C2 & Beacon: PoC e análise
★ featuredEssa é uma PoC de um agente de execução remota via C2. A ideia inicial desse agente é ser o mais simples possível e parecer inofensivo à primeira vista.
finger — andre@hackerfofo
, ,
$, $, ,
"ss.$ss. .s'
, .ss$$$$$$$$$$s,
$. s$$$$$$$$$$$$$$\`$$Ss
"$$$$$$$$$$$$$$$$$$o$$$ ,
s$$$$$$$$$$$$$$$$$$$$$$$$s, ,s
s$$$$$$$$$"$$$$$$""""$$$$$$"$$$$$,
s$$$$$$$$$$s""$$$$ssssss"$$$$$$$$"
s$$$$$$$$$$' \`"""ss"$"$s""
s$$$$$$$$$$, \`"""""$ .s$$s
s$$$$$$$$$$$$s,... \`s$$' \`
\`ssss$$$$$$$$$$$$$$$$$$$$####s. .$$"$. , s-
\`""""$$$$$$$$$$$$$$$$$$$$#####$$$$$$" $.$'
Posable artist: "$$$$$$$$$$$$$$$$$$$$$####s"" .$$$|
-Tua Xiong "$$$$$$$$$$$$$$$$$$$$$$$$##s .$$" $
$$""$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" \`
$$" "$"$$$$$$$$$$$$$$$$$$$$S""""'
, ," ' $$$$$$$$$$$$$$$$####s
$. .s$$$$$$$$$$$$$$$$$####"
, "$s. ..ssS$$$$$$$$$$$$$$$$$$$####"
$ .$$$S$$$$$$$$$$$$$$$$$$$$$$$$#####"
Ss ..sS$$$$$$$$$$$$$$$$$$$$$$$$$$$######""
"$$sS$$$$$$$$$$$$$$$$$$$$$$$$$$$########"
, s$$$$$$$$$$$$$$$$$$$$$$$$#########""'
$ s$$$$$$$$$$$$$$$$$$$$$#######""' s' ,
$$..$$$$$$$$$$$$$$$$$$######"' ....,$$.... ,$
"$$$$$$$$$$$$$$$######"' , .sS$$$$$$$$$$$$$$$$s$$
$$$$$$$$$$$$#####" $, .s$$$$$$$$$$$$$$$$$$$$$$$$s.
) $$$$$$$$$$$#####' \`$$$$$$$$$###########$$$$$$$$$$$.
(( $$$$$$$$$$$##### $$$$$$$$###" "####$$$$$$$$$$
) \\ $$$$$$$$$$$$####. $$$$$$###" "###$$$$$$$$$ s'
( ) $$$$$$$$$$$$$####. $$$$$###" ####$$$$$$$$s$$'
) ( ( $$"$$$$$$$$$$$#####.$$$$$###' .###$$$$$$$$$$"
( ) ) _,$" $$$$$$$$$$$$######.$$##' .###$$$$$$$$$$
) ( ( \\. "$$$$$$$$$$$$$#######,,,. ..####$$$$$$$$$$$"
( )$ ) ) ,$$$$$$$$$$$$$$$$$$####################$$$$$$$$$$$"
( ($$ ( \\ _sS" \`"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$S$$,
) )$$$s ) ) . . \`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"' \`$$
( $$$Ss/ .$, .$,,s$$$$$$##S$$$$$$$$$$$$$$$$$$$$$$$$S"" '
\\)_$$$$$$$$$$$$$$$$$$$$$$$##" $$ \`$$. \`$$.
\`"S$$$$$$$$$$$$$$$$$#" $ \`$ \`$
\`"""""""""""""' ' ' '
$ finger andre
Login: andre
Name: André Ribas
Bio: Hi there! I'm a mid-level FullStack Developer from Brazil, though my real love lies in backend development. I currently work at a software development company, where I get to build systems that solve real problems every day.
Location: 📍 Brazil
Website: https://andre.ribassu.com
$ ls ~/publications/
4 file(s) found
📡 author_publications
03
→
02
O Retorno do Cache Poisoning
Recentemente, dois fantasmas do passado voltaram a assombrar o coração da Internet: cache poisoning em DNS. As vulnerabilidades críticas CVE-2025-40778 e CVE-2025-40780, descobertas no BIND 9, reacendem um risco que muitos já consideravam enterrado.
#dns#web-security
→
01
SQL Injection, sério?
Se você já tem alguma experiência ou já mexe com bancos de dados há algum tempo, deve estar se perguntando: 'SQL Injection em pleno 2025?'
#sql-injection#pentest#web-security
→
00
Como hackeei um site gov.br
Em teoria um site do governo deveria ser um desafio e tanto quando se trata de segurança, mas os gov.br são internacionalmente reconhecidos como os mais vulneráveis a ataques básicos, como o que vou mostrar nesse artigo.
#dns#pentest#web-security
→