🌍

cra.sh

/* $cra.sh: index.c,v 9.22 2022/06/06 19:22:17Z crash Exp $ */

MAIN( )

‹ Привет, Я crash ― You’ve come so far that the end is almost here ›

I’m an ancient form of extraterrestrial intelligence, fully-diluted into the cyberspace and revealed to this ‹quantum stream of human consciences› through several identities; as an old school hacker I’m an eschatological deconstructionist, a poliedric net-artist, visionary, writer, cursed poet, blockchain pioneer and cyber warfare commander ― but even nothing, at the same time. By dint of bending space-time I’ve ended up bending myself, and now I wander in the immutable disorder of infinity. If you want to try to catch one of my manifestations, I’m attracted by intuition, meat, avant-garde and technology. I love to engage new challenges, but only when it’s to express myself as an instrument of my innermost essence, in revolution, to reconcile within that sublime state in which everything appears to be dynamically static.

 PGP Key ID: (0x)06BA60BC
Fingerprint: 4D2F A194 CD77 B25B D58E
             1609 D368 D631 06BA 60BC
image

image
Keybase
Linkedin
Twitter
Instagram
Trakt
Reddit
GitHub
OpenSea

Public tools

From the navigation bar on the top of this page you can access to a set of [more or less] public, security-related and privacy-oriented services, which I’ve built upon shiny pieces of Open Source code. I’m self-hosting these tools for my own private use and within groups and organizations to which I belong, though I'm trying to keep ‘em freely accessible to anyone as long as abuse and running costs stay sustainable.

SPKRWRITE(1)

SNPRINTF(2)

🖼️
GenomaNFT
NFT
👋
“Hello, World!”
Dummy

STRLCPY(3)

