@lsof profile picture
lsof @lsof

lsof is a *nix program. On Windows its called handle. Useful for finding rootkits. Worked in the classified world for 20 years, now trying in the corporate one.

Joined May 2009
  • Tweets 183
  • Following 126
  • Followers 22
5 Photos and videos
lsof retweeted
_SiCk
@encrypted_past
Jun 7
This is kinda dope github.com/wesmar/KernelRese… @wesmarpl

GitHub - wesmar/KernelResearchKit: Windows 11 kernel research framework demonstrating DSE bypass on...

Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu...

github.com
1
46
202
10,825
lsof
@lsof
Jan 25
SmarterMail - Fresh admin access flaw being actively exploited. Remote attackers can gain full admin privileges. Check: netstat -an | findstr :9998 Source: @SecurityWeek securityweek.com/fresh-smart…

Fresh SmarterMail Flaw Exploited for Admin Access

The exploitation of the authentication bypass vulnerability started two days after patches were released.

securityweek.com
36
lsof
@lsof
Jan 25
SmarterMail Fresh Flaw - New vulnerability allows attackers to gain admin access. Different from previous auth bypass - actively being exploited. Check: netstat -an | findstr :9998 Source: securityweek.com/fresh-smart…

Fresh SmarterMail Flaw Exploited for Admin Access

The exploitation of the authentication bypass vulnerability started two days after patches were released.

securityweek.com
25
lsof
@lsof
Jan 25
🚨 Fresh SmarterMail flaw being actively exploited for admin access takeover Check: Get-Service | Where-Object {$_.Name -like "*SmarterMail*"} | Select Name,Status,DisplayName Source: securityweek.com/fresh-smart…

Fresh SmarterMail Flaw Exploited for Admin Access

The exploitation of the authentication bypass vulnerability started two days after patches were released.

securityweek.com
16
lsof
@lsof
Jan 23
CISA KEV Alert - 4 new vulnerabilities added to Known Exploited Vulnerabilities catalog. Active exploitation confirmed. Check: Invoke-WebRequest -Uri "cisa.gov/known-exploited-vul…" | Select-String "2025-01" Source: @CISACyber

Known Exploited Vulnerabilities Catalog | CISA

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative...

cisa.gov
32
lsof
@lsof
Jan 22
CVE-2026-1328 - Totolink NR1800X router RCE via setWizardCfg function in /cgi-bin/cstecgi.cgi Check: curl -X POST http://[router-ip]/cgi-bin/cstecgi.cgi -d "action=setWizardCfg" Source: cve.org/CVERecord?id=CVE-202…
268
lsof
@lsof
Jan 22
CVE-2025-65098 - Typebot chatbot builder XSS allows credential theft from users (pre-3.13.2) Check: docker exec typebot cat package.json | grep version Update to 3.13.2 Source: cve.org/CVERecord?id=CVE-202…
160
lsof
@lsof
Jan 22
CVE-2026-24009 - Docling Core PyYAML RCE vulnerability in document processing library Check: pip list | grep docling-core Patch: pip install --upgrade docling-core Source: cve.org/CVERecord?id=CVE-202…
162
lsof
@lsof
Jan 22
CVE-2025-69764 - Tenda AX3 router stack buffer overflow in formGetIptv function leads to RCE Check: curl -X POST http://[router-ip]/goform/formGetIptv -d "stbpvid=$(python -c 'print("A"*300)')" Source: cve.org/CVERecord?id=CVE-202…
72
lsof
@lsof
Jan 22
CVE-2025-67683 - Quick.Cart XSS via sSort parameter allows JavaScript execution Check: grep -r "sSort" /var/www/html/ 2>/dev/null Source: cve.org/CVERecord?id=CVE-202…
57
lsof
@lsof
Jan 22
CVE-2026-23760 - SmarterMail auth bypass in password reset API (builds <9511) Check: Get-ItemProperty "HKLM:\SOFTWARE\SmarterTools\SmarterMail" -Name Version Source: cve.org/CVERecord?id=CVE-202…
95
lsof
@lsof
Jan 22
CVE-2025-13928 - GitLab CE/EE versions 17.7-18.8.1 unauthorized access vulnerability Check: sudo gitlab-ctl status | grep "run:" Source: cve.org/CVERecord?id=CVE-202…
163
lsof
@lsof
Jan 22
CVE-2025-13927 - GitLab CE/EE versions 11.9-18.8.1 allow unauthorized access Check: gitlab-rake gitlab:env:info | grep "GitLab information" Source: cve.org/CVERecord?id=CVE-202…
147
lsof
@lsof
Jan 22
CVE-2026-0723 - GitLab CE/EE versions 18.6-18.8.1 vulnerable to individual information disclosure Check: curl -s your-gitlab.com/api/v4/versi… | grep version Source: cve.org/CVERecord?id=CVE-202…

IP Geolocation API | ipbase.com

IP Geolocation API - Our global IP address data helps companies to make intelligent & programmatic decisions.

ipbase.com
140
lsof
@lsof
Jan 22
New FortiGate attack wave targeting firewalls - different from previous rogue account campaigns Check: show system status | grep "System time" fnbam --list-blocked-ips Source: securityweek.com/new-wave-of…

New Wave of Attacks Targeting FortiGate Firewalls

Hackers bypass the FortiCloud SSO login authentication to create new accounts and change device configurations.

securityweek.com
12
lsof
@lsof
Jan 22
CVE-2026-1102 - GitLab CE/EE unauthorized access flaw affects versions 12.3 before 18.6.4, 18.7.2, 18.8.2 Check: gitlab-rake gitlab:env:info | grep "GitLab information" Source: cve.org/CVERecord?id=CVE-202…
133
lsof
@lsof
Jan 22
CVE-2025-12738 - Neo4j Enterprise <2025.11.2 & <5.26.17 vulnerable to info disclosure for authenticated users Check: neo4j --version Source: cve.org/CVERecord?id=CVE-202…
53
lsof
@lsof
Jan 22
CVE-2026-1324 - Sangfor Operation & Maintenance System up to 3.0.12 vulnerable via SessionController function Check: curl -k "https://[target]/session" -H "User-Agent: test" -v Source: cve.org/CVERecord?id=CVE-202…
51
lsof
@lsof
Jan 22
CVE-2025-14295 - WebCTRL/i-Vu store passwords in recoverable format, exposing clear-text creds to attackers with file access Check: Get-ChildItem -Recurse -Path "C:\Program Files\*WebCTRL*" -Include "*.config","*.xml" | Select-String -Pattern "password" Source: cve.org/CVERecord?id=CVE-202…
51
lsof
@lsof
Jan 22
FortiGate Attack Wave - Automated attacks creating rogue accounts & stealing firewall configs from FortiGate devices Check: show system admin | grep -v "expected_users" Source: bleepingcomputer.com/news/se…

Hackers breach Fortinet FortiGate devices, steal firewall configs

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf.

bleepingcomputer.com
26
Load more