” 13    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

This is what I personally did back when I was involved in cybercrime. We'd host all our servers in Russia, transfer payments via Russian banks, and route all our traffic through Russian residential ISPs, which typically resulted in most authorities not even bothering to investigate further. 7/?

15.04.2025 19:37 โ€” ๐Ÿ‘ 32    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
cybercrime zeroday faded tee

cybercrime zeroday faded tee

cybercrime
but its bigger
and on both sides.

27.03.2025 01:34 โ€” ๐Ÿ‘ 50    ๐Ÿ” 9    ๐Ÿ’ฌ 6    ๐Ÿ“Œ 2
Preview
GitHub - DarkSpaceSecurity/RunAs-Stealer: RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging - DarkSpaceSecurity/RunAs-Stealer
09.03.2025 20:19 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Well there are lots of people who have been treating Google and many others like that for ages, and this is why the solutions are already out.

You lose convenience the deeper you go, but the solutions are there.

01.03.2025 21:59 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

well they exist ^^

01.03.2025 21:51 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

VulnCheck has extracted and made a list of all the CVEs mentioned in a recent leak from the internal Matrix chat server of the BlackBasta ransomware group.

The list includes 62 vulnerabilities.

VulnCheck says the group focuses on CVEs with already public exploits

vulncheck.com/blog/black-b...

24.02.2025 22:32 โ€” ๐Ÿ‘ 26    ๐Ÿ” 8    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

I cannot overstate the value of being in community with other activists right now. It is what gives me the strength to get up in the morning and fight fascism.

24.02.2025 20:53 โ€” ๐Ÿ‘ 1852    ๐Ÿ” 205    ๐Ÿ’ฌ 64    ๐Ÿ“Œ 20
Preview
Fake GitHub projects distribute stealers in GitVenom campaign Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.

"Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code"

Campaign delivers an infostealer, obviously. The threat-du-jour these days

securelist.com/gitvenom-cam...

25.02.2025 01:04 โ€” ๐Ÿ‘ 9    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Detonating Beacons to Illuminate Detection Gaps โ€” Elastic Security Labs Learn how Elastic Security leveraged open-source BOFs to achieve detection engineering goals during our most recent ON week.
18.01.2025 19:59 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - antitree/seccomp-diff Contribute to antitree/seccomp-diff development by creating an account on GitHub.

I just finished our #shmoocon talk on container security. Here's my seccomp bpf disassembler and diffing tool.

github.com/antitree/sec...

11.01.2025 16:39 โ€” ๐Ÿ‘ 38    ๐Ÿ” 12    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Post image

Diving into ADB protocol internals:

part 01: www.synacktiv.com/publications...

part 02: www.synacktiv.com/en/publicati...

#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering

02.01.2025 15:43 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.

These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com pentesterlab.com/blog/jwt-alg... & pentesterlab.com/blog/another... nice one @snyff.pentesterlab.com!

22.12.2024 19:06 โ€” ๐Ÿ‘ 20    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
ะšัƒั€ั ั€ัƒะฑะปั ั€ัƒั…ะฝะตั‚ ะดะพ 200 ะทะฐ ะดะพะปะปะฐั€: ัะบะพะฝะพะผะธัั‚ ะฒ ะ ะค ะฟั€ะตะดัƒะฟั€ะตะดะธะป ะพ ะฟั€ะธะฑะปะธะถะตะฝะธะธ ะบะฐั‚ะฐัั‚ั€ะพั„ั‹ โ€“ ะกะœะ˜ ะ’ ะ ะพััะธะธ ัะบะพะฟะธะปะฐััŒ ะพะณั€ะพะผะฝะฐั ั€ัƒะฑะปั‘ะฒะฐั ะผะฐััะฐ, ะบะพั‚ะพั€ะฐั ัƒะถะต ะฒัะบะพั€ะต ั…ะปั‹ะฝะตั‚ ะฝะฐ ั€ั‹ะฝะพะบ ะธ ะฒั‹ะทะพะฒะตั‚ ะผะฐััะพะฒั‹ะน ัะฟั€ะพั ะฝะฐ ะฒะฐะปัŽั‚ัƒ, ัั‚ะพ ะพะฑะฒะฐะปะธั‚ ะบัƒั€ั ั€ัƒะฑะปั ะบะฐะบ ะผะธะฝะธะผัƒะผ ะดะพ 200 ะทะฐ ะดะพะปะปะฐั€.

