lapinousexy

346 posts

lapinousexy

@lapinousexy

OSCP / OSEP / CRTO I / CRTO II / https://t.co/zcub9fMkg7

Beigetreten Ocak 2013

440 Folgt89 Follower

lapinousexy retweetet

watchTowr@watchtowrcyber·4d

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-internet-i…

English

176

608

133.4K

lapinousexy retweetet

🕳@sekurlsa_pw·4d

If you want to contribute to Hacker Recipes: github.com/The-Hacker-Rec… Guide for authors: thehacker.recipes/contributing/w…

Charlie Bromberg « Shutdown »@_nwodtuhs

@sekurlsa_pw The site needs more authors, anyone has interesting techniques to share —> PR plzzzzzz 🙏

English

3.1K

lapinousexy retweetet

Gezine@gezine_dev·4d

PS4 (13.00 and 13.02) BD-J bug disclosed It was fun working on this exploit hackerone.com/reports/3452696

English

245

207

2.2K

166.7K

lapinousexy retweetet

mpgn@mpgn_x64·23 Nis

Looks like the npm package bitwarden cli was compromised, you can see version 2026.4.0 was not published from a trusted publisher (green checkmark) 😬 @bitwarden/cli/v/2026.4.0" target="_blank" rel="nofollow noopener">npmjs.com/package/@bitwa…

English

553

93.3K

lapinousexy retweetet

siddharth@sidheart·20 Nis

Found a command execution vulnerability in Kitty and xfce4-terminal's drag-and-drop functionality sdushantha.github.io/post/drop-it-l…

English

lapinousexy retweetet

GoToolSharing@GoToolSharing·19 Nis

Meet vbkview 🔥 A tool built to browse and extract data from unencrypted Veeam backups (.vbk). Built on vbktoolkit, a Golang reimplementation of the logic behind dissect.tools. github.com/GoToolSharing/… 1/3

English

1.3K

lapinousexy retweetet

watchTowr@watchtowrcyber·2 Nis

🫡 We’re back. Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile. Enjoy the journey with us, while you sob into your hands 🫠 labs.watchtowr.com/youre-not-supp…

English

208

37.7K

lapinousexy retweetet

Alex Neff@al3x_n3ff·29 Mar

A new module just got merged into NetExec: get-scriptpath📜 This module queries all users for the scriptpath attribute. If you have privileges over one of these scripts (or they e.g. try to mount a network share) you can compromise this user on their next login. Made by @0xwyndo

English

184

11.2K

lapinousexy retweetet

Justin Elze@HackingLZ·24 Mar

👀 "[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer via PyPI supply chain #24512" github.com/BerriAI/litell…

English

2.6K

lapinousexy@lapinousexy·23 Mar

@_RastaMouse Are you using Kotlin Multiplatform for the GUI ?

English

Rasta Mouse@_RastaMouse·22 Mar

Published the source if anyone fancies a look. github.com/crystal-c2 No docs or pre-built releases yet, so expect to be confused :)

Rasta Mouse@_RastaMouse

Built a C2 optimised for hyprland-style dynamic window tiling (instead of the class tab-approach)

English

235

23.8K

lapinousexy retweetet

Bad Sector Labs@badsectorlabs·17 Mar

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

English

8.1K

lapinousexy retweetet

SkelSec@SkelSec·2 Oca

New pypykatz version 0.6.13 is out on pip and github. Supporting latest windows versions, fixed some bugs and quite a few PRs merged. Thank you for the contributors! Also new bugs added, so keep the issues coming pls. github.com/skelsec/pypyka…

English

103

9.5K

lapinousexy retweetet

noraj@noraj_rawsec·2 Oca

haiti v4.0 github.com/noraj/haiti/re…

233

lapinousexy@lapinousexy·4 Ara

@vxunderground @mrd0x @MalDevAcademy

GIF

QME

vx-underground@vxunderground·3 Ara

Giveaway. Thank you @mrd0x for sponsoring this. We've got FIVE @MalDevAcademy vouchers. These vouchers are bundles. This vouchers give you: - Full access to malware source code database - Full access to malware development course Comment below for a chance to win.

English

906

733

49.2K

lapinousexy@lapinousexy·2 Ara

@vxunderground @Octoberfest73

GIF

QME

vx-underground@vxunderground·2 Ara

Giveaway. @Octoberfest73 has sponsored two Zero Point Security "BOF Development & Tradecraft" courses. tl;dr Training course on Cobalt Strike and malware C2 stuff. Leave a comment below for a chance to win. Course information: zeropointsecurity.co.uk/course/bof-dev

English

570

540

42.5K

lapinousexy retweetet

Exegol@exegogol·1 Ara

You run #NixOS because reproducibility and declarative configs matter. You don't install, you define. Exegol matches that: reproducible, deterministic offensive environments for testing, labs or teaching. Consistent results every time.

English

198

lapinousexy retweetet

Defused@DefusedCyber·1 Ara

⚠️We are noting elevated rates of Citrix fingerprinting against the path /epa/scripts/win/nsepa_setup.exe, which contains an installer used in enumerating Citrix version numbers / build dates

Defused@DefusedCyber

Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN..) +64.88% - CVE-2022-27510 (NetScaler ADC..) +21.33% - CVE-2022-27510 (Gateway..) +21.33% - CVE-2021-27877 (Veritas Veritas..) +15.37% - CVE-2021-27876 (Veritas Veritas..) +14.32%

English

5.7K

lapinousexy retweetet

Alex Neff@al3x_n3ff·26 Kas

Dump DPAPI credentials via WinRM with NetExec🔥 A lot of sensitive data is stored in Windows DPAPI, such as the login credentials used in scheduled tasks. Thanks to tiagomanunes this is now also possible via WinRM!

English

254

11.5K

lapinousexy retweetet

eversinc33 🤍🔪⋆｡˚ ⋆@eversinc33·22 Kas

As a follow up to my last post, here is part II of driver reverse engineering 101, this time about dynamic analysis. We unpack a VMProtected kernel driver and restore its IAT with some emulation. Enjoy:) eversinc33.com/posts/driver-r…

English

263

28.8K

lapinousexy retweetet

Alex Neff@al3x_n3ff·21 Kas

Dumping juicy secrets from SAM/LSA is always nice right? I've added an implementation for the --sam and --lsa flags to the MSSQL protocol of NetExec🚀 No need for manual registry hive extraction anymore!

English

318

12.8K

Entdecken

@0xwyndo @_RastaMouse @vxunderground @mrd0x @MalDevAcademy @Octoberfest73 @elonmusk @BarackObama