CVE-2018-1149 & CVE-2018-1150 NUUO DVR firmware exploits

by admin

Monday, September 17th, 2018 at 9:00 pm

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability and a backdoor that allows an attacker remote code execution. Tenable issued the advisory today, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected NVRMini2 webserver software. NUUO, the company that makes the firmware, is hopefully issuing a patch for the bug tomorrow, NUUO was notified in June of the vulnerability.
More info: :: ::
POC can be found :: here ::

SVG Document ActiveX Execution In Word

by admin

Friday, September 7th, 2018 at 2:42 pm

Matt harr0ey (@harr0ey) released a POC of an SVG Document ActiveX executing using a browser (not Internet Explorer) inside Microsoft Word. Details are on his blog and a short demo video of it in action below

WAF Evavasion Techniques #3

by admin

Sunday, September 2nd, 2018 at 9:58 pm

Part 3 of a series of posts by @TheMiddle, using uninitialized Bash variable to bypass Web Application Firewalls, tested on CloudFlare WAF and ModSecurity OWASP CRS. Chck it out ::HERE::

skiptracer released

by admin

Sunday, June 3rd, 2018 at 12:02 am

Our new open source python OSINT framework, skiptracer was released yesterday @ HushCon. Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG), or paying to utilize transforms (Maltego) to get data mining results. Using some basic python webscraping of PII paywall sites to compile passive information on a target on a ramen noodle budget. The modules will allow queries for phone/email/screen names/real names/addresses/IP/Hostname/breach credentials etc.. It will help you collect relevant information about a target to help expand your attack surface.`Everyone should be encourage to submit new ideas/modules. you can get the code here.

CT’s #1 hacker part deux – electric boogaloo

by admin

Wednesday, April 25th, 2018 at 2:37 pm

Seems our pal Mario Dinatale, or’ Mario Di Natale’ as he now uses for SEO reasons (see post: Hacks Lies Nation States) has bullshitted his way into another job. I wonder how much bullshit he fed into his new employer Kyber Secure ‘Why do you care’ you might ask? Because charlatans like him lie their way into jobs and bragging about ransomware ‘takedowns’ they had no part in, are some of the reason why this industry and security is such a shitshow. I feel bad for the clients.

OWASP Top 10 – 2017 released

by admin

Monday, November 20th, 2017 at 10:37 pm

You can get it from here:


by admin

Monday, November 20th, 2017 at 9:56 pm

SpookFlare gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass the countermeasures of the target systems like a boss until they “learn” the technique and behavior of SpookFlare payloads.
More info:

Bypassing UAC with access tokens

by admin

Monday, November 20th, 2017 at 9:38 pm

@tiraniddo released slides, demo videos, and some source code from his Zero Nights 2017 talk: Abusing Access Tokens for UAC Bypasses. Get it on his Github.
“UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista. Most of the research of bypassing UAC has focused on abusing bad elevated application behavior, auto elevation or shared registry and file resources. However, UAC was fundamentally broken from day one due to the way Microsoft implemented the security around elevated processes, especially their access tokens. This presentation will go into depth on why this technique works, allowing you to silently gain administrator privileges if a single elevated application is running. It will describe how Microsoft tried to fix it in Windows 10, and how you can circumvent their defences. It will also go into detail on a previously undocumented technique to abuse the assumed, more secure, Over-The-Shoulder elevation on Windows 10.”

Backdooring PE Files

by admin

Monday, November 20th, 2017 at 8:43 pm

Haider Mahmood has a nice write-up on his blog using a few different techniques to backdoor PE files, making them (hopefully) fully undetectable by anti-viruses. Some restrictions he used in the process were: not changing the functionality of the program itself , or increasing the file size, and avoiding using other common techniques like msvenom, veil, and other crypters/packers. The techniques he covers to help reduce the AV detection rate are, changing the PE’s section header, codecaves, and dual code caves. He goes over the pros and cons of each usage.

Office DDEAUTO attacks

by admin

Saturday, October 21st, 2017 at 3:15 am

New post on about macro-less Office command execution and how to use different payloads with the attack.

Your IP:

You are from the area.

We love our country, but fear our government.