The wormable RDP bug everyone feared is finally live - BlueKeep now drops Monero miners, when it doesnt just BSOD the box. intel.threadlinqs.com/threat… #ThreatIntel #CVE

🪟 CVE-2026-45639: “not BlueKeep panic” but it’s unauthenticated, remote, and reads memory. Translation: RDP is still the vending machine for chaos. Patch today, breathe later. #Windows #Microsoft #RDP #CVE #Cybersecurity windowsforum.com/threads/cve… #PatchManagement #InfoDisclosure

Attacking Networks with a USB Uncontrolled USB ports in a public place are pretty common. Quite often they lead to systems that have access to the corporate network. With a bad USB hackers can either attack the network or the system itself. Everything is done remotely with the USB connecting back to the C2 via VPN. This device becomes the "super gateway" with all the traffic going through it (including other interfaces). That means cookie siphoning, web cache poisoning and passive sniffing are all possible against the device. MS17-010, BlueKeep, PrintNightmare, NetBIOS poisoning, port scanning and many more are possible against the network. This is Part 1, Part 2 is coming soon. Best way to protect yourself is to block unknown USB devices hackers-arise.com/social-eng… @three_cube @_aircorridor #redteam #blueteam

Infrastructure Concept — explained simply RDP (Remote Desktop Protocol) Microsoft’s protocol for remote GUI access. Default port 3389. Unlike SSH (text-only) or VNC (raw pixels), RDP sends drawing commands, a much smaller payload and a smoother experience over slow links. What flows over an RDP session: keyboard mouse input from client screen updates back from the server clipboard sync both directions file transfers, audio, printers Clients you’ll actually use: mstsc.exe (Windows) Remmina (Linux) FreeRDP / Microsoft Remote Desktop (Mac) One rule above all else: never expose 3389 directly to the internet. It gets brute-forced within minutes. Sit it behind a VPN or RD Gateway. Enable NLA. Add MFA. Patch BlueKeep. RDP is one of the most common entry points for ransomware in 2026. Treat it accordingly.

Wake me up when mythos can exploit bluekeep. 🥱

Remote Desktop Penetration Testing (Port 3389) 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Remote Desktop Protocol (RDP) allows users to connect to and control Windows systems remotely through a graphical interface. By default, RDP listens on TCP port 3389, and weak configurations can expose systems to brute-force attacks and remote exploitation. () 📚 Techniques Covered in This Guide 🔎 Nmap Port Scanning 🔐 RDP Brute Force Attack (Hydra) 🛡 Account Lockout Policy Mitigation 💥 Post-Exploitation using Metasploit 🖥 Enabling RDP via Meterpreter 📌 Persistence using Sticky Keys 🔑 Credential Dumping with Mimikatz 🎭 RDP Session Hijacking 🧠 Event Log Analysis for Detection ⚡ DoS Attack (MS12-020) 💣 BlueKeep RCE Exploitation 🔄 Changing RDP Port 🕵️ Man-in-the-Middle Attack (SETH Toolkit) 📖 Article: hackingarticles.in/remote-de… #CyberSecurity #EthicalHacking #Pentesting #RDP #RedTeam #InfoSec

🔐 Quiz Time! Which of the following is a known vulnerability associated with ARM processors often exploited in side-channel attacks? A) Meltdown B) Spectre C) Heartbleed D) BlueKeep Test your knowledge! 🤔 #CyberSecurity #ARMVulnerabilities #Infosec

🔐 Quiz Time! Which of the following is a known vulnerability associated with ARM processors often exploited in side-channel attacks? A) Meltdown B) Spectre C) Heartbleed D) BlueKeep Test your knowledge! 🤔 #CyberSecurity #ARMVulnerabilities #Infosec

When the exploit takes down the target. / Running BlueKeep against 2008 / set rhost 127.0.0.1

Sin Windows Update, sos el Muro después del dragón Windows modificados rompen: -Catálogo de firmas -Servicing Stack -TrustedInstaller -Parcheo crítico Quedás vulnerable a BlueKeep, Follina, PrintNightmare. #Vulnerabilidades #PatchManagement #Exploit #BlueKeep #CVE

I think sometimes, people get a point in time bias, and then shifting that as tech/science evolves is hard. RDP always gets stick, lots of the stick is down to Pre-NLA/Bluekeep/Bad RDP GPOs. These days I see more CVEs in Citrix than RDP. Just like with RDP and NLA, people struggle to see that WiFi with WEP vs WPA3 are worlds apart. The court of public opinion often lags scientific evidence!