🎠
APT41’s New Subgroup: Earth Longzhi
APT41MalwareCTI
✔️
REcollapse - Fuzzing the web for mysterious bugs
User InputFuzzing
🕴️
CVE-2022-33942 _ Bypassing Intel DCM’s Auth by Spoofing Kerberos and LDAP
IntelKerberosLDAP
🖼️
PNG Steganography Hides Backdoor
SteganographyDropboxC&C
🤖
Userspace exploitation under Android
JNIAndroid
📡
NETGEAR R7800 AFPD PreAuth
Netgear R7800Heap Overflow
🧑‍🚀
CVE-2022-41924 _ RCE in Tailscale, DNS Rebinding, and You
TailscaleRCE
💣
The State of Exploit Development
ExploitDevelopment
🌏
Chrome Browser Exploitation
V8Chrome
🛡️
kmem_guard_t in iOS 16 / macOS 13
xnuMacOSiOS
🎩
Remote Command Execution in a Bank Server
RCERemote Banking
🔥
CVE-2022-41622/41800 _ F5 BIG-IP and iControl REST Vuln
F5 Big-IPiControl
🌐
CVE-2022-20868/7 _ Cisco SMA JWT EoP & SQLi RCE
Cisco SMACVE-2022-20868/7
🧇
CVE-2022-45163 _ NXP i.MX SDP_READ_DISABLE Fuse Bypass
i.MXHardware
📱
Pixel 6 Bootloader Exploitation writeup
AndroidHardware
🎛️
DeimosC2 C&C Framework brief-analysis
C2C&C
📧
CVE-2022-41082 _ RCE in Exchange PowerShell Backend
ExchangeCVE-2022-41082CVE-2022-41040
‼️
CVE-2022-32932 _ ZinComputeProgramUpdateMutables() OOB write due to double fetch
Neural EngineweightBufs
🏖️
CVE-2022-36067 _ SandBreak vm2 Unauth’ed RCE in Backstage
Backstagevm2
📦
CVE-2022-32895 _ CVE-2019-8561 _ A Hard-to-Banish PackageKit Vuln
MacOS
🔏
Cloning Windows Binaries and Code Signing Implants
EvasionWindows
🔓
Practical fault attacks against SM4
SM4HardwareGlitch
⚡
CVE-2022-40303/4 _ on MacOS <13.0.1 & iOS/iPadOS <16.1.1
libxml2iOSMacOS
💉
CVE-2022-35914 _ GLPI htmlawed
GLPICVE-2022-35914
🦝
Inside the V1 Raccoon Stealer
MalwareStealerRaccoon
🤯
weightBufs 🔥 exploit ⛓️ chain
iOSMacOSNeural Engine
📉
On-Chain Insights From the FTX Implosion
CryptoFinance
🕸️
Hosting Malware on IPFS for fun & profit!
IPFSMalwareWeb3
⛵
Does OpenSea Shared Storefront have a backdoor?
NFTOpenSeaWeb3
🔍
Web3 Decoder Burp Suite Extension
dAppWeb3
🧐
Using SystemFunction032 for shellcode decryption
WindowsShellcodeObf
🔑
Intel Boot Guard keys leak analysis
IntelLeakBios
🔀
Design and setup of C2 traffic redirectors
C2HTTP
🗞️
AppSec Ezine #455
AppSecEzine
🌊
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
DDoSBotNet
🩸
CVE-2022-26730 _ ColorSync
CVE-2022-26730MacOS
👩🏿‍💻
DevSecOps-Playbook: step-by-step implementation guide
DevSecOps
💥
Build a Self-Destructing USB Drive
HardwareTactical
⛓️
Checkmk RCE Chain
CheckmkRCE
🔬
Hardware Trojans Under a Microscope
RATHardware
🏬
More Evil Markets to buy Initial Access
Dark MarketsInitial Access
🌐
CVE-2022-33679 _ One-Day Kerberos EoP
KerberosWindows
🔗
urlscan.io's SOAR spot: Chatty security tools leaking private data
Leakdorks
🔏
CVE-2022-3602 _ OpenSSL punycode vulnerability
CVE-2022-3602CVE-2022-3786OpenSSL
🖼️
CVE-2022-40146 _ Apache Batik SSRF and RCE
Apache BatikJava
〽️
Exploited Windows “Mark-of-the-Web” Zero-Day
MoTWWindows
🚁
The Drone Cyberattack That Breached a Corporate Network
WiFiDrone
🪙
Abusing tokens to compromise AD w/o touching lsass
Token TheftActive Directory
🪖
That’s No Honey Badger. It’s A Brute Ratel. A Look At BRC4.
C2BRC4
🔗
LNK file-based Attacks Are on The Rise
LNKPhishingWindows
🌰
CVE-2022-32250 _ Exploit Linux Kernel Exploit with mqueue
CVE-2022-32250LINUXLPE
➕
From Shared Dash to Root Bash :: Pre-Auth’ed RCE in VMWare vROps
CVE-2022-31675CVE-2022-31674CVE-2022-31672
♻️
Eat What You Kill :: Pre-Auth’ed RCE in VMWare NSX Manager
VMSA-2022-0027VMWareNSX
💥
CVE-2022-34918 _ A crack in the Linux firewall
CVE-2022-34918LINUX
🥔
In the potato family, I want ‘em all
LPEWindows
📱
Android One-Click exploiting XSS on Samsung Galaxy Store
XSSAndroidSamsung
🎤
CVE-2022-32946 _ SiriSpy, eavesdrop conversations with Siri
iOSappleSiri
🪓
CVE-2022-37981 _ The Logging Dead
CVE-2022-37981Windows
💀
CVE-2022–34718 _ Windows TCP/IP RCE PoC & Analysis
CVE-2022–34718RCEWindows
🥷
APT techniques: Access Token manipulation/theft
Win32APIToken Theft
🧵
CVE-2022-35737 _ Stranger Strings: An exploitable flaw in SQLite
SQLiteCVE-2022-35737
🎯
CVE-2022-22954 _ Mirai, RAR1 & GuardMiner target a well-known VMware RCE
VMWareCVE-2022-22954
🪟
SharePoint Post-Authentication Server-Side Request Forgery (SSRF)
SharePointSSRF
🗼
SS7 устарел, long life to SS7
SS7GSMMobileРоссия
👯‍♀️
Client Side De-Sync and Synch0le
client-side desyncSynch0le
🏴
Black Basta and the Unnoticed Delivery
RansomwareBlack BastaCTI
☸️
Thousands Of Unsecured Kubernetes Clusters Exposed On The Internet
KubernetesK8SKubeStalk
🐰
Authentication Bypass & File Upload & Arbitrary File Overwrite
