More results...
A proof-of-concept (PoC) exploit has been released for a use-after-free vulnerability in the Linux kernel, identified as CVE-2024-36904. This vulnerability is located in the TCP subsystem of the Linux kernel and is caused by the inet_twsk_hashdance() f…
A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]
Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack utilizes multiple stages of obfuscation, including encrypted payloads and COM objec…
The integration of Rust into the Linux kernel is a significant step forward in enhancing memory safety, a critical aspect of kernel development. This effort, known as Rust for Linux, began in 2021 with the publication of an RFC by Miguel Ojeda, the pro…
A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**.
Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**.
This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks.
#CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF
The post Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.
The Tails Project has launched Tails 6.13, the latest version of its privacy-centric Linux distribution, introducing improved Wi-Fi troubleshooting tools, updated anonymity software, and fixes for persistent storage and installation workflows. Targeted…
Socket exposes a typosquatting campaign delivering malware to Linux and macOS systems via malicious Go packages. Discover the…
What’s Linux’s marketshare on Steam? The Steam Survey numbers tell this story:
11/24: 2.03%
12/24: 2.29%
01/25: 2.06%
02:25: 1.45%
“The February numbers show a staggering 0.61% drop to Linux use…” reports Phoronix. But they attribute this to an …
Introduction to Instant: In this writeup, we will explore the “Instant” machine from Hack The Box, which is categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Instant” machine from Hack The Box […]
The post Hack The Box: Instant Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.
Auto-color: New Linux backdoor malware targeting the US and Asia. Learn about its advanced evasion, persistence, and detection…