Day 0 Common characteristics of kernel exploits ▫️ Privilege escalation: This is a critical aspect of kernel exploit, where attackers upgrade their access rights beyond what is originally permitted/allowed so that they can execute commands, access files and perform other operations that are normally restricted to system administrators or other high-privileged users. ▫️ Bypassing security mechanisms: Kernel exploits are notorious for their ability to circumvent built-in security features, including bypassing sandboxing mechanisms that are designed to contain applications and prevent them from affecting the broader system and evading detection by antivirus and other security software(s). ▫️Direct access to hardware resources: Since the kernel has control over hardware, exploits of this level will let attackers directly interact with system hardware, such as device drives, memory and network interfaces. Persistence: Kernel exploits can provide attackers with the ability to install persistent malware that remains active even after the system is rebooted. This is because they can modify the kernel or load malicious drivers that are executed at boot time. ▫️ Unrestricted system manipulation: With Kernel-level access, attackers cam modify system processes, files and configurations at will, including the ability to modify system logs to cover tracks and change system configs. At this point, the attacker can do whatever they want. ▫️Cross-Component impact: Kernel exploits extend beyond the OS alone, they can also affect other components that interact with the kernel such as device drivers and system utilities. Examples of Kernel-level exploits 1. Dirty COW (CVE-2016-5195) 2. Bluekeep (CVE-2019) 3. Stagefright (CVE-2015-1538 & CVE-2015-3684)...

Road to eJPT: Day 06 -Learned about SMB and how to exploit it. Also completed a lab on it. -Learned about Eternal blue(SMB) and BlueKeep(RDP) vulnerability and how to exploit them.

Kurz gesagt: Windows XP ist für Angreifer „leichtes Wild“; vor allem, sobald die Kiste irgendwie ins Netz ragt. Warum? Kein Support seit 8. April 2014. Es gibt keine regulären Sicherheitsupdates mehr; bekannte Lücken bleiben offen. Nur in absoluten Ausnahmefällen (z. B. WannaCry 2017) gab es Notfall-Patches. (Microsoft Learn) Kritische, „wurmartige“ Remote-Lücken trafen XP direkt: SMBv1/MS17-010 (EternalBlue/WannaCry) – Remote Code Execution über Port 445. Ungepatchte Systeme wurden massenhaft kompromittiert. (Microsoft Learn) BlueKeep (CVE-2019-0708) im RDP – ebenfalls Remote Code Execution; Microsoft warnte ausdrücklich vor nicht unterstützten Systemen wie XP und lieferte ausnahmsweise einen Patch. Fehlende moderne Schutzmechanismen. XP unterstützt keine ASLR-Adress­randomisierung; Exploits lassen sich deshalb deutlich leichter zuverlässig bauen als auf neueren Windows-Versionen. Praxisfazit: Für einen halbwegs versierten Angreifer ist ein exponiertes XP-System rasch kompromittierbar—über alte Protokolle (SMBv1/RDP), Phishing/Drive-by-Downloads oder bekannte Privilege-Escalations. Der Aufwand ist niedrig bis moderat, die Erfolgswahrscheinlichkeit hoch; es existieren seit Jahren öffentliche Exploits und Tools. Behörden warnten wiederholt, kritische Patches (falls vorhanden) sofort einzuspielen—was bei XP oft gar nicht mehr möglich ist. Wenn XP absolut nicht vermeidbar ist (Altsystem/OT): Vollisolieren: eigene VLAN/Zone, kein Internet, nur unbedingt nötige Verbindungen, striktes Firewall-Whitelisting; Ports 445 (SMB) und 3389 (RDP) an der Perimeter-Firewall konsequent blocken. (CISA) RDP möglichst abschalten; falls unvermeidbar: nur über Jump-Host/VPN, starke Authentifizierung, Network-Level-Authentication (NLA ist auf XP nicht nativ), IP-Allowlists. SMBv1 vermeiden (XP kann nur SMBv1—deshalb besser: Fileshares kappen und Datentransfer über kontrollierte, temporäre Wege). Nur eingeschränkte Konten, Application-Whitelisting (SRP), kein E-Mail/Browser, USB strikt reglementieren, tägliche Offline-Backups. Ablöseplan dokumentieren: Für manche OT/Industrie-Umgebungen ist das kurzfristig schwer, aber der Betrieb auf XP bleibt ein strukturelles Risiko. (CISA) Kurzantwort: Für Hacker ist XP einfach zu hacken - vor allem, wenn es erreichbar ist. Wer XP noch betreibt, muss es behandeln wie Sprengstoff: abgeschottet, streng kontrolliert, und mit klarem Datum für die Entsorgung.