Ruble to fall to 200 per dollar: Russian economist warns of approaching catastrophe โ€“ media

ั‡ะธั‚ะฐะนั‚ะต ะฟะพะดั€ะพะฑะฝะตะต ะฝะฐ ัะฐะนั‚ะต "ะ”ะธะฐะปะพะณ.UA": www.dialog.ua/business/306...

19.12.2024 14:44 โ€” ๐Ÿ‘ 15    ๐Ÿ” 8    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 0
Preview
Weaponizing WDAC: Killing the Dreams of EDR
21.12.2024 00:16 โ€” ๐Ÿ‘ 6    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers Find out about the Next.js vulnerability CVE-2024-51479 that could have exposed sensitive data. Take necessary measures to secure your Next.js application.

Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."

securityonline.info/...

20.12.2024 04:52 โ€” ๐Ÿ‘ 12    ๐Ÿ” 5    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

The #OpenBSD Foundation is currently at ~$230,280 (65%) raised of the $350,000 goal for their 2024 Fundraising Campaign, and it's nearly the end of December. ๐Ÿก

www.openbsdfoundation.org/campaign2024...

www.openbsdfoundation.org/donations.html

Donations fund events for developers, infra. costs.

18.12.2024 22:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Various Ways to Be an Asshole with Runtime PE Decryption I am currently procrastinating undoing the mess I made with CMake files for a bigger project Iโ€™m working on. Itโ€™s not hardโ€“ itโ€™s just annoying, and I have no one to blame but myself. I did this intent...

I did a blog instead of working on my projects again. This time a maldev blog talkin' about PE runtime decryption and other ways to be an asshole to the analyst. amethyst.systems/blog/posts/v... #infosec #malware

07.12.2024 20:18 โ€” ๐Ÿ‘ 29    ๐Ÿ” 11    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Objective by the Sea v7.0 - Day 2
YouTube video by Objective-See Foundation Objective by the Sea v7.0 - Day 2

The #OBTS day 2 livestream is on!

www.youtube.com/watch?v=Nm0z...

06.12.2024 21:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Decrypting CryptProtectMemory without code injection

Decrypting CryptProtectMemory without code injection:

blog.slowerzs.net/posts/cryptd...

#crypto #decryption #cybersecurity #informationsecurity #rdp #windows #programming

05.12.2024 23:16 โ€” ๐Ÿ‘ 9    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

"We can now share that our latest investigation also found links between some of Doppelgangerโ€™s activities and individuals associated with MGIMO (Moscow State Institute of International Relations)."

via Meta/PDF: scontent.fotp7-2.fna.fbcdn.net/v/t39.8562-6...

04.12.2024 22:49 โ€” ๐Ÿ‘ 11    ๐Ÿ” 6    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
NTLM Relaying - Making the Old New Again | JUMPSEC LABS I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permissioned ...

NTLM Relaying โ€“ Making the Old New Again
labs.jumpsec.com/ntlm-relayin...

29.11.2024 15:27 โ€” ๐Ÿ‘ 8    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
ADCS Exploitation Seriesโ€Šโ€”โ€ŠPart 2: Certificate Mapping + ESC15 Certificate mapping is the process at the heart of multiple ADCS vulnerabilities, so I thought it would be appropriate to dedicate it itsโ€ฆ

Great article on ESC15 especially after you realise PKInit won't work to auth but there is a workaround supplied too.

medium.com/@offsecdeer/...

15.11.2024 07:58 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@ocdsec is following 20 prominent accounts