Multiple Unreal Engine (core.dll) URI Handler Arbitrary Command Injection Vulnerabilities github.com/hackerhouse-...

Unreal Tournament (2004/1999) Multiple Vulnerabilities in Uri and Argument Handlers result in Arbitrary Code Execution [0day] - hacker.house/services - Patches are being made available. Advisory on HH github.

GitHub - hackerhouse-opensource/MoneroMiner: A high-performance Monero (XMR) mining implementation in C++ using the RandomX algorithm. This miner is optimized for modern CPUs and provides efficient mi... A high-performance Monero (XMR) mining implementation in C++ using the RandomX algorithm. This miner is optimized for modern CPUs and provides efficient mining capabilities with a simple command-li...

MoneroMiner - A lightweight, high-performance Monero (XMR) CPU miner using the RandomX proof-of-work algorithm. Designed for maximum efficiency and cross-platform compatibility. github.com/hackerhouse-...

bitchat-esp32: A minimal implementation of bitchat for use on ESP32-C6 based devices. github.com/hackerhouse-...

Not enough focus was put on this malware, it has the potential to disrupt energy networks in every country except Africa.

‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems.

For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.

We’re publishing his story today: www.bloomberg.com/news/feature...

US sanctions firm linked to cyber scams behind $200 million in losses The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans.

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans.

looks like an airplane banner that got loose.

Exploiting MS-TNAP, 1-click, no prompts.

Explore our detailed Telnet vulnerability research:

📌 Guest Bypass: github.com/hackerhouse-...

📌 Mutual Auth: github.com/hackerhouse-...

📌 Telnet Client MS-TNAP PoC: github.com/hackerhouse-...

#HackerHouse

We released three advisories on Microsoft Telnet Server & Client, targeting MS-TNAP vulnerabilities.

1️⃣ Guest Restriction Bypass (CVSS 7.5)

2️⃣ MS-TNAP Mutual Auth Protocol Issue: Non-exploitable config/protocol issue.

3️⃣ Telnet Client PoC: Exposes MS-TNAP risks e.g. phishing.

#Cybersecurity

Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit github.com/hackerhouse-...

Not every bug can be a vulnerability and not every vulnerability can be exploited, the MS-TNAP issue I describe exists within the protocol for Telnet authentication using NTLM and partially in the Telnet Server code, but was not fully implemented by Microsoft. PoC's are available for both issues.

Hacker House exposes flaws in Microsoft Telnet Server! Two advisories reveal a high-severity Guest Access Bypass (CVSS 7.5) in MS-TNAP, risking unauthorized access on Windows 2000 to Server 2008 R2, and an unexploitable NTLM mutual auth issue github.com/hackerhouse-... & github.com/hackerhouse-...

Interesting that the cyberbeat journalists wrote multiple news articles about a fake exploit of this recent bug. It's fine though, I almost fell for this AI generated crap too, just like the fake TaskScheduler UAC Bypass you all wrote about. ;-) cyberdom.blog/abusing-the-...

have you tried turning it off and on again?

"MSRC didn’t consider a single report as a vulnerability." - is something I agree with, you need the Administrator password to leverage this and whilst Task Scheduler is awesome and tons of fun - you need some kind of boundary violation for this to be an issue. "I have the password" is not one.

It reads to me as a surface-level analysis of the Task Scheduler implementation with the remarkable realization that "Task Scheduler can run Tasks as other users!" 🫢 - I enjoyed the write up but this is a very misleading post.

Task Scheduler– New Vulnerabilities for schtasks.exe UAC bypass, metadata poisoning, and log overflow vulnerabilities in Windows Task Scheduler reveal new tactics for defense evasion and privilege escalation

I found this article interesting, but it isn't technically a UAC bypass - if you have the Administrator username and password, you can authenticate to the host via TaskScheduler by design. The other vulnerabilities were also not really of any value to an attacker. cymulate.com/blog/task-sc...

DHS Secretary Noem’s purse stolen at Easter dinner with family in D.C. The theft occurred as Homeland Security Secretary Kristi L. Noem dined with her extended family at the Capital Burger on Seventh Street NW, people familiar with the incident said.

Department of Homeland Security Secretary Kristi L. Noem’s purse was stolen from a downtown Washington restaurant Sunday night, with her passport, DHS badge and about $3,000 cash inside, the department confirmed Monday.

I was conversing, you unthreaded my comment which is just sad to see.

I often discuss in my talks about how political bias influences and shapes the technology we build and use. The "underground" of computing technology has typically been right of center which is where many interesting protocols have come from. Internet is healing and people are free to speak again.

Political-bias on BlueSky is largely left-leaning, it's a comment that "verification" is just an extension of those political biases on display where those who ascribe to particularly agendas and ideologies leverage institutions and systems as power in the society.

This morning Minnesota Republicans introduced a bill banning mRNA vaccines and labeling them "weapons of mass destruction." It would make manufacturing, possessing or administering them a crime punishable by up to 20 years in prison. www.revisor.mn.gov/bills/bill.p...

Those who ascribe to extreme-left "woke" ideology.

The woke do love assigning themselves perceived authority over others.

facedancer/examples/camera.py at rawgadget2 · zhuowei/facedancer Fork of https://github.com/xairy/Facedancer/tree/rawgadget with patches for testing CVE-2024-53197 - zhuowei/facedancer

Zhuowei Zhang released POC code for CVE-2024-53104, a zero-day used by Cellebrite to unlock Android devices

-patched in February
-used by Serbian law enforcement to unlock the phones of anti-government protesters and journalists

github.com/zhuowei/face...

Mikrotik "opensesame" SNMP backdoor. Tutorial on how to create a backdoor modelled on EXTRABACON that resets the admin password using a UDP packet (SNMPset) as a post-exploitation technique. github.com/hackerhouse-...