💥Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk is a mature and advanced commercial C2 framework for lawful red team operations that is specifically built for detection evasion, and it does this well. While Proofpoint researchers are not aware of adoption of Nighthawk in the wild by attributed threat actors, it would be incorrect and dangerous to assume that this tool will never be appropriated by threat actors with a variety of intexfnts and purposes.
🔥🔥🔥PoC of the removed registered LdrDllNotification for your enjoyment.
🔥🔥🔥PoC for utilizing RtlQueueWorkItem to load libraries
Nighthawk is a mature and advanced commercial C2 framework for lawful red team operations that is specifically built for detection evasion, and it does this well. While Proofpoint researchers are not aware of adoption of Nighthawk in the wild by attributed threat actors, it would be incorrect and dangerous to assume that this tool will never be appropriated by threat actors with a variety of intexfnts and purposes.
🔥🔥🔥PoC of the removed registered LdrDllNotification for your enjoyment.
🔥🔥🔥PoC for utilizing RtlQueueWorkItem to load libraries
🔥Vulnerabilities in BMC Firmware Affect OT/IoT Device Security(part1)
By abusing these vulnerabilities, an unauthenticated attacker may achieve RCE with root privileges on the BMC, completely compromising it and gaining control of the managed host. During our research, we uncovered other vulnerabilities whose patching is still in progress and thus cannot be disclosed as of yet; those will be covered in a follow-up blog post.
Our discussion starts with an introduction to BMCs and an illustration of the vulnerabilities discovered. We will then provide an example of how an attacker can abuse these issues to ultimately compromise the device, and conclude with remediations that asset owners can implement.
By abusing these vulnerabilities, an unauthenticated attacker may achieve RCE with root privileges on the BMC, completely compromising it and gaining control of the managed host. During our research, we uncovered other vulnerabilities whose patching is still in progress and thus cannot be disclosed as of yet; those will be covered in a follow-up blog post.
Our discussion starts with an introduction to BMCs and an illustration of the vulnerabilities discovered. We will then provide an example of how an attacker can abuse these issues to ultimately compromise the device, and conclude with remediations that asset owners can implement.
💥NETGEAR R7800 AFPD PreAuth + PoC exploit
A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.
A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.
Forwarded from ㅤㅤㅤ
Containers: Rootful, Rootless, Privileged and Super Privileged.
https://infosecadalid.com/2021/08/30/containers-rootful-rootless-privileged-and-super-privileged/
https://infosecadalid.com/2021/08/30/containers-rootful-rootless-privileged-and-super-privileged/
Forwarded from ㅤㅤㅤ
Boa Web Server 0.94.13_0.94.14 Authentication Bypass.file
2.2 KB
Forwarded from ㅤㅤㅤ
Simmeth_System_GmbH_Supplier_Manager_LFI_SQL_Injection_Bypass.report
13.6 KB
Forwarded from ㅤㅤㅤ
Cisco Secure Email Gateway Malware Detection Evasion.report
7.1 KB
Forwarded from 卩ro 爪Cracker
When an N-Day turns into a 0day. (Part 1 of 2)
Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
Forwarded from 卩ro 爪Cracker
ransomwhere: a ransomware sample to test out your ransomware response strategy.
https://ift.tt/c1o67Ey
Submitted November 28, 2022 at 03:11PM by nindustries
via reddit https://ift.tt/yzC1QrP
https://ift.tt/c1o67Ey
Submitted November 28, 2022 at 03:11PM by nindustries
via reddit https://ift.tt/yzC1QrP
GitHub
GitHub - hazcod/ransomwhere: A PoC ransomware sample to test out your ransomware response strategy.
A PoC ransomware sample to test out your ransomware response strategy. - hazcod/ransomwhere
#tools
#Offensive_security
1. A terminal-based editor for PowerShell
https://github.com/ironmansoftware/psedit
2. Cobalt Strike Community Kit - central repository of extensions written by the user community to extend the capabilities of Cobalt Strike
https://github.com/Cobalt-Strike/community_kit
#Offensive_security
1. A terminal-based editor for PowerShell
https://github.com/ironmansoftware/psedit
2. Cobalt Strike Community Kit - central repository of extensions written by the user community to extend the capabilities of Cobalt Strike
https://github.com/Cobalt-Strike/community_kit
GitHub
GitHub - ironmansoftware/psedit: A terminal-based editor for PowerShell
A terminal-based editor for PowerShell. Contribute to ironmansoftware/psedit development by creating an account on GitHub.
#Malware_analysis
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
Sysdig
Analysis on Docker Hub malicious images: Attacks through public container images | Sysdig
The Sysdig TRT performed an analysis of over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the containers images.
#tools
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
GitHub
GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Automation to assess the state of your M365 tenant against CISA's baselines - cisagov/ScubaGear
#tools
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
Synacktiv
A dive into Microsoft Defender for Identity
#IoT_Security
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
Nozominetworks
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
Nozomi Networks Security Researchers disclose 13 vulnerabilities affecting Baseboard Management Controllers (BMCs), which may allow an attacker to achieve RCE.