https://ired.dev/ Tue, 05 May 2026 12:15:39 +0000 MyBB https://ired.dev/showthread.php?tid=54 Sun, 03 Aug 2025 17:39:41 +0000 Clara1337]]> https://ired.dev/showthread.php?tid=54 https://ired.dev/showthread.php?tid=35 Sun, 06 Jul 2025 21:06:12 +0000 Unix_Root]]> https://ired.dev/showthread.php?tid=35 1⃣ CVE-2025-48703: (https://fenrisk.com/rce-centos-webpanel)
RCE in CentOS Web Panel
2⃣ CVE-2025-31200: (https://blog.noahhw.dev/posts/cve-2025-31200)
Zero-click RCE vulnerability in Apple's iOS 18.x
3⃣ CVE-2025-32463: (https://github.com/pr0v3rbs/CVE-2025-32463_chwoot)
Escalation of Privilege to the root through sudo binary with chroot option
4⃣ CVE-2025-49113: (https://github.com/fearsoff-org/CVE-2025-49113)
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization
5⃣ CVE-2025-32433: (https://github.com/ProDefense/CVE-2025-32433)
Unauth RCE in Erlang/OTP SSH]]> 1⃣ CVE-2025-48703: (https://fenrisk.com/rce-centos-webpanel)
RCE in CentOS Web Panel
2⃣ CVE-2025-31200: (https://blog.noahhw.dev/posts/cve-2025-31200)
Zero-click RCE vulnerability in Apple's iOS 18.x
3⃣ CVE-2025-32463: (https://github.com/pr0v3rbs/CVE-2025-32463_chwoot)
Escalation of Privilege to the root through sudo binary with chroot option
4⃣ CVE-2025-49113: (https://github.com/fearsoff-org/CVE-2025-49113)
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization
5⃣ CVE-2025-32433: (https://github.com/ProDefense/CVE-2025-32433)
Unauth RCE in Erlang/OTP SSH]]> https://ired.dev/showthread.php?tid=11 Sat, 14 Jun 2025 15:41:08 +0000 Unix_Root]]> https://ired.dev/showthread.php?tid=11 (How a Screen Sharing Tool Became a Hacker's Window)
⸻
Chapter 1 - Missing Contract
A technology company specializing in software development for a major banking company in the ASEAN region. On the day of the project submission, the client's feedback:
"Unfortunately, your opponent came up with a better pricing package - and, strangely enough, understands the entire architecture you proposed."
This company never shared the architecture with anyone except internally.
I was invited to investigate.
⸻
Chapter 2 - No Poison Code, No Attack
Scan the entire system endpoint, server, email - no ransomware detection, no strange VPN access, no manipulation of suspicious printing or sending files.
But while testing a PM’s (Project Manager) device, I noticed the “ScreenShare Pro” app – a free screen sharing software, manually installed 2 months ago.
“I use it for demo calls with foreign vendors. They say this software is easier to use than Zoom.” – The PM replied.
⸻
Chapter 3 - Deep Investigation Analysis
I threw away the event logs and found:
• ScreenShare Pro opens the session without warning, lasts 45 minutes
• Meanwhile, the user opens files: Project_Proposal_V4. pptx, DB_Design_Confidential. vsdx
• This app doesn't save meeting logs and doesn't show the red frame to warn about sharing
I teamed up with Wireshark and found:
• It's connecting strange TLS to an unknown address server (running on anonymous VPS)
• The protocol used is proprietary - it can't be decoded, but the traffic is quite large, suitable for visual television
⸻
Chapter 4 - The user is exploited
I reset my timeline:
1. The seller asks the PM to install screen sharing software "easier than Z"
2. Download PM from external link (not official website)
3. Every time the demo calls, the seller asks "turn on screen sharing of the entire desktop to easily monitor the operation"
4. One of those times - the moment when the PM opens technical documents to copy paste architectural demo
⸻
Investigation conclusion
• Vector intrusion: Use of trust, forcing victims to install unwanted software
• Behavior: Use screen sharing to record the screen without the need for unique codes or machine hacking.
• Impact level: Leak product architecture, suggest competitors, and convince customers.
⸻
Lesson learned
It’s not the file you send that’s dangerous – it’s what you display.
Modern hackers don’t have to pick locks – they’re waiting for you… Enable sharing at the right time.]]> (How a Screen Sharing Tool Became a Hacker's Window)
⸻
Chapter 1 - Missing Contract
A technology company specializing in software development for a major banking company in the ASEAN region. On the day of the project submission, the client's feedback:
"Unfortunately, your opponent came up with a better pricing package - and, strangely enough, understands the entire architecture you proposed."
This company never shared the architecture with anyone except internally.
I was invited to investigate.
⸻
Chapter 2 - No Poison Code, No Attack
Scan the entire system endpoint, server, email - no ransomware detection, no strange VPN access, no manipulation of suspicious printing or sending files.
But while testing a PM’s (Project Manager) device, I noticed the “ScreenShare Pro” app – a free screen sharing software, manually installed 2 months ago.
“I use it for demo calls with foreign vendors. They say this software is easier to use than Zoom.” – The PM replied.
⸻
Chapter 3 - Deep Investigation Analysis
I threw away the event logs and found:
• ScreenShare Pro opens the session without warning, lasts 45 minutes
• Meanwhile, the user opens files: Project_Proposal_V4. pptx, DB_Design_Confidential. vsdx
• This app doesn't save meeting logs and doesn't show the red frame to warn about sharing
I teamed up with Wireshark and found:
• It's connecting strange TLS to an unknown address server (running on anonymous VPS)
• The protocol used is proprietary - it can't be decoded, but the traffic is quite large, suitable for visual television
⸻
Chapter 4 - The user is exploited
I reset my timeline:
1. The seller asks the PM to install screen sharing software "easier than Z"
2. Download PM from external link (not official website)
3. Every time the demo calls, the seller asks "turn on screen sharing of the entire desktop to easily monitor the operation"
4. One of those times - the moment when the PM opens technical documents to copy paste architectural demo
⸻
Investigation conclusion
• Vector intrusion: Use of trust, forcing victims to install unwanted software
• Behavior: Use screen sharing to record the screen without the need for unique codes or machine hacking.
• Impact level: Leak product architecture, suggest competitors, and convince customers.
⸻
Lesson learned
It’s not the file you send that’s dangerous – it’s what you display.
Modern hackers don’t have to pick locks – they’re waiting for you… Enable sharing at the right time.]]> https://ired.dev/showthread.php?tid=10 Sat, 14 Jun 2025 14:19:32 +0000 Kael]]> https://ired.dev/showthread.php?tid=10
XXXXX(Violation of Forum rules)

You'll find premium courses completely free, from beginner intros to certification prep like CEH, OSCP, CompTIA, and more.

? Perfect for those just starting out or looking to level up without financial barriers.]]>
XXXXX(Violation of Forum rules)

You'll find premium courses completely free, from beginner intros to certification prep like CEH, OSCP, CompTIA, and more.

? Perfect for those just starting out or looking to level up without financial barriers.]]> https://ired.dev/showthread.php?tid=5 Fri, 13 Jun 2025 22:10:37 +0000 Unix_Root]]> https://ired.dev/showthread.php?tid=5 https://github.com/danieldurnea/FBI-tools]]> https://github.com/danieldurnea/FBI-tools]]>