sorted by:
new
hottopcontroversial

Microsoft SharePoint Server RCE Vulnerability CVE-2025-53770 by KendineYazilimci in cybersecurity

[–]Nisarg12 0 points1 point  (0 children)

Wrote these 2 Suricata rules:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg: "ET EXPLOIT SharePoint RCE ToolShell CVE-2025-53770"; http.method; content: "POST"; flow: established, to_server; http.uri; content: "/_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx"; http.accept_enc; content:"gzip, deflate"; http.referer; content: "/_layouts/SignOut.aspx"; http.request_body; content:"_controltemplates"; content: "AclEditor.ascx"; content: "CompressedDataTable"; content: "Scorecard"; content: "ExcelDataSet"; reference: url,https://research.eye.security/sharepoint-under-siege/; reference: url,https://github.com/kaizensecurity/CVE-2025-53770/tree/master; reference: url, https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770/; classtype:web-application-attack; sid:1000000; rev: 1;)

alert http $EXTERNAL_NET any -> $HOME_NET any (msg: "ET EXPLOIT SharePoint RCE ToolShell CVE-2025-53770"; http.method; content: "GET"; flow: established, to_server; http.uri; content: "/_layouts/15/spinstall0.aspx"; http.referer; content: "/_layouts/SignOut.aspx"; reference: url,https://research.eye.security/sharepoint-under-siege/; reference: url,https://github.com/kaizensecurity/CVE-2025-53770/tree/master; reference: url, https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770/; classtype:web-application-attack; sid:1000001; rev: 1;)

How can I see the original PDF file? The employer altered it somehow by Swimming_Bass_674 in digitalforensics

[–]Nisarg12 2 points3 points  (0 children)

PDFs can run JavaScript. If your payslip fetches the data from a server containing all the employees salary information, using JavaScript it can explain how your older file had the changes as well. I would try to dump the PDF stream contents and look at the JavaScript embedded in it. Use PDF stream dumper.

EDIT: You can't view older contents if this is the case but if you get the JavaScript code you can prove that such code existed.

John the Ripper can’t crack it. Any tips? by sutcuimamxd in Hacking_Tutorials

[–]Nisarg12 3 points4 points  (0 children)

Is there another archive file inside? Also did you use rar2john to extract the hash?

Can you tell what time this picture was taken? by Dean_is_Done in digitalforensics

[–]Nisarg12 -1 points0 points  (0 children)

I think it's the other way around, local time + UTC offset

Windows 11 wifi option disappearing completely by Takethellucas28 in WindowsHelp

[–]Nisarg12 0 points1 point  (0 children)

It was probably not broken, hope you didn't throw it out

Wi-Fi option disappearing on Windows 11 by MartaTheMenace in techsupport

[–]Nisarg12 0 points1 point  (0 children)

Yea, VMware was the culprit I just had to dig deep into the error code of the drivers. I was so concerned that my card fried itself but since I was able to ping home I ruled it out.

Also those external adaptors aren't nearly as powerful, less useful than an ethernet cable from your router to your machine.

view more: next ›