ocdsec's Avatar

ocdsec

@ocdsec.bsky.social

๐Ÿดโ€โ˜ ๏ธ ๐Ÿ’š ๐Ÿ‡บ๐Ÿ‡ฆ computer tester | 603,628 kmยฒ

198 Followers  |  490 Following  |  11 Posts  |  Joined: 14.11.2024  |  1.6695

Latest posts by ocdsec.bsky.social on Bluesky

Preview
GitHub - pard0p/LibIPC: LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes. LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes. - pard0p/LibIPC

LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes.

github.com/pard0p/LibIPC

02.11.2025 11:29 โ€” ๐Ÿ‘ 5    ๐Ÿ” 4    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Update on OpenBSD Networking Performance Improvements EuroBSDCon 2025 Since my previous talk about this topic in 2022 major improvements in the OpenBSD network stack have been achieved. The socket API has been unlocked in the kernel. This means that multiple userland ...

Slides from Alexander Bluhm (bluhm@)'s talk "Update on #OpenBSD Networking Performance Improvements" today at #EuroBSDcon 2025.

www.openbsd.org/papers/eurob...

28.09.2025 23:42 โ€” ๐Ÿ‘ 1    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) - Help Net Security The CVEโ€‘2025โ€‘6543 NetScaler ADC vulnerability - patched in late June 2025 - has been exploited as a zero-day vulnerability since May 2025.

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)

12.08.2025 16:10 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Preview
New Batavia spyware targets Russian industrial enterprises Since March 2025, fake contract emails have been spreading Batavia spyware in targeted attacks on Russian organizations.

New Batavia spyware targets Russian industrial enterprises

07.07.2025 20:05 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

06.06.2025 23:44 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Powershell: after 5 "type .\5\test.txt" calls, the test.txt file is a symlink to win.ini CMD: A single "type .\6\test.txt" call results in every single file being printed, including the final win.ini symlink

Powershell: after 5 "type .\5\test.txt" calls, the test.txt file is a symlink to win.ini CMD: A single "type .\6\test.txt" call results in every single file being printed, including the final win.ini symlink

From over at the Bad Place:
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/

Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will [โ€ฆ]

[Original post on infosec.exchange]

25.02.2025 22:49 โ€” ๐Ÿ‘ 17    ๐Ÿ” 13    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

This is what I personally did back when I was involved in cybercrime. We'd host all our servers in Russia, transfer payments via Russian banks, and route all our traffic through Russian residential ISPs, which typically resulted in most authorities not even bothering to investigate further. 7/?

15.04.2025 19:37 โ€” ๐Ÿ‘ 32    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
cybercrime zeroday faded tee

cybercrime zeroday faded tee

cybercrime
but its bigger
and on both sides.

27.03.2025 01:34 โ€” ๐Ÿ‘ 49    ๐Ÿ” 9    ๐Ÿ’ฌ 6    ๐Ÿ“Œ 2
Preview
GitHub - DarkSpaceSecurity/RunAs-Stealer: RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging - DarkSpaceSecurity/RunAs-Stealer
09.03.2025 20:19 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Well there are lots of people who have been treating Google and many others like that for ages, and this is why the solutions are already out.

You lose convenience the deeper you go, but the solutions are there.

01.03.2025 21:59 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

well they exist ^^

01.03.2025 21:51 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

VulnCheck has extracted and made a list of all the CVEs mentioned in a recent leak from the internal Matrix chat server of the BlackBasta ransomware group.

The list includes 62 vulnerabilities.

VulnCheck says the group focuses on CVEs with already public exploits

vulncheck.com/blog/black-b...

24.02.2025 22:32 โ€” ๐Ÿ‘ 26    ๐Ÿ” 8    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

I cannot overstate the value of being in community with other activists right now. It is what gives me the strength to get up in the morning and fight fascism.

24.02.2025 20:53 โ€” ๐Ÿ‘ 1834    ๐Ÿ” 204    ๐Ÿ’ฌ 63    ๐Ÿ“Œ 20
Preview
Fake GitHub projects distribute stealers in GitVenom campaign Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.

"Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code"

Campaign delivers an infostealer, obviously. The threat-du-jour these days

securelist.com/gitvenom-cam...

25.02.2025 01:04 โ€” ๐Ÿ‘ 9    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Detonating Beacons to Illuminate Detection Gaps โ€” Elastic Security Labs Learn how Elastic Security leveraged open-source BOFs to achieve detection engineering goals during our most recent ON week.
18.01.2025 19:59 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - antitree/seccomp-diff Contribute to antitree/seccomp-diff development by creating an account on GitHub.

I just finished our #shmoocon talk on container security. Here's my seccomp bpf disassembler and diffing tool.

github.com/antitree/sec...

