http://esanpt1.go.th/daka.htm
Posted by deepcore under defacement (No Respond)
http://esanpt1.go.th/daka.htm notified by telegram@saturaa
Tags: defacement
Archive for May, 2022
http://www.nb1.go.th/daka.htm
Posted by deepcore under defacement (No Respond)
http://www.nb1.go.th/daka.htm notified by telegram@saturaa
Tags: defacementhttps://www.trang1.go.th/daka.htm
Posted by deepcore under defacement (No Respond)
https://www.trang1.go.th/daka.htm notified by telegram@saturaa
Tags: defacementREvil.Ransom Code Execution
Posted by deepcore under exploit (No Respond)
REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do not need to rely on […]
Trojan.Ransom.Cryptowall Code Execution
Posted by deepcore under exploit (No Respond)
Cryptowall ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do not need to rely on […]
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
ChatBot Application with a Suggestion Feature version 1.0 suffers from a remote blind SQL injection vulnerability.
Trojan-Ransom.LockerGoga Code Execution
Posted by deepcore under exploit (No Respond)
LockerGoga ransomware looks for and loads a DLL named “wow64log.dll” in WindowsSystem32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. Four processes are created. For instance, there is “imtvknqq9737.exe” running under AppDataLocalTemp, the process name is “imtvknqq” plus an appended random number. Our exploit DLL will simply display a […]
Trojan-Ransom.Cerber Code Execution
Posted by deepcore under exploit (No Respond)
Cerber ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do not need to rely on […]
Ransom.CTBLocker Code Execution
Posted by deepcore under exploit (No Respond)
CTBLocker ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do not need to rely on […]
Craft CMS 3.7.36 Password Reset Poisoning Attack
Posted by deepcore under exploit (No Respond)
Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive password reset emails containing a malicious password reset link.