2024年8月21日以降、Microsoft RDPサービスに対する大規模スキャンが観測され、GreyNoiseによると24日には3万超のIPが同時に探索を実施した。 通常は1日3〜5件程度のアクセスに過ぎないが、初動の1,971件から急拡大し、今年最大規模の協調的RDP偵察活動とされる。 特徴は精密さで、全IPがRD Web AccessとRDP Web Clientを同時に探索し、約94％が同一シグネチャを持つなど、統一ツールやボットネット利用が示唆される。 攻撃は認証時の応答時間差を悪用し有効ユーザー名を特定するタイミング攻撃に集中しており、後続のパスワードスプレー等に備えた基盤構築とみられる。 攻撃元の7割以上がブラジルに偏在し、対象は米国教育機関を狙った可能性が高い。 BlueKeepの事例同様、大規模スキャンは新脆弱性公表の前兆となる場合が多く、各組織はRDPの堅牢化とインシデント対応準備を早急に進める必要がある。 gbhackers.com/hackers-scan-i…

bizim alanlar gelmiş hemen damlıyorum, Şimdi olayı teknik olabilite ve benim fikirlerim olarak 2 kısımda değerlendireceğim son kullanıcı bilgisayarlar hacklenebilir mi ? Kişisel bilgisayarlara(PC) - evde olan bilgisayarlara 0click ile sızılması senaryosu pek olası değil hatta günümüzde, imkansıza yakın. Nat arkasında olması çoğu zaman fazlasıyla yeterli oluyor. Aynı ağdaysanız 0click ile hedefleyebilirsiniz ama bu senaryo çoğu zaman pek yapılabilir gibi değil, özellikle kişisel bilgisayarlarda. Genelde 0click windows veya linux exploitler lateral movementlar için kullanılıyor veya aynı ağa düştükten bir sonraki hedefe zıplamak için kullanılıyor (eternal blue, bluekeep vs). Ev bilgisayarlarına - son kullanıcı bilgisayarlarına bu exploitler giriş aşaması olarak pek de kullanılmıyor (her bilgisayarda erişilebilir olan ve exploit edilen servisler-uygulamalardan bahsediyorum, web sunucular veya garip uygulamalar değil). Ha ne zaman kullanılır, hedefi ciddi takip edersiniz, aynı ağa bağlanmaya çalışırsınız (starbucks, iş yeri vs) gerekirse fiziksel bir yakınlık kurarsınız (belki bluetooth?) ve öyle denersiniz ama işte bu kadar kasmak yerine 1click ataklar daha yapılabilir oluyor. 1click ataklar ne ? Bir urle tıkladığınızda veya bir email açtığınızda veya bir şeye tıkladığınızda da bilgisayarınız (komple bilgisayardan bahsediyorum) ele geçirilebilir. Terimden de anlaşılacağı üzere sadece 1 click gereklidir. Bunun için nat olmuş olmamış pek önemli değil. O yüzden en derinlere de nüfuz edebilirsiniz, bir çok nat ve fw arkasına mesela. Genelde insanların gündelik hayatlarında kullandığı uygulamalar hedef alınır. Bunlar da çok büyük oranda oranda chromium (electron ile yazılan her app) - veya web browserları hedef alır. Çünkü sadece bir web sitesine gitmeniz yeterli olur günün sonunda. Hacklendiğinizi ruhunuz bile duymaz. Samsung 1click - youtube.com/watch?v=LAIr2laU… chrome 1click - youtube.com/watch?v=uyLJpaED… discord 1click - youtube.com/watch?v=R3SE4VKj… En önemlilerinden biri sanırım op aurora. Google, Çinliler tarafından tam olarak böyle bir browser exploiti ile hedef alındı, bayağı bayağı içlerine sızıldı ve hacklendiler ve sonra bu olayların devamında project zero falan kuruldu. Bu olay önemli bir kırılım noktasıydı en.wikipedia.org/wiki/Operat… Direk Google'ın harika bir belgeseli var burada kesinlikle izlemenizi tavsiye ederim youtube.com/watch?v=przDcQe6… whatsapp hacklenebilir mi - telefon hacklenebilir mi, videoda bahsedilen bilgiler sızdırılabilir mi ? evet, bunu daha önceden de çok kere anlattım, çok detaya girmeye gerek yok. 3-5 yazı bırakıyorum okuyun lütfen. washingtonpost.com/investiga… nytimes.com/2020/01/22/techn… en.wikipedia.org/wiki/Operat… citizenlab.ca/2021/09/forced… -- citizenlabın bir çok araştırması Abi peki sence bizim polisimiz bunları yapıyor mudur ? Belki bu cevabı beklemiyordunuz ama evet. Bu exploitleri 0dan geliştirmeden, satan insanlardan satın almayı tercih edebiliyorsunuz. NSO group, HackingTeam, Exodus, DFSec gibi oluşumlar bu exploitleri devletere ve parası olan kişilere satarlar(Türkiyeden de bir çok bireysel kişinin aldığı dedikoduları yayıldı zaman zaman). Devletler de bunları espiyonaj - kontrespiyonaj için kullanırlar. HackingTeam hackinden sonra sızdırılan mailleri okuyabilirsiniz. Basitçe gov.tr şeklinde bir araştırma yapmanız, bu araçlara kimlerin ilgisinin ne şekilde olduğunu gösterecektir. wikileaks.org/hackingteam/em… Abi peki sence bizim polisimiz cidden bu kadar yapıyor mudur ? Bu exploitler değerli ve pahalı exploitler, kullanmak için de bir knowhow gerekiyor ve bu operasyonların kapsamlı ekiplerce sürdürülmesi gerekiyor. Basit bir polisin asla haberinin bile olmayacağını sanıyorum. Çok nadir ve az kişiye kullanıldığını düşünüyorum, ama evet 0 kullanılıyordur. Ben hedef alınmış mıyımdır veya alınacak mıyımdır ? � oranda hayır. Bu ataklar pahalı ve nadir ataklar. Şu videoyu izleyebilirsiniz bu konu özelinde youtube.com/watch?v=-lamh3sr…