11.01.2025 16:39 โ€” ๐Ÿ‘ 38    ๐Ÿ” 11    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Post image

Diving into ADB protocol internals:

part 01: www.synacktiv.com/publications...

part 02: www.synacktiv.com/en/publicati...

#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering

02.01.2025 15:43 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.

These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com pentesterlab.com/blog/jwt-alg... & pentesterlab.com/blog/another... nice one @snyff.pentesterlab.com!

22.12.2024 19:06 โ€” ๐Ÿ‘ 20    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
ะšัƒั€ั ั€ัƒะฑะปั ั€ัƒั…ะฝะตั‚ ะดะพ 200 ะทะฐ ะดะพะปะปะฐั€: ัะบะพะฝะพะผะธัั‚ ะฒ ะ ะค ะฟั€ะตะดัƒะฟั€ะตะดะธะป ะพ ะฟั€ะธะฑะปะธะถะตะฝะธะธ ะบะฐั‚ะฐัั‚ั€ะพั„ั‹ โ€“ ะกะœะ˜ ะ’ ะ ะพััะธะธ ัะบะพะฟะธะปะฐััŒ ะพะณั€ะพะผะฝะฐั ั€ัƒะฑะปั‘ะฒะฐั ะผะฐััะฐ, ะบะพั‚ะพั€ะฐั ัƒะถะต ะฒัะบะพั€ะต ั…ะปั‹ะฝะตั‚ ะฝะฐ ั€ั‹ะฝะพะบ ะธ ะฒั‹ะทะพะฒะตั‚ ะผะฐััะพะฒั‹ะน ัะฟั€ะพั ะฝะฐ ะฒะฐะปัŽั‚ัƒ, ัั‚ะพ ะพะฑะฒะฐะปะธั‚ ะบัƒั€ั ั€ัƒะฑะปั ะบะฐะบ ะผะธะฝะธะผัƒะผ ะดะพ 200 ะทะฐ ะดะพะปะปะฐั€.

Ruble to fall to 200 per dollar: Russian economist warns of approaching catastrophe โ€“ media

ั‡ะธั‚ะฐะนั‚ะต ะฟะพะดั€ะพะฑะฝะตะต ะฝะฐ ัะฐะนั‚ะต "ะ”ะธะฐะปะพะณ.UA": www.dialog.ua/business/306...

19.12.2024 14:44 โ€” ๐Ÿ‘ 15    ๐Ÿ” 8    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 0
Preview
Weaponizing WDAC: Killing the Dreams of EDR
21.12.2024 00:16 โ€” ๐Ÿ‘ 5    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers Find out about the Next.js vulnerability CVE-2024-51479 that could have exposed sensitive data. Take necessary measures to secure your Next.js application.

Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."

securityonline.info/...

20.12.2024 04:52 โ€” ๐Ÿ‘ 11    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

The #OpenBSD Foundation is currently at ~$230,280 (65%) raised of the $350,000 goal for their 2024 Fundraising Campaign, and it's nearly the end of December. ๐Ÿก

www.openbsdfoundation.org/campaign2024...

www.openbsdfoundation.org/donations.html

Donations fund events for developers, infra. costs.

18.12.2024 22:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Various Ways to Be an Asshole with Runtime PE Decryption I am currently procrastinating undoing the mess I made with CMake files for a bigger project Iโ€™m working on. Itโ€™s not hardโ€“ itโ€™s just annoying, and I have no one to blame but myself. I did this intent...

I did a blog instead of working on my projects again. This time a maldev blog talkin' about PE runtime decryption and other ways to be an asshole to the analyst. amethyst.systems/blog/posts/v... #infosec #malware

07.12.2024 20:18 โ€” ๐Ÿ‘ 27    ๐Ÿ” 10    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Objective by the Sea v7.0 - Day 2
YouTube video by Objective-See Foundation Objective by the Sea v7.0 - Day 2

The #OBTS day 2 livestream is on!

www.youtube.com/watch?v=Nm0z...

06.12.2024 21:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Decrypting CryptProtectMemory without code injection

Decrypting CryptProtectMemory without code injection:

blog.slowerzs.net/posts/cryptd...

#crypto #decryption #cybersecurity #informationsecurity #rdp #windows #programming

05.12.2024 23:16 โ€” ๐Ÿ‘ 9    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

"We can now share that our latest investigation also found links between some of Doppelgangerโ€™s activities and individuals associated with MGIMO (Moscow State Institute of International Relations)."

via Meta/PDF: scontent.fotp7-2.fna.fbcdn.net/v/t39.8562-6...

04.12.2024 22:49 โ€” ๐Ÿ‘ 11    ๐Ÿ” 6    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@ocdsec is following 20 prominent accounts