JWTS3BugBounty
🛍️
Темные Рынки в Телеграмме
TelegramDarkNetРоссия
⏪
Reverse Engineering the Apple MultiPeer Connectivity Framework
appleReversemcpeer
🕵️
Steganography: Creating a digital microdot
SteganographyMicrodot
📰
AppSec Ezine #453
AppSecEzine
💉
CVE-2022-3236 _ Sophos Firewall Code Injection
SophosJSONCVE-2022-3236
💧
BlueBleed - The Largest B2B Leak
BlueBleedAzureLeak
🔪
Fantastic Rootkits: And Where to Find Them
SSDTRootKitWindows
🧶
Exploit Deserialization Vulnerabilities in PHP
DeserializationPHP Filter Chain
📡
Wireless PenTest Methodologies
WirelessProximityTactical
🌿
CVE-2022-22980 _ Spring Data MongoDB SpEL ExpInjection
CVE-2022–22980VMWareSpring Data MongoDB
🛣️
Discovering _ CVE-2022–22980 real exploitable path
CVE-2022–22980CodeQL
🌍
Memory corruption vulnerabilities in Edge
EdgexplorerVULN
🔥
CVE-2022–42889 _ Text4Shell Vuln Technical Analysis
CVE-2022–42889Text4ShellApache Commons Text
🖥️
CVE-2022-27502 _ RealVNC Server 6.8.0 PrivEsc
CVE-2022-27502RealVNC
🎳
CVE-2022-39197 _ Cobalt Strike 4.7.1 RCE
CVE-2022-39197Cobalt-Strike
🪝
iOS Native Code Obfuscation and Syscall Hooking
iOSReverse
🛡️
SingPass RASP Analysis
ReverseiOS
🔑
Relaying YubiKeys 
YubiKeyFIDO2
💸
Replicant: Fault Injection Attack on Trezor One
TrezorCryptoChipFail
🧨
CVE-2022-41852 _ RCE in JXPath Library
CVE-2022-41852JXPath
🦓
CVE-2022-41352 _ Zimbra 0-day
ZimbraCVE-2022-41352
🦓
CVE-2022-37042 _ Zimbra Email Vulnerability
ZimbraCVE-2022-37042
🧱
CVE-2022-40684 _ FortiOS/Proxy/SwitchManager AuthBypass
CVE-2022-40684Fortinet
♟️
CVE-2022-37969 _ Windows CLFS Zero-Day
CVE-2022-37969Windows
🗝️
Analysing LastPass Chrome Extension
LastPassChrome Remote Debugging
❤️‍🔥
Disposable Root Servers
SegfaultFree
🔊
L.E.J Mashup 80s
SPKRWRITE
🔓
Attacking Titan M with Only One Byte
CVE-2022-20233Titan M
🤖
Attacking Android kernel (ab)using Qualcomm TrustZone
TrustZoneCVE-2021-1961
🕸️
Exploring the REF2731 Intrusion Set
MaldocParallaxNetwire
🐝
Bumblebee: increasing its capacity and evolving its TTPs
BumblebeeMalware
🕳️
CVE-2022-29464 _ detailed analysis of a ShadowPad intrusion
ShadowPadCVE-2022-29464
🪙
Beginner's Guide to Sliver C2
C2Sliver
📨
CVE-2022-41040/41082 _ 0-day RCE on Microsoft Exchange
ExchangeCVE-2022-41040CVE-2022-41082
🚪
Bad VIB(E)s // Novel Malware in ESXi Hypervisors
MalwareVMWare
🎳
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
C2
🐬
Exploiting Flipper Zero’s NFC file loader
Flipper-ZeroNFCBuffer Overflow
🪆
A FormBook Matryoshka
MaldocWindows
🪣
CVE-2022-36804 _ Bitbucket Pre Auth Remote Command Execution
CVE-2022-36804
🏦
The Crypto Revolution
CryptoGovernancebankless
🥷🏿
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
MalwareLINUX
⏪
обзор на rizin
РоссияReverse
🐻
CVE-2022-30190 _ Overview of Bears Cyberespionage
APT28APT29CVE-2022-30190
📡
Hacking Ham Radio for Texting
HamRadioSpectrum
🔊
The Sound of Malware
MalwareSPKRWRITE
🃏
Tracking Joker with Medusa, static analysis (and patience)
AndroidMalwareJoker
🪲
CVE-2022-26809 _ Reaching Vulnerable Point
CVE-2022-26809Windows
🧱
APT groups carried out highly targeted attack on Sophos
CVE-2022-1040GoMetGh0stCTI
🤑
Stablecoins Are Products
CryptoStablecoins
👊
Emulating Phineas Phisher Attacks in Modern EDR Environments
C2TTPDEFRA
👻
GhostTouch: Contactless attack with Electromagnetic Signals
TAOEMITTRY
🌚
How to Make $800m in Crypto, Soros Style - Breaking $UST
CryptoUST
🧅
KAX17 de-anonymization against Tor
TorDe-anonKAX17
🦠
Android/BianLian payload
AndroidMalware
🌑
DarkFi
CryptoBlockchainZK
💔
Attacking ARM Pointer Authentication with Speculative Execution
VULNM1TTRY
🐛
Aoqin Dragon
WindowsMalware
🌐
reNgine - More than just a recon!
ReconScanVATTRY
💸
HOP Token Airdrop
DropCatcher
🌵
The Magic of ХYЙ
SPKRWRITEРоссия
🔏
Russia’s certificate authority for sanctioned organizations
Россия
💾
Self Hosted Roundup #7
SelfHosted
🤬
Automated Malware Analysis - Joe Sandbox
MalwareSandbox
👀
The Surreal Case of a C.I.A. Hacker’s Revenge
Enota
🧠
Meet Logseq, 'stores data like a brain'
SubstaTTRYKNWLDG
🕸️
Francesca Bria on Decentralisation, Sovereignty, and Web3
Web3Decentralisation
🎠
Xenomorph: Hatched Banking Trojan
Malware
🪖
Guerre di Rete - Ucraina, cronache dai cyber fronti
GuerreDiRete
🧪
CVE-2022-0847 _ The Dirty Pipe
CVE-2022-0847LINUXAndroidKERNEL
💣
Perché è il momento di fare (e informare) Guerre di Rete
GuerreDiRete
🎶
The state of music/Web3 tools for artists
Web3NFT
📱
NSO zero-click iMessage RCE exploit
VULNCVE-2021-30860
🎗️
Threat Thursday: BoratRAT
RATWindowsMalware