101010.pl

Dendrobatus Azureus<a href="https://planetearth.social/@cgerhard" class="u-url mention" rel="nofollow noopener" target="_blank">@cgerhard</a> <a href="https://mastodon.neilzone.co.uk/@neil" class="u-url mention" rel="nofollow noopener" target="_blank">@neil</a>It's gotten so bad, that the only way you are certain, that your television will not squeal on you, is by making sure that you never ever ever let it go on the internet, because if you do it will just create a tunnel report to its Masters and if you close that tunnel it will just create othersSmart TV's and IOT devices have payloads just like malware!<a href="https://polymaths.social/tags/enshittification" class="mention hashtag" rel="nofollow noopener" target="_blank">#Enshittification</a> <a href="https://polymaths.social/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> <a href="https://polymaths.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a>

postmodernAdded integration tests for <a href="https://github.com/ronin-rb/ronin-payloads/tree/0.3.0#readme" rel="nofollow noopener" target="_blank">ronin-payload</a>'s new payload encoders and discovered that Python2 does not support evaling a <code>print</code> statement. Python3 however added support for this.<pre><code>>>> eval('print "test"') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<string>", line 1 print "test" ^ SyntaxError: invalid syntax </code></pre>Lol, wtf, how did people seriously tout Python2 over Python3. Even Ruby and JavaScript are more consistent.<a href="https://infosec.exchange/tags/python2" class="mention hashtag" rel="nofollow noopener" target="_blank">#python2</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> <a href="https://infosec.exchange/tags/roninrb" class="mention hashtag" rel="nofollow noopener" target="_blank">#roninrb</a>

postmodernWhen you refer to a UNIX/Linux/macOS/BSD or <code>sh</code>/<code>bash</code>/<code>zsh</code> command payload, what do you common refer to them as?<a href="https://infosec.exchange/tags/namingthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#namingthings</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>

postmodernand how would you group Windows PowerShell command payloads in a directory structure of other payloads? <a href="https://infosec.exchange/tags/namingthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#namingthings</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>

postmodernHow would you group Windows <code>cmd.exe</code> command payloads in a directory structure of other payloads? <a href="https://infosec.exchange/tags/namingthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#namingthings</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>

ronin-rbRonin 2.1.0 has finally been released! Lots of new stuff in this release, like new database tables, new payloads, <a href="https://github.com/ronin-rb/ronin-recon#readme" rel="nofollow noopener" target="_blank">ronin-recon</a>, <a href="https://github.com/ronin-rb/ronin-app#readme" rel="nofollow noopener" target="_blank">ronin-app</a>, and more. <a href="https://ronin-rb.dev/blog/2024/07/22/ronin-2-1-0-finally-released.html" rel="nofollow noopener" translate="no" target="_blank">https://ronin-rb.dev/blog/2024/07/22/ronin-2-1-0-finally-released.html</a> <a href="https://infosec.exchange/tags/ronin" class="mention hashtag" rel="nofollow noopener" target="_blank">#ronin</a> <a href="https://infosec.exchange/tags/roninrb" class="mention hashtag" rel="nofollow noopener" target="_blank">#roninrb</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/securitytools" class="mention hashtag" rel="nofollow noopener" target="_blank">#securitytools</a> <a href="https://infosec.exchange/tags/recon" class="mention hashtag" rel="nofollow noopener" target="_blank">#recon</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a>

postmodernHow useful would you say a command injection payload that exfils a single file via <code>curl</code> to a webserver might be? Do you think it should be built-in to a framework or offered as a 3rd-party thing? <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/exploitdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploitdev</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>

ronin-rbYou've probably heard of the <code>xz-utils</code> backdoor by now. You shouldn't submit backdoors to Open Source projects... unless it's to <a href="https://github.com/ronin-rb/ronin-payloads" rel="nofollow noopener" target="_blank">ronin-payloads</a>! We're always looking for <a href="https://github.com/ronin-rb/ronin-payloads/issues?q=is%3Aissue+is%3Aopen+label%3Abuiltin-payloads" rel="nofollow noopener" target="_blank">more payloads</a>! <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> <a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://infosec.exchange/tags/webshells" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshells</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/corny" class="mention hashtag" rel="nofollow noopener" target="_blank">#corny</a> <a href="https://infosec.exchange/tags/shamelesspromotion" class="mention hashtag" rel="nofollow noopener" target="_blank">#shamelesspromotion</a>

postmodernTIL <a href="https://en.wikipedia.org/wiki/Nashorn_(JavaScript_engine)" rel="nofollow noopener" target="_blank">Nashorn</a> is a JavaScript VM written in Java and gives direct access to Java classes. There's even a reverse shell payload for it, which has apparently been improved/fixed by this chap <a href="https://infosec.exchange/@mosesrenegade" class="u-url mention" rel="nofollow noopener" target="_blank">@mosesrenegade</a> who's on here. <a href="https://gist.github.com/mosesrenegade/dd565dba9360a84b3c2d6e44b8381dbd" rel="nofollow noopener" translate="no" target="_blank">https://gist.github.com/mosesrenegade/dd565dba9360a84b3c2d6e44b8381dbd</a> <a href="https://infosec.exchange/tags/reverseshells" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseshells</a> <a href="https://infosec.exchange/tags/nashorn" class="mention hashtag" rel="nofollow noopener" target="_blank">#nashorn</a> <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>

