Next Black Hills Information Security webcast is on -- Attack Tactics 8 - Poison the Well w/ Jordan Drysdale & David Fletcher -- Thursday, 7/1 - 1pm ET -- Register: https://lnkd.in/dF5uyh6
This BHIS webcast is a collection of red team tactics that demonstrate some seriously scary vulnerabilities.
Join the BHIS Discord Server to participate in live discussion with the presenters and fellow attendees during the webcast -- https://discord.gg/bhis
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
This BHIS webcast is a collection of red team tactics that demonstrate some seriously scary vulnerabilities.
Join the BHIS Discord Server to participate in live discussion with the presenters and fellow attendees during the webcast -- https://discord.gg/bhis
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
Discord
Join the Black Hills Infosec Discord Server!
Welcome to the Black Hills Infosec Discord server. This is a community where you can ask and answer infosec questions. | 57920 members
Red Team Tactics
1. Finding DOM Polyglot XSS in PayPal the Easy Way
https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way
2. VNC Penetration Testing😀
https://www.hackingarticles.in/vnc-penetration-testing
Malware analysis
1. SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
https://www.guardicore.com/labs/smb-worm-indexsinas
2. Detecting new crypto mining attack targeting Kubeflow and TensorFlow
https://sysdig.com/blog/crypto-mining-kubeflow-tensorflow-falco
exploit
CVE-2020-15368:
How to exploit a vulnerable windows driver.👍🏽
Exploit for AsrDrv104.sys
https://github.com/stong/CVE-2020-15368
Multiple vulnerabilities in Cisco Identity Services Engine (XSS to RCE as root)😎
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/cisco_ise_rce.md
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
1. Finding DOM Polyglot XSS in PayPal the Easy Way
https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way
2. VNC Penetration Testing😀
https://www.hackingarticles.in/vnc-penetration-testing
Malware analysis
1. SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
https://www.guardicore.com/labs/smb-worm-indexsinas
2. Detecting new crypto mining attack targeting Kubeflow and TensorFlow
https://sysdig.com/blog/crypto-mining-kubeflow-tensorflow-falco
exploit
CVE-2020-15368:
How to exploit a vulnerable windows driver.👍🏽
Exploit for AsrDrv104.sys
https://github.com/stong/CVE-2020-15368
Multiple vulnerabilities in Cisco Identity Services Engine (XSS to RCE as root)😎
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/cisco_ise_rce.md
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
Research
"A Mirage of Safety:
Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps", 2021.
https://xlab.tencent.com/en/2021/05/14/A-Mirage-of-Safety-Bug-Finding-and-Exploit-Techniques-of-Top-Android-Vendors-Privacy-Protection-Apps
// A1: Attack from malicious apps
A2: Attack from malicious apps which can gain system previledge
A3: Attackers have physically compromise the phone
Threat Research
1. CVE-2018-18472:
Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation
2. RTSP NAT Slipstream on Google Chrome 89.0
(PoC for CVE-2021-21210)
https://vovohelo.medium.com/how-i-found-my-first-chrome-bug-cve-2021-21210-248a21272248
]-> NAT Slipstream samples:
https://github.com/bananabr/natslipstream
Red Team Tactics
1. GateKeeper macOS Bypass
https://theevilbit.github.io/posts/gatekeeper_not_a_bypass
2. Metadata service MITM allows root privilege escalation (EKS/GKE)
https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE
Threat
1. An EPYC escape:
Case-study of a KVM breakout (PoC for CVE-2021-29657)
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html?m=0
2. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
"A Mirage of Safety:
Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps", 2021.
https://xlab.tencent.com/en/2021/05/14/A-Mirage-of-Safety-Bug-Finding-and-Exploit-Techniques-of-Top-Android-Vendors-Privacy-Protection-Apps
// A1: Attack from malicious apps
A2: Attack from malicious apps which can gain system previledge
A3: Attackers have physically compromise the phone
Threat Research
1. CVE-2018-18472:
Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation
2. RTSP NAT Slipstream on Google Chrome 89.0
(PoC for CVE-2021-21210)
https://vovohelo.medium.com/how-i-found-my-first-chrome-bug-cve-2021-21210-248a21272248
]-> NAT Slipstream samples:
https://github.com/bananabr/natslipstream
Red Team Tactics
1. GateKeeper macOS Bypass
https://theevilbit.github.io/posts/gatekeeper_not_a_bypass
2. Metadata service MITM allows root privilege escalation (EKS/GKE)
https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE
Threat
1. An EPYC escape:
Case-study of a KVM breakout (PoC for CVE-2021-29657)
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html?m=0
2. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
Tencent Xuanwu Lab
A Mirage of Safety: Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps
Author: Xiangqian Zhang, Huiming Liu of Tencent Security Xuanwu Lab 0x0 IntroductionIn this blog, we will detail our research on Android privacy protection apps. We investigated the privacy protection
#بحراني #تهديد #حمله-سايبري
انتشار اکسپلویت- آسیبپذیری بحرانی
PrintNightmare (CVE-2021-1675)
Remote code execution in Windows Spooler Service
این آسیبپذیری بحرانی بوده و تمامی سیستمعاملهای ویندوزی را تحت تاثیر قرار داده و انتشار اکسپلویت آن بصورت عمومی و گسترده بسیار حساس و خطرناک است.
