Cyber Creatures

What is Termux ?  Termux is an Android terminal emulator which is based on linux environment. You can perform many attacks ( ex - openport attack , ddos , mitmf , sql injection , etc ) Termux support both rooted and unrooted devices You can termux as a root to perform extra attacks which requires root access . Usage Open the app , you will see graphical interface  Click on install packages , it will download some basic packages ( make sure you are connected with internet ) Now you can use termux Before using it ( make sure you are connected with internet ) What can you do with termux  ? 1. we can perform different attacks  2. Pentesting 3. Vulnerability Scanning 4. Ethical Hacking We can do most of things using termux  How to install Termux  we can normally install termux using F-Droid After installing we have to run some command apt update && apt upgrade -y Window's Installation Download Bluestack Settings Cpu - 4 core Memory - 4gb Performance Mode...

 Introduction On September 9, 2022, Microsoft received a report from Andrea Pierini and Antonio Cocomazzi about Windows's local privilege escalation (LPE) vulnerability. This vulnerability could enable an attacker with limited privileges on a host to gain SYSTEM privileges and read/write any file on the system. Microsoft addressed the LocalPotato vulnerability in the January 2023 patch Tuesday, and a PoC was published on February 10, 2023. This vulnerability, CVE-2023-21746, permits an attacker with low-privilege account access to read/write arbitrary files with SYSTEM privileges. Although the vulnerability does not allow executing commands as SYSTEM, it can be combined with other vectors to achieve this result. On February 13, BlackArrowSec published a privilege escalation PoC that exploits the StorSvc service, permitting attackers to execute code as SYSTEM by writing a DLL file to any directory in the PATH. In this Tryhackme room, both vulnerabilities are investigated, and the go...

A cyber attack is a set of actions performed by threat actors, who try to gain unauthorized access, steal data or cause damage to computers, computer networks, or other computing systems. A cyber attack can be launched from any location. The attack can be performed by an individual or a group using one or more tactics, techniques and procedures (TTPs). The individuals who launch cyber attacks are usually referred to as cybercriminals, threat actors, bad actors, or hackers. They can work alone, in collaboration with other attackers, or as part of an organized criminal group. They try to identify vulnerabilities—problems or weaknesses in computer systems—and exploit them to further their goals. Cybercriminals can have various motivations when launching cyber attacks. Some carry out attacks for personal or financial gain. Others are “hacktivists” acting in the name of social or political causes. Some attacks are part of cyberwarfare operations conducted by nation states against their oppo...

Embrace the Future of Finance with Cloud Accounting! Say goodbye to outdated paper-based methods and welcome the era of efficient and secure cloud accountancy. Using paper for accounting and finance has become a relic of a bygone era. Today several tools and software systems help crunch numbers in a jiff. We know that technology has transformed all aspects of life, and finance is no exception. Who would have thought that the first accounting software released around 45 years ago could be the inception of a revolution in accountants’ lives? And this is not it. As accounting software is becoming robust, innovations are taking over the formers. This means that technological advancements are on the drive. One such incredibly powerful innovation that is gaining immense traction is the cloud accountancy system. In this piece, we will discuss what is it, how it works, and more. Let’s dig in right away!  What is Cloud Accounting? Cloud Accounting refers to the usage of accounting software ...

What is CVE-2023-44487 HTTP/2 Rapid Reset Attack? The ‘Rapid Reset’ technique leverages the ‘stream multiplexing’ feature of HTTP/2, wherein numerous requests and subsequent immediate cancellations cause substantial server-side workload with minimal client-side attacker cost. The attack takes advantage of a feature in HTTP/2 by repeatedly sending and canceling requests, which overwhelms the target website or application, causing it to stop working correctly. HTTP/2 has a safety feature that tries to limit the number of active streams to protect against DoS attacks, but it doesn’t always work effectively. The protocol allows the client to cancel streams without needing the server’s agreement, which is exploited in this attack. Botnets can generate massive request rates, posing a severe threat to targeted web infrastructures.  Considering the CVE-2023-44487 vulnerability, which affects web servers by causing additional load through rapid stream generation and cancellation, potentiall...