"W zeszłym tygodniu, podczas wystąpienia na konferencji hakerów, hakerka zdalnie usunęła z sieci trzy witryny internetowe białych suprematystów. Do tej pory witryny te nie powróciły do sieci."

„Wyobraźcie sobie, że nazywacie siebie 'rasą panów', ale zapominacie o zabezpieczeniu własnej strony internetowej — może spróbujcie nauczyć się hostować WordPressa, zanim zaczniecie dominować nad światem” — napisał Root.

:V
#hacking #informatyka

https://techcrunch.com/2026/01/05/hacktivist-deletes-white-supremacist-websites-live-on-stage-during-hacker-conference/

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.05.md

Reflecting Your Authentication: When Windows Ends Up Talking to Itself - https://decoder.cloud/2025/11/24/reflecting-your-authentication-when-windows-ends-up-talking-to-itself/

Browser Hijacking: Three Technique Studies - https://www.gdatasoftware.com/blog/2025/11/38298-learning-about-browser-hijacking

Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM - https://connormcgarr.github.io/windows-arm64-interrupts/

GPU Cache Hierarchy: Understanding L1, L2, and VRAM - https://charlesgrassi.dev/blog/gpu-cache-hierarchy/

CVE-2025-61922: Zero-Click Account Takeover on Prestashop - https://dhakal-ananda.com.np/blogs/cve-2025-61922-analysis/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.03.md

Use Binary Ninja with ChatGPT via MCP securely - https://jaybird1291.github.io/blog-cyber/posts/binjagpt/

Vectored Exception Handling Squared - https://fluxsec.red/vectored-exception-handling-squared-rust

N-Able Windows Software Probe Remote Code Execution - https://www.securifera.com/blog/2025/12/02/n-able-formerly-solarwinds-msp-windows-software-probe-remote-code-execution-cve-2025-11367/

Ghost in the Controller: Abusing Supermicro BMC Firmware Verification - https://www.binarly.io/blog/ghost-in-the-controller-abusing-supermicro-bmc-firmware-verification

Silver Fox Targeting India Using Tax Themed Phishing Lures - https://www.cloudsek.com/blog/silver-fox-targeting-india-using-tax-themed-phishing-lures

#informatyka

#programowanie #informatyka #heheszki

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.01.md

Registry Writes Without Registry Callbacks - https://deceptiq.com/blog/ntuser-man-registry-persistence

Exploiting CVE-2025-21479 on a Samsung S23 - https://xploitbengineer.github.io/CVE-2025-21479

Drone pentesting framework console - https://github.com/dronesploit/dronesploit/

FortiClient: Two-click RCE via Code Injection in the Login Window - https://yaniv-git.github.io/2025/10/13/FortiClient:%20Two-click%20RCE%20via%20Code%20Injection%20in%20the%20Login%20Window/

Diffing 7-Zip for CVE-2025-11001 - https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html

#informatyka

#informatyka #hakerzy właśnie se przez liska usunąłem węzeł, który zaczynał się od <iframe> i już mi jakieś gówna nie wyskakuja i nie blokują playlisty (chyba 10 lat temu zrobionej) na sylwka na YT

albo jestem geniuszem, albo pokolenie Z przejmuje giganta z debilnymi filmikami

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.30.md

AI pentest scoping playbook - https://devansh.bearblog.dev/ai-pentest-scoping/

Sliding into your DMs: Abusing Microsoft Teams for Malware Delivery - https://permiso.io/blog/sliding-into-your-dms-abusing-microsoft-teams-for-malware-delivery

How Malware Takes a Bit Out of the Apple - https://reversea.me/index.php/how-malware-takes-a-bit-out-of-the-apple/

SPTM - The Last Bits - https://www.df-f.com/blog/sptm4

Extracting Syscalls from a Suspended Process - https://cymulate.com/blog/extracting-syscalls-from-a-suspended-process/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.28.md

Tracking malicious code execution in Python - https://rushter.com/blog/python-code-exec/

Advisory - Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309) - https://blog.amberwolf.com/blog/2025/august/advisory---netskope-client-for-windows---local-privilege-escalation-via-rogue-server/

Hidden in Plain Sight: A Misconfigured Upload Path That Invited Trouble - https://www.varonis.com/blog/misconfigured-upload-path

What's Next: React2Shell Beyond Next.js - https://www.vulncheck.com/blog/react2shell-beyond-nextjs

Microsoft Defender for Identity Recommended Actions: Remove non-admin accounts with DCSync permissions - https://thalpius.com/2025/09/23/microsoft-defender-for-identity-recommended-actions-remove-non-admin-accounts-with-dcsync-permissions/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.26.md