اطلاعات بيشتر
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675
https://github.com/afwu/PrintNightmare
https://github.com/cube0x0/CVE-2021-1675
مايكروسافت هنوز وصله نداده
اما رول هاي شناسايي اين تهديد 😀
براي هوش امنيتي siem هاي وندور هاي مختلف اومده، حالا سازمان شما هوش امنيتي نداره يا درست كانفيگ نشده يا حتي خاموشه نترسيد، نترسيد ما همه با هم هستيم🤲🏻
https://github.com/SigmaHQ/sigma/pull/1588/files
ميبايست تا زمان ارائه وصله از مایکروسافت، در اقدامی فوری بدون چنچ😁مثل ساير اقداماتي كه درس سازمان هاي مختلف ثبت سوابق نميشود و در كميته cab اي مطرح نمي شود🥸 سرویس spooler روی Domain Controllerها
غير فعال
شود
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
انتشار اکسپلویت- آسیبپذیری بحرانی
PrintNightmare (CVE-2021-1675)
Remote code execution in Windows Spooler Service
این آسیبپذیری بحرانی بوده و تمامی سیستمعاملهای ویندوزی را تحت تاثیر قرار داده و انتشار اکسپلویت آن بصورت عمومی و گسترده بسیار حساس و خطرناک است.
اطلاعات بيشتر
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675
https://github.com/afwu/PrintNightmare
https://github.com/cube0x0/CVE-2021-1675
مايكروسافت هنوز وصله نداده
اما رول هاي شناسايي اين تهديد 😀
براي هوش امنيتي siem هاي وندور هاي مختلف اومده، حالا سازمان شما هوش امنيتي نداره يا درست كانفيگ نشده يا حتي خاموشه نترسيد، نترسيد ما همه با هم هستيم🤲🏻
https://github.com/SigmaHQ/sigma/pull/1588/files
ميبايست تا زمان ارائه وصله از مایکروسافت، در اقدامی فوری بدون چنچ😁مثل ساير اقداماتي كه درس سازمان هاي مختلف ثبت سوابق نميشود و در كميته cab اي مطرح نمي شود🥸 سرویس spooler روی Domain Controllerها
غير فعال
شود
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
This media is not supported in your browser
VIEW IN TELEGRAM
بعد از فارابی، ابن سینا و مولوی و... اکنون نوبت نظامی است .
پرژهای مشترک از باکو و ترکیه چند روز پیش در دانشگاه آتاترک ترکیه جمع شدند و نظامی را هم تُرک کردند ماندهام با اشعارش چکار خواهند کرد:
همه عالم تنست و ایران دل نیست
گوینده زین قیاس خجل
-از درو و ديوار ميخوريم!-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
پرژهای مشترک از باکو و ترکیه چند روز پیش در دانشگاه آتاترک ترکیه جمع شدند و نظامی را هم تُرک کردند ماندهام با اشعارش چکار خواهند کرد:
همه عالم تنست و ایران دل نیست
گوینده زین قیاس خجل
-از درو و ديوار ميخوريم!-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
List of awesome reverse engineering resources
https://github.com/wtsxDev/reverse-engineering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
https://github.com/wtsxDev/reverse-engineering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
GitHub
GitHub - wtsxDev/reverse-engineering: List of awesome reverse engineering resources
List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.
Bug Bounty Bootcamp - The Guide to Finding and Reporting Web Vulnerabilities 2021
Info: https://lnkd.in/dwujwzq
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone
Info: https://lnkd.in/dwujwzq
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone
Bug_Bounty_Bootcamp_The_Guide_to_Finding_and_Reporting_Web_Vulnerabilities.pdf
3.2 MB
Bug Bounty Bootcamp - The Guide to Finding and Reporting Web Vulnerabilities 2021
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone
Researchers warn of ongoing cyberattacks coordinated by a Chinese-speaking threat actor targeting the Afghan government.
https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
https://azurecloudai.blog/2021/06/30/how-to-use-the-watchlists-logic-app-connector-for-azure-sentinel/amp/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
Media is too big
VIEW IN TELEGRAM
حاصل نظام تربیت و آموزش
راي به براندازي نظام آموزشي داخل كشور آيا!
- نظر شما چيست!؟-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
راي به براندازي نظام آموزشي داخل كشور آيا!
- نظر شما چيست!؟-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10
🔥 WATCH OUT! Microsoft warns of critical PrintNightmare RCE vulnerability (CVE-2021-34527) being exploited in the wild.
Details: https://thehackernews.com/2021/07/microsoft-warns-of-critical.html
It is separate from the Windows Print Spooler issue (CVE-2021-1675) Microsoft patched recently.
FBI and NSA reveal hacking techniques used by Russian military hackers to target U.S. and European military, government, and political entities.
