{"uuid": "81412ab1-337d-40c3-8cc3-8053c0c90a5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38146", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3195", "content": "Hackers Factory \n\nAn exploit has appeared for RCE ThemeBleed in Windows 11\n\nProof-of-concept for CVE-2023-38146 has been released, allowing remote code execution\n\nThe vulnerability received a CVSS score of 8.8 and can be exploited if the victim opens a malicious .THEME file\n\nThe .THEME file contains a reference to the .msstyles format used to customize the appearance. Using such a file, a hacker can use the bug to inject a malicious DLL\n\nThemeBleed RCE: Proof-of-concept.\n\nThis repository contains an exploit for the vulnerability we wrote about above\u2601\ufe0f\n\nRepository link: https://github.com/gabe-k/themebleed\n\nTelegram get Remote IP\n\nGet the IP address of the user during #Telegram call to obtain geolocation of ISP. It might have some bugs since on Android, it returns only local, not external IP Github:\n\nhttps://github.com/n0a/telegram-get-remote-ip\n\nNew analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples\n\nhttps://github.com/volexity/donut-decryptor\n\nBabelInkCrypt is an open-source project that combines encryption, library of babel, and video making to create a secure infinite storage system.\n\nhttps://github.com/youneshlal7/BabelInkCrypt\n\nSimple PoC for demonstrating Race Conditions on Websockets\n\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\nHun2race is an automated report generation tool designed for bug hunters and penetration testers.\n\nhttps://github.com/sudobyter-hub/Hun2race\n\nIntroduction to SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.\n\nhttps://github.com/CYS4srl/SensitiveDiscoverer\n\nThe OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.\n\nhttps://github.com/IvanGlinkin/Fast-Google-Dorks-Scan\n\nAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests\n\nhttps://github.com/portswigger/autorize\n\nCode Coverage Exploration Plugin for Ghidra\n\nhttps://github.com/nccgroup/Cartographer\n\nRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.\n\nhttps://github.com/ihebski/A-Red-Teamer-diaries\n\n#infosec #cybersecurity #hackersfactory\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-18T07:26:18.000000Z"}