Reverse engineering Realtek RTL8761B* Bluetooth chips, to make better Bluetooth security tools & classes - https://darkmentor.com/publication/2025-11-hardweario/

Malware development: persistence - part 26. Microsoft Edge - part 1. Simple C example - https://cocomelonc.github.io/persistence/2024/08/14/malware-pers-26.html

Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks - https://www.genians.co.kr/en/blog/threat_intelligence/dll

Referral Beware, Your Rewards are Mine (Part 1) - https://rhinosecuritylabs.com/research/referral-beware-your-rewards-are-mine-part-1/

IPv4/IPv6 Packet Fragmentation: Detection & Reassembly - https://packetsmith.ca/ip_frag_reassembly/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.24.md

Backing up Spotify - https://annas-archive.li/blog/backing-up-spotify.html

Yet Another DCOM Object for Command Execution Part 2 - https://sud0ru.ghost.io/yet-another-dcom-object-for-command-execution-part-2/

Magecart Skimmer Analysis: From One Tweet to a Campaign - https://blog.himanshuanand.com/2025/09/magecart-skimmer-analysis-from-one-tweet-to-a-campaign/

Pwn2Own 2025: Pwning Lexmark’s Postscript Processor - https://boredpentester.com/pwn2own-2025-pwning-lexmarks-postscript-processor/

From Zero to Shell: Hunting Critical Vulnerabilities in AVideo - https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.22.md

Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme - https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge - https://theori.io/blog/exploring-traces-63950

Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications - https://research.eye.security/consent-and-compromise/

How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315) - https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/

Rust for Malware Development - https://bishopfox.com/blog/rust-for-malware-development

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.20.md

Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows - https://connormcgarr.github.io/km-shadow-stacks/

No Alloc, No Problem: Leveraging Program Entry Points for Process Injection - https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/

HijackLoader Expands Techniques to Improve Defense Evasion - https://www.crowdstrike.com/en-us/blog/hijackloader-expands-techniques/

Malware Just Got Its Free Passes Back! - https://klezvirus.github.io/posts/Moonwalk-plus-plus/

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking - https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.18.md

Intel Outside: Hacking every Intel employee and various internal websites - https://eaton-works.com/2025/08/18/intel-outside-hack/

TLS NoVerify: Bypass All The Things - https://f0rw4rd.github.io/posts/tls-noverify-bypass-all-the-things/

Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer - https://securitylabs.datadoghq.com/articles/enumerating-aws-the-quiet-way-cloudtrail-free-discovery-with-resource-explorer/

macOS LPE via the .localized directory - https://theevilbit.github.io/posts/localized/

Copilot Broke Your Audit Log, but Microsoft Won’t Tell You - https://pistachioapp.com/blog/copilot-broke-your-audit-log

#informatyka

Festerku ratuj, bo mi się laptok spalił.

Przynieś, popaczam.

W U T ???!!!

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Pamiętajcie dzieciaczki nie zostawiajcie na stole stroików świątecznych z zapalonymi świeczkami.

Płyta oczywiście martwa, ale dysk (trochę osmalony) ocalał, leci kopia posektorowa.

#informatyka #hardware #diy #heheszki #pcmasterrace

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.16.md

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) - https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development - https://blog.calif.io/p/vibe-hacking-abusing-developer-trust

From Process Injection to Function Hijacking - https://klezvirus.github.io/posts/From-stomping-to-hijacking/#function-stomping

How to fuse CTI with threat hunting - https://feedly.com/ti-essentials/posts/how-to-fuse-cti-with-threat-hunting

Declarative Binary Parsing for Security Research with Kaitai Struct - https://husseinmuhaisen.com/blog/declarative-binary-parsing-for-security-research-with-kaitai-struct/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.14.md

Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) - https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/

The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools - https://www.safebreach.com/blog/process-injection-using-windows-thread-pools/

OmniProx: Multi-Cloud IP Rotation Made Simple - https://blog.zsec.uk/omniprox/

When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE + DoS) - https://ashes-cybersecurity.com/0-day-research/

From Support Ticket to Zero Day - https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2025.12.12.md

Breaking change on GitHub Actions pull_request_target - https://blog.richardfan.xyz/2025/11/17/github-actions-pull-request-target-changes.html

How to Research & Reverse Web Vulnerabilities 101 - https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities

A File Format Uncracked for 20 Years - https://landaire.net/a-file-format-uncracked-for-20-years/

From Drone Strike to File Recovery: Outsmarting a Nation State - https://profero.io/blog/from-drone-strike-to-file-recovery-outsmarting-a-nation-state

CVE-2025-6554: The (rabbit) Hole - https://retr0.zip/blog/cve-2025-6554-the-rabbit-hole.html

#informatyka