#windows

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading → AS-REP Roasting

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for multiple users.

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included

By Waqas The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device. This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

By Waqas The latest report from Swedish telecom security firm Enea sheds light on security vulnerabilities within the widely used messaging platform, WhatsApp. This is a post from HackRead.com Read the original post: Israeli NSO Group Suspected of “MMS Fingerprint” Attack on WhatsApp