Details — https://thehackernews.com/2021/07/nsa-fbi-reveal-hacking-methods-used-by.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Details: https://thehackernews.com/2021/07/microsoft-warns-of-critical.html
It is separate from the Windows Print Spooler issue (CVE-2021-1675) Microsoft patched recently.
FBI and NSA reveal hacking techniques used by Russian military hackers to target U.S. and European military, government, and political entities.
Details — https://thehackernews.com/2021/07/nsa-fbi-reveal-hacking-methods-used-by.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
ReDMArk.pdf
470.4 KB
Research
"ReDMArk: Bypassing RDMA Security Mechanisms", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"ReDMArk: Bypassing RDMA Security Mechanisms", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
smart_contract.pdf
90.6 KB
Whitepaper
"Smart Contract Automated Testing Guidelines", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"Smart Contract Automated Testing Guidelines", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
TeeRex.pdf
732.4 KB
Research
"TEEREX: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves", 2020.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"TEEREX: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves", 2020.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
intel_csme_security.pdf
1005.8 KB
Whitepaper
Intel Converged Security and Management Engine (CSME) Security Whitepaper, 2020.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Intel Converged Security and Management Engine (CSME) Security Whitepaper, 2020.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Obfuscated_Access.pdf
2 MB
Research
"Obfuscated Access and Search Patterns in Searchable Encryption", 2021.
]-> Code to run the evaluation:
https://github.com/simon-oya/NDSS21-osse-evaluation
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"Obfuscated Access and Search Patterns in Searchable Encryption", 2021.
]-> Code to run the evaluation:
https://github.com/simon-oya/NDSS21-osse-evaluation
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Securing_Remote_Access_in_Palo_Alto_Networks.epub
19.2 MB
Tech book
"Securing Remote Access in Palo Alto Networks: Practical techniques to enable and protect remote users, improve your security posture, and troubleshoot next-generation firewalls", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"Securing Remote Access in Palo Alto Networks: Practical techniques to enable and protect remote users, improve your security posture, and troubleshoot next-generation firewalls", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
service_mngmnt_infosec_collaborate.pdf
635.7 KB
Blue Team Techniques
"IT Service Management and Infosec: Collaborate for Mutual Success", 2021
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
"IT Service Management and Infosec: Collaborate for Mutual Success", 2021
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Take part in the RangeForce Persistence Challenge July 21 - August 8!
Later this month, we’ll be running exclusive cyber range exercises for members of the RangeForce Community Edition.
Compete for a chance to win prizes while sharpening your cybersecurity skills. Stay tuned for more details about the challenge.
Not yet a member of our free Community Edition? Join now: https://hubs.ly/H0R31lS0
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
Later this month, we’ll be running exclusive cyber range exercises for members of the RangeForce Community Edition.
Compete for a chance to win prizes while sharpening your cybersecurity skills. Stay tuned for more details about the challenge.
Not yet a member of our free Community Edition? Join now: https://hubs.ly/H0R31lS0
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
وقتي ميگوييد به نام خدا،
نشانه آن اين است که خدا با شما باشد.
اگر نيست و حضورش در کارتان آشکار نيست،
پس هنوز به واقع نگفتهايد به اسم خدا.
اگر خدا با انسان باشد، نشانه ها دارد.
نشانه حضور خدا چيست؟
نور است، شفا و برکت است، قدرت و توفيق است
بخشش و محبت است، حمايتي عظيم و پشتيباني شديد، قبول نکردن ظلم، چاپلوسی نکردن، بی منت بخشیدن...
پ ن:
گویند مردی از گرسنگی رو به مرگ بود. شیطان برای او غذایی آورد، به شرط آنکه ایمانش را به او بفروشد. مرد پس از سیری، از فروختن ایمان خود ابا کرد و گفت:
آنچه در گرسنگی فروختم، موهوم و معدومی بیش نبود، چرا که: آدم گرسنه دین و ایمان ندارد!
-گرگ گرسنه چو یافت گوشت، نپرسد
کاین شتر صالح است یا خرِ دجال-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11
نشانه آن اين است که خدا با شما باشد.
اگر نيست و حضورش در کارتان آشکار نيست،
پس هنوز به واقع نگفتهايد به اسم خدا.
اگر خدا با انسان باشد، نشانه ها دارد.
نشانه حضور خدا چيست؟
نور است، شفا و برکت است، قدرت و توفيق است
بخشش و محبت است، حمايتي عظيم و پشتيباني شديد، قبول نکردن ظلم، چاپلوسی نکردن، بی منت بخشیدن...
پ ن:
گویند مردی از گرسنگی رو به مرگ بود. شیطان برای او غذایی آورد، به شرط آنکه ایمانش را به او بفروشد. مرد پس از سیری، از فروختن ایمان خود ابا کرد و گفت:
آنچه در گرسنگی فروختم، موهوم و معدومی بیش نبود، چرا که: آدم گرسنه دین و ایمان ندارد!
-گرگ گرسنه چو یافت گوشت، نپرسد
کاین شتر صالح است یا خرِ دجال-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.11