The Eye of Infosec

26/08/2024

👉Exploitation of a PHP vulnerability to deploy the Msupedge backdoor highlights the critical need for platforms like MSUP Edge to comply with , , and other stringent data protection regulations to prevent unauthorized access to sensitive information.

✔️Fortanix offers , , and data masking solutions that can fortify platforms against such vulnerabilities, ensuring compliance and protecting data integrity in supply chain operations.

✔️By integrating seamlessly with platforms like and , Fortanix helps organizations secure their data and maintain regulatory adherence, even in the face of emerging cyber threats.

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/hackers-use-php-exploit-to-backdoor-windows-systems-with-new-malware/amp/

22/08/2024

𝘽𝙮𝙥𝙖𝙨𝙨𝙞𝙣𝙜 𝘼𝙋𝙄 𝙇𝙞𝙢𝙞𝙩𝙖𝙩𝙞𝙤𝙣𝙨 𝙐𝙨𝙞𝙣𝙜 𝙎𝙥𝙤𝙤𝙛𝙚𝙙 𝙂𝙚𝙤𝙡𝙤𝙘𝙖𝙩𝙞𝙤𝙣𝙨

Did you know that you can access different features or pricing options in applications by spoofing your location? Many applications tailor their offerings based on the user's geographical location. For instance:

Some apps charge different prices depending on the user's country.
Others provide exclusive content, such as region-specific shows on platforms like Netflix.
Certain apps, like Tinder, even offer a paid "travel mode" feature to access specific cities.

‼️Here are three key considerations when attempting to spoof your location:

1️⃣IP Address: The simplest method involves using a VPN. However, be aware that some companies maintain blacklists of IPs associated with VPN providers. To improve your chances, consider hosting your own VPN with a dedicated IP address on a cloud service.

2️⃣Request Data: While exploring Tinder’s bug bounty program, I noticed that location data is often transmitted in HTTP requests via "lat" (latitude) and "lon" (longitude) parameters. By utilizing tools like Auto Modifying Request in conjunction with gps-coordinates[.]net, you can dynamically alter these parameters to spoof your location with each request.

3️⃣Cookies and Other Trackers: If you’ve previously logged into an application from a specific location, the previous methods might be ineffective due to session persistence. Some applications link your active session to the location where you initially logged in, regardless of IP or other factors. In such cases, I recommend using a different browser, device, or virtual machine to log in, along with implementing steps 1 and 2.

21/08/2024

Did you know that both CrackMapExec and NetExec make two connections to each target? The first connection (for enumeration) uses an empty user/hostname/domain name, and both connections always try SMB1 first.

04/04/2023

https://youtu.be/kRPaBgE_8wc

In this video i will show you how to bypass any applock security step by step.

27/03/2022

Final Recon is a useful tool for gathering data about a target from open source…

13/03/2022

https://github.com/TEOIS/OSINT-FB-

THIS OSINT-FB TOOL IS USED FOR INFORMATION GATHERING OF ANY FACEBOOK USER. - GitHub - TEOIS/OSINT-FB-: THIS OSINT-FB TOOL IS USED FOR INFORMATION GATHERING OF ANY FACEBOOK USER.

09/03/2022

04/03/2022

21/02/2022

Researchers retrieve the master key for unlocking files locked by Hive ransomware by exploiting a flaw in its encryption algorithm.

17/02/2022

" Almost every publicly available ' "

Link :: https://github.com/trickest/cve

from,
https://twitter.com/campuscodi/status/1493894005800775681?t=8p1gGVjy2HzgLDjMC4MNyQ&s=19



Happy . ❤️

15/02/2022

Good chmod cheat