🚨 HACKERS HACKED HACKERS 🚨 North Korea’s elite cyber-espionage group Kimsuky just got wrecked. Internal files? Leaked. Tools? Exposed. Secrets? Public. Here’s what went down 👇🧵 1️⃣ In August 2025, two hackers — “Saber” & “cyb0rg” — broke into a Kimsuky operator’s workstation. Their mission? “Expose them for hacking for all the wrong reasons.” What they found was wild. 2️⃣ The leak: 8.9GB of raw Kimsuky data dropped on DDoSecrets. 📂 Internal tools 📂 Hacking manuals & passwords 📂 Emails & stolen data 📂 Evidence of infiltrating South Korean gov networks & big corporations. 3️⃣ Even crazier — the hackers say they uncovered proof of Kimsuky collaborating with Chinese state hackers, sharing tools & methods. This isn’t the usual “we found malware” — this is inside their actual systems. 4️⃣ Tactics revealed: 🎯 Spearphishing diplomats & journalists 🔓 Exploiting RDP flaws like BlueKeep ⚔️ Stealing credentials with PowerShell attacks 📡 Targeting South Korea, the U.S., and Japan. 5️⃣ Why this matters: It’s extremely rare for a state-backed APT to get hacked themselves. This breach is cybersecurity gold — defenders now have an inside map of one of North Korea’s most active threat groups. 6️⃣ North Korea thought they were the hunters. Turns out… they were the prey. 🐺➡️🐑 #CyberSecurity #Kimsuky #Hackers

🚨 مجموعة Angel Drainer تدخل مجال الفدية كخدمة (RaaS) بإصدار Angel RaaS V1، مع دعم أنظمة متعددة (Linux, Windows, VMware ESXi) وخوارزميات تشفير قوية، واستغلال ثغرة BlueKeep، ولوحة تحكم عبر الويب، وهجمات Double Ransom وKeyID.

🚨 HACKERS HACKED HACKERS 🚨 North Korea’s elite cyber-espionage group Kimsuky just got wrecked. Internal files? Leaked. Tools? Exposed. Secrets? Public. Here’s what went down 👇🧵 1️⃣ In August 2025, two hackers — “Saber” & “cyb0rg” — broke into a Kimsuky operator’s workstation. Their mission? “Expose them for hacking for all the wrong reasons.” What they found was wild. 2️⃣ The leak: 8.9GB of raw Kimsuky data dropped on DDoSecrets. 📂 Internal tools 📂 Hacking manuals & passwords 📂 Emails & stolen data 📂 Evidence of infiltrating South Korean gov networks & big corporations. 3️⃣ Even crazier — the hackers say they uncovered proof of Kimsuky collaborating with Chinese state hackers, sharing tools & methods. This isn’t the usual “we found malware” — this is inside their actual systems. 4️⃣ Tactics revealed: 🎯 Spearphishing diplomats & journalists 🔓 Exploiting RDP flaws like BlueKeep ⚔️ Stealing credentials with PowerShell attacks 📡 Targeting South Korea, the U.S., and Japan. 5️⃣ Why this matters: It’s extremely rare for a state-backed APT to get hacked themselves. This breach is cybersecurity gold — defenders now have an inside map of one of North Korea’s most active threat groups. 6️⃣ North Korea thought they were the hunters. Turns out… they were the prey. 🐺➡️🐑 #CyberSecurity #Kimsuky #Hackers

Una vulnerabilidad de hace 5 años es la más explotada en Méjico. Seguro es del chemba sistema. Y esas bases de datos comprometidas también. Y luego bluekeep. No mamen.