| #include <Windows.h> | |
| #include <stdio.h> | |
| #include "VEH.h" | |
| #include "ntos.h" | |
| #include "ntrtl.h" | |
| //#include "peb.h" | |
| #include "ntldr.h" | |
| #include "hwbp.h" | |
| #include "base\helpers.h" |
#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]
Taoguang Chen <@chtg> - Write Date: 2015.1.29 - Release Date: 2015.2.20
A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone objects's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.6
Affected is PHP 5.5 < 5.5.22
This is the writeup for the Array.sort solution path for the Ancients
Solaris challenge. It does not use the Gopher+ bug.
The target is Internet Explorer 5 for Solaris 2.6/SPARC. The broker launches the browser on a submitted HTTP URL and considers the challenge solved when the browser executes:
This challenge was solved with a memory corruption bug in Internet Explorer 5
for Solaris/SPARC, specifically in libwininet.so's Gopher+ handling.
The short version is:
FUN_0004e1c8 write a second logical body line
through a shifted pointer into a fixed stack buffer
Date: 2026-04-10
Analyst: nemesis
Classification: Trojan / Backdoor (Alien RAT variant)
Severity: CRITICAL
Campaign ID: CityOfSin (extracted from C2 callback UTM parameters)
Scope: CPUID official domain compromise affecting CPU-Z, HWMonitor, HWMonitor Pro, PerfMonitor 2, powerMAX + separately FileZilla
Status: Breach confirmed and fixed by CPUID; site was compromised ~6 hours on April 9-10, 2026
CPUID Statement: "A secondary feature (a side API) was compromised for approximately six hours [...] causing the main website to randomly display malicious links. Our signed original files were not compromised."
| ; x96 shellcode (x32+x64) by aaaddress1@chroot.org | |
| ; yasm -f bin -o x96shell_msgbox x96shell_msgbox.asm | |
| section .text | |
| bits 32 | |
| _main: | |
| call entry | |
| entry: | |
| mov ax, cs | |
| sub ax, 0x23 | |
| jz retTo32b |
| /* | |
| * blasty-vs-fiwix.c -- by blasty <peter@haxx.in> | |
| * | |
| * 0day exploit for Fiwix OS i386 (tested on Fiwix 1.7.0) | |
| * | |
| * THEY HAVE PLAYED US FOR ABSOLUTE FOOLS! | |
| * DO NOT TRUST SMALL UNIX-LIKE KERNELS! | |
| * | |
| * Fiwix OS has multiple TTY ioctl vulnerabilities that allow | |
| * arbitrary kernel memory read and write. |
| using System; | |
| using System.IO; | |
| using System.Security.Cryptography; | |
| using System.Runtime.Serialization.Formatters.Binary; | |
| namespace hawktracewsus | |
| { | |
| class Program | |
| { | |
| static void Main() |
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
| // based on https://gist.github.com/hax0kartik/e358ce447a4537bcef534aa8de84817c | |
| #include <idc.idc> | |
| static FuncDump(f, start) | |
| { | |
| auto ea, str, teststr; | |
| ea = start; | |
| while( ea != BADADDR ) |