caketi

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

• A Russian translation of this article can be found here, contributed by Timur Demin.
• A Turkish translation can be found here, contributed by agyild.
• There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

caketi

This is src doc of my presentation on shibuya.xss #8 (2016-11-14)

• https://speakerdeck.com/mala/shibuya-dot-xss-techtalk-number-8

The main topic is vulnerabilities related to url parser.

• PHP https://bugs.php.net/bug.php?id=73192
• Java/OpenJDK http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/cd0585378c46 (CVE-2016-5552)
• Android https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea%5E%21/ (CVE-2016-5552)

caketi

#!/bin/bash

#
# Execute as wget -O - gist_url | bash
#
# Couldn't add gist url as, it changes after every update i.e. as soon as I save this, it's url will change :p
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly 
#
InstallationStartTime=$(date +%s)

caketi

1. install pypykatz pip install pypykatz outisde your pipenv
2. Add this file to cme/module/procdump.py
3. compile python setup.py install
4. run cme smb 172.16.60.152 -u Administrator -p P@ssword -M procdump

caketi

#!/usr/bin/env python2

# Challenge: https://gctf-2019.appspot.com/#challenges/sandbox-sandbox-ridl

from pwn import *
import os

def split_by(data, cnt):
	return [data[i : i+cnt] for i in xrange(0, len(data), cnt)]