Not_H

@cyku_tw 師傅，外網初始點最難 🤣

參與紅隊無數次打 Windows AD 的經驗總結下來， 我得到了四個字的滲透心法：花式登入。 不是隨時都有 ZeroLogon、CVE-2022–26923 這種無視限制可以直搗黃龍的漏洞，所以平時滲透的不二法門果然還是想盡辦法撈到密碼登入就對了！

【情报】新Windows提权漏洞CVE-2024-35250🚨 PoC for the Untrusted Pointer Dereference in the ks.sys driver😢 Github地址：github.com/varwara/CVE-20… 提权适用的Windows版本挺多的，但动作很明显，实测大部分XDR都拦截动态行为了🫣 #cybersecurity #CyberSafety #redteam #blueteam #exploit #CVE

github.com/weaselsec/GodP… GodPotato can be found at github.com/BeichenDream/G… Tested on Windows 10 (fully patched)

We are reporting Microsoft Exchange Server CVE-2023-36439 vulnerable IPs (post-auth RCE). Over 63K vulnerable worldwide. Patch released Nov 14th - msrc.microsoft.com/update-guide/v… IP data for your constituency in shadowserver.org/what-we-do/net… Dashboard tracker - dashboard.shadowserver.org/statistics/com…

CVE-2020-28040 WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. cve.mitre.org/cgi-bin/cvenam…

@kenanistaken @66ed3gs Yes ! you are right ! Don't rush

@CVEnew Thanks you !

@CVEnew Hi~ I have sent you a CVE application, but no response has been received .... zxc7528064@gmail.com

CVE-2020-13758 modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. cve.mitre.org/cgi-bin/cvenam…