asdqwe3124

<?php

//php gd-gif.php image.gif gd-image.gif 

$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>

pensierinmusica

## Place this file in "/etc/sysctl.d/network-tuning.conf" and
## run "sysctl -p" to have the kernel pick the new settings up

# Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts = 1
 
# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1
 
# Turn on syncookies for SYN flood attack protection

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

maxious

Might also be the dv163 P1: http://help.dvr163.com/index.php/P1

Based on Ankya AK3918 HD IP Camera SoC http://caxapa.ru/thumbs/914089/ak3818ds.pdf http://caxapa.ru/thumbs/914089/ak3818ds.pdf

Firmware => Telnet/FTP

Check/download latest firmware (site blocked for malware in Chrome/Firefox) http://42.96.185.60:8088/XVR/common/checkCommonUpdate.php?DevModel=IPCAM&SWVersion=1.4.47.0&DeviceSN=F2731110583936&ODMNum=391802&FirmwareMagic=SlVBTiBJUENBTSBGSVJNV0FSRSBERVNJR05FRCBCWSBMQVc=&Release=1&app_version=2.3.13 Response:

tothi

# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#

# the script was developed & tested on Android LineageOS 18.1

akabe1

/*  Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu
	
	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/

setTimeout(function() {
	Java.perform(function() {
		console.log('');

ulidtko

#!/usr/bin/env python3
import os, sys
import argparse
import struct
from functools import reduce

"""
QNAP QTS firmware encryptor/decryptor.

Based on https://pastebin.com/KHbX85nG

denji

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

SwitHak

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

• Royce Williams list sorted by vendors responses Royce List
• Very detailed list NCSC-NL
• The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List