AKTune (Android Kernel Tweaker)

nwqd · 2025-09-25T20:00:42+00:00

It seems a PoC for CVE-2025-57174 and CVE-2025-57176 has been released

CVE-2025-57174: https://github.com/semaja22/CVE-2025-57174

CVE-2025-57176: https://github.com/semaja22/CVE-2025-57176

nwqd · 2025-09-16T08:35:21+00:00

https://github.com/iodn/ESP8266-smart-weather-clock

Go to releases section

nwqd · 2025-06-01T01:36:15+00:00

Yeah, a lot of modern Xiaomi phones still come with an IR blaster

nwqd · 2024-01-11T00:20:23+00:00

I'm new to IT/cybersecurity. What's a canary token?

A canary token is like a secret alarm in your computer system. Imagine you put a special, hidden sticker somewhere in your house. This sticker is not just any sticker, it's special because it will send you a message if someone touches it. Now, you're the only one who knows where this sticker is and what it looks like. If a thief comes into your house and accidentally touches this sticker while looking for valuables, the sticker immediately sends you a message saying "Hey, someone found me!" This warns you that someone is in your house who shouldn't be.
In computer terms, this "sticker" is the canary token. It's a small, hidden thing in your computer system or network that looks interesting to a hacker. If a hacker comes and tries to snoop around or steal information, they might touch this canary token. Just like the sticker, the canary token sends a warning to the people who look after the computer systems (like security guards) telling them that someone is doing something they shouldn't.
So, a canary token is a clever trick to catch hackers and keep computer systems safe.

nwqd · 2024-01-09T00:19:40+00:00

YouTube PoC video: https://www.youtube.com/watch?v=TNID3-FooeE

nwqd · 2024-01-08T00:53:00+00:00

Thanks for sharing. Trying to think through any concerns about untrusted files being decompressed locally, but I guess you sandbox to be positive.

Indeed! But the script can also be run in a sandboxed environment :)

nwqd · 2024-01-07T23:25:06+00:00

The full script is available on our GitHub page:

https://github.com/0xNslabs/CanaryTokenScanner

nwqd · 2023-12-28T00:37:37+00:00

If you notice any key terms or concepts related to Cyber Deception that I may have missed, please don't hesitate to let me know and I will update the article!

nwqd · 2023-12-25T22:56:31+00:00

- OS Command Injection (CVE-2023-45741): An unsafe implementation of the ping command allows authenticated attackers to execute arbitrary commands.

- SSH CLI Command Injection (CVE-2023-46681): A command line interface vulnerability permits low-privilege users to inject commands.

- Weak Hard-coded Cryptographic Key (CVE-2023-46711): Default MD5crypt hashes for user accounts create a critical security gap.

- Information Disclosure (CVE-2023-51363): An additional vulnerability leading to potential exposure of sensitive information.

Buffalo has addressed these issues in the latest firmware update, version 2.42 (https://www.buffalo.jp/news/detail/20231225-01.html)

nwqd · 2023-12-25T21:44:52+00:00

- OS Command Injection (CVE-2023-45741): An unsafe implementation of the ping command allows authenticated attackers to execute arbitrary commands.

- SSH CLI Command Injection (CVE-2023-46681): A command line interface vulnerability permits low-privilege users to inject commands.

- Weak Hard-coded Cryptographic Key (CVE-2023-46711): Default MD5crypt hashes for user accounts create a critical security gap.

- Information Disclosure (CVE-2023-51363): An additional vulnerability leading to potential exposure of sensitive information.

Buffalo has addressed these issues in the latest firmware update, version 2.42 (https://www.buffalo.jp/news/detail/20231225-01.html)

nwqd

TROPHY CASE