postmodernFor a tool that compiles C payloads, how would you prefer to specify the cross-compiler? <a href="https://infosec.exchange/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/redteaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteaming</a> <a href="https://infosec.exchange/tags/exploitdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploitdev</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🔍 Deep Dive into Malvertising: Techniques & Tactics 🕵️"The malvertising campaign under the spotlight uses a unique fingerprinting method to distribute time-sensitive payloads. Malicious ads target software like Notepad++ and PDF converters. A two-tier filtering system is in place: 1️⃣ IP checks to discard VPNs and non-genuine IPs, 2️⃣ System fingerprinting to detect VMs. Those who pass are directed to a decoy site resembling the real Notepad++ website. The payload is a <code>.hta</code> script, uniquely named for each victim, making it time-sensitive. This level of sophistication in malvertising campaigns is alarming, indicating a shift in tactics and techniques by threat actors.Source: <a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign" rel="nofollow noopener" target="_blank">Malwarebytes Blog</a> by Jérôme SeguraTags: <a href="https://infosec.exchange/tags/MalvertisingDeepDive" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalvertisingDeepDive</a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://infosec.exchange/tags/Evasion" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evasion</a> <a href="https://infosec.exchange/tags/Fingerprinting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fingerprinting</a> <a href="https://infosec.exchange/tags/Payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#Payloads</a> <a href="https://infosec.exchange/tags/CyberSecurityTrends" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityTrends</a> 🧐🔗🚫

Avoid The Hack!3CX Supply Chain <a href="https://mastodon.social/tags/Attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#Attack</a> Campaign Trojanized 3CXDesktopApp installers are running rampant in a supply-chain attack campaign.Dropping multiple <a href="https://mastodon.social/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a>, including information stealers, which can transfer account credentials and wallet keys directly to the attackers.<a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://www.zscaler.com/security-research/3CX-supply-chain-attack-analysis-march-2023" rel="nofollow noopener" target="_blank">https://www.zscaler.com/security-research/3CX-supply-chain-attack-analysis-march-2023</a>

Spaceflight 🚀Space-based solar ☀️ power (<a href="https://techhub.social/tags/SBSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBSP</a>) - beaming clean <a href="https://techhub.social/tags/energy" class="mention hashtag" rel="nofollow noopener" target="_blank">#energy</a> to <a href="https://techhub.social/tags/Earth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Earth</a> from orbital <a href="https://techhub.social/tags/solar" class="mention hashtag" rel="nofollow noopener" target="_blank">#solar</a> farms.The <a href="https://techhub.social/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#UK</a> 🇬🇧, <a href="https://techhub.social/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#US</a> 🇺🇸 and <a href="https://techhub.social/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chinese</a> 🇨🇳 governments are funding research, <a href="https://techhub.social/tags/ESA" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESA</a> 🇪🇺 has approved a 3-year study named <a href="https://techhub.social/tags/Solaris" class="mention hashtag" rel="nofollow noopener" target="_blank">#Solaris</a>.One reason that <a href="https://techhub.social/tags/SPSB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SPSB</a> is back on the agenda is the plummeting <a href="https://techhub.social/tags/cost" class="mention hashtag" rel="nofollow noopener" target="_blank">#cost</a> per kilogram of launching <a href="https://techhub.social/tags/payloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#payloads</a> into <a href="https://techhub.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#space</a>. Thanks to <a href="https://techhub.social/tags/reusable" class="mention hashtag" rel="nofollow noopener" target="_blank">#reusable</a> <a href="https://techhub.social/tags/rockets" class="mention hashtag" rel="nofollow noopener" target="_blank">#rockets</a>, this figure has fallen nearly 20-fold in two decades, while solar panels have become <a href="https://techhub.social/tags/lighter" class="mention hashtag" rel="nofollow noopener" target="_blank">#lighter</a>. <a href="https://www.abc.net.au/news/science/2022-12-20/space-based-solar-power-europe-funding-research/101733558" rel="nofollow noopener" target="_blank">https://www.abc.net.au/news/science/2022-12-20/space-based-solar-power-europe-funding-research/101733558</a><a href="https://techhub.social/tags/Microwave" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microwave</a> power transmission <a href="https://en.wikipedia.org/wiki/Space-based_solar_power#Microwave_power_transmission" rel="nofollow noopener" target="_blank">https://en.wikipedia.org/wiki/Space-based_solar_power#Microwave_power_transmission</a>Picture : Tim Peake & Tim Kopra replace a failed voltage regulator at the <a href="https://techhub.social/tags/ISS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISS</a> <a href="https://commons.wikimedia.org/wiki/File:ISS-46_EVA-1_(c)_Timothy_Peake.jpg" rel="nofollow noopener" target="_blank">https://commons.wikimedia.org/wiki/File:ISS-46_EVA-1_(c)_Timothy_Peake.jpg</a><a href="https://techhub.social/tags/SpaceEnergy" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpaceEnergy</a> <a href="https://techhub.social/tags/SpaceSolar" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpaceSolar</a>

Reed HHW <a href="https://twitter.com/threatpost/status/1398268237595488257" rel="nofollow noopener" target="_blank">♲</a> @<a href="https://twitter.com/threatpost" class="u-url mention" rel="nofollow noopener" target="_blank">threatpost@twitter.com</a>:<blockquote>The mass email campaign delivers malicious URLs with <a href="https://libranet.de/search?tag=payloads" rel="nofollow noopener" target="_blank">#payloads</a> enabling network persistence so the actors can conduct further nefarious activities. <a href="https://libranet.de/search?tag=cybersecurity" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://threatpost.com/solarwinds-nobelium-phishing-attack-usaid/166531/" rel="nofollow noopener" target="_blank">threatpost.com/solarwinds-nob…</a></blockquote>

Recent searches

Search options

Administered by:

Server stats:

#Payloads