BhinnekaSec1337
Part of BogorWanien Team | Security Just illusion | We Are Party in your Security | IndonesianHack | LeakingTools www.instagram.com/bhinnekasec1337 @BhinnekaService | BhinnekaSec service
Show more1 158
Subscribers
+924 hours
+757 days
+11930 days
- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Subscriber growth rate
Data loading in progress...
Exploit for W&B Weave Server - Remote Arbitrary File Leak (CVE-2024-7340)🥷
Description🔈
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
Nuclei Template🌎
View the template here CVE-2024-7340.yaml
Validate with Nuclei
echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-7340.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7340
https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/
https://github.com/wandb/weave/pull/1657
https://github.com/advisories/GHSA-r49h-6qxq-624fW&B Weave server remote arbitrary file leak | JFSA-2024-001039248
CVE-2024-7340, HIGH, W&B Weave server remote arbitrary file leak
Forensic 👹 tool for processing, analyzing and visually presenting Google Chrome artifacts.
Features 💻
‼️Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
🔹read only
🔹hash checking
‼️Suspect profile and behavior estimations
including:
🔹personal information (emails, phone nums, date of birth, gender, nation, city, adress...)
🔹Chrome metadata
🔹Accounts
🔹Version
‼️Target system metadata
🔹Operating system
🔹Display resolution
🔹Mobile Devices
‼️Browsing history URL category classification using ML model
Login data frequency (most used emails and credentials)
‼️Browsing activity during time periods (heatmap, barchart)
‼️Most visited websites
‼️Browsing history
🔹transition types
🔹visit durations
🔹avg. visit duration for most common sites
‼️Login data (including parsed metadata)
Autofills
🔹estimated cities and zip codes
🔹estimated phone number
🔹other possible addresses
🔹geolocation API (needed to be registered to Google)
‼️Downloads (including default download directory, download statistics...)
‼️default download directory
‼️download statistics
‼️Bookmarks
‼️Favicons (including all subdomains used for respective favicon)
‼️Cache
🔹URLs
🔹content types
🔹payloads (images or base64)
🔹additional parsed metadata
‼️Volume
🔹volume structure data (visual, JSON)
‼️Shared database to save potential evidence found by investigators
✈️ BhinnekaSec.t.me
🪙 github.com/ChmaraX/forensix
Repost from GARUDA SECURITY
Photo unavailableShow in Telegram
Hacked By SukaJanda01 - Garuda Security
message: Kami sangat kecewa dengan kurangnya tindakan konkret dari Kementerian Agama dalam menangani isu-isu mendesak seperti penyalahgunaan wewenang di lembaga-lembaga keagamaan. Ini menunjukkan ketidakmampuan dalam menjaga integritas dan akuntabilitas. Kami mendesak adanya reformasi menyeluruh untuk memastikan bahwa pengawasan dan penegakan hukum berjalan efektif.
site: https://ptspmalangkota.kemenag.go.id/
#TegakanHukumYangSedangBerjalan
#GarudaSecurity
#HacktivistIndonesia
#GanosecTeam
Open Source Threat Intelligence Tools💻
AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel.
AlienVault Open Threat Exchange - Share and collaborate in developing Threat Intelligence.
Combine - Tool to gather Threat Intelligence indicators from publicly available sources.
Fileintel - Pull intelligence per file hash.
Hostintel - Pull intelligence per host.
IntelMQ - A tool for CERTs for processing incident data using a message queue.
IOC Editor - A free editor for XML IOC files.
iocextract - Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool.
ioc_writer - Python library for working with OpenIOC objects, from Mandiant.
MalPipe - Malware/IOC ingestion and processing engine, that enriches collected data.
Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
MISP - Malware Information Sharing Platform curated by The MISP Project.
Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
PyIOCe - A Python OpenIOC editor.
RiskIQ - Research, connect, tag and share IPs and domains. (Was PassiveTotal.)
threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources.
ThreatConnect - TC Open allows you to see and share open source threat data, with support and validation from our free community.
ThreatCrowd - A search engine for threats, with graphical visualization.
ThreatIngestor - Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more.
ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds.
👍 2
Repost from N/a
Photo unavailableShow in Telegram
🔠🔠🔠 [ WANT TO SELL]
🌎 DOMAIN .org
‼️ DA 34
‼️PA 27
‼️SS 1%
🥷 @AgentSecAdmin
🔹🔹OSINT RESOURCE👁🔹🔹
🔻[
Social media and photos
💻] 🔻
Apps.skylens.io 💀
posts with geo-tags from five social networks at once on one map (Twitter, YouTube, Instagram, Flickr, Vkontakte).photo-map.ru 💀
search geo-tagged photos from Vkontakte.YouTube Geofind ☠️
view YouTube geo-tagged video on map.Flickr Common Map 👺
displays only Flickr photos distributed under a Creative Commons license (250 of the latest for each location).I know where your cat lives 👺
geo-tagged photo from Instagram with the cat hashtag.Trendsmap.com 💻
explore most popular Twitter trends, hashtags and users on the world-map.Pastvu.com 💻
view historical photos taken at a particular location on a map.
🔥 3👍 1
Photo unavailableShow in Telegram
🔈HTTP recon automation with httpx🔈
❓ Did you know that you can use httpx tool to request any URL path and see the status code and length and other details on the go, filter, or even perform exact matching on them?
Here’s an example:
cat domains.txt | httpx -path /swagger-api/ -status-code -content-length
⬇️ Download Tool ⬇️👍 1
Choose a Different Plan
Your current plan allows analytics for only 5 channels. To get more, please choose a different plan.