💥NETGEAR R7800 AFPD PreAuth + PoC exploit
A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.
A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.
Forwarded from ㅤㅤㅤ
Containers: Rootful, Rootless, Privileged and Super Privileged.
https://infosecadalid.com/2021/08/30/containers-rootful-rootless-privileged-and-super-privileged/
https://infosecadalid.com/2021/08/30/containers-rootful-rootless-privileged-and-super-privileged/
Forwarded from ㅤㅤㅤ
Boa Web Server 0.94.13_0.94.14 Authentication Bypass.file
2.2 KB
Forwarded from ㅤㅤㅤ
Simmeth_System_GmbH_Supplier_Manager_LFI_SQL_Injection_Bypass.report
13.6 KB
Forwarded from ㅤㅤㅤ
Cisco Secure Email Gateway Malware Detection Evasion.report
7.1 KB
Forwarded from 卩ro 爪Cracker
When an N-Day turns into a 0day. (Part 1 of 2)
Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
Forwarded from 卩ro 爪Cracker
ransomwhere: a ransomware sample to test out your ransomware response strategy.
https://ift.tt/c1o67Ey
Submitted November 28, 2022 at 03:11PM by nindustries
via reddit https://ift.tt/yzC1QrP
https://ift.tt/c1o67Ey
Submitted November 28, 2022 at 03:11PM by nindustries
via reddit https://ift.tt/yzC1QrP
GitHub
GitHub - hazcod/ransomwhere: A PoC ransomware sample to test out your ransomware response strategy.
A PoC ransomware sample to test out your ransomware response strategy. - hazcod/ransomwhere
#tools
#Offensive_security
1. A terminal-based editor for PowerShell
https://github.com/ironmansoftware/psedit
2. Cobalt Strike Community Kit - central repository of extensions written by the user community to extend the capabilities of Cobalt Strike
https://github.com/Cobalt-Strike/community_kit
#Offensive_security
1. A terminal-based editor for PowerShell
https://github.com/ironmansoftware/psedit
2. Cobalt Strike Community Kit - central repository of extensions written by the user community to extend the capabilities of Cobalt Strike
https://github.com/Cobalt-Strike/community_kit
GitHub
GitHub - ironmansoftware/psedit: A terminal-based editor for PowerShell
A terminal-based editor for PowerShell. Contribute to ironmansoftware/psedit development by creating an account on GitHub.
#Malware_analysis
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
Sysdig
Analysis on Docker Hub malicious images: Attacks through public container images | Sysdig
The Sysdig TRT performed an analysis of over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the containers images.
#tools
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
GitHub
GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Automation to assess the state of your M365 tenant against CISA's baselines - cisagov/ScubaGear
#tools
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
Synacktiv
A dive into Microsoft Defender for Identity
#IoT_Security
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
Nozominetworks
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
Nozomi Networks Security Researchers disclose 13 vulnerabilities affecting Baseboard Management Controllers (BMCs), which may allow an attacker to achieve RCE.
#exploit
1. CVE-2022-39425:
Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)
https://github.com/bob11vrdp/CVE-2022-39425
2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
3. CVE-2022-22971:
Spring Framework DoS with STOMP over WebSocket
https://github.com/tchize/CVE-2022-22971
1. CVE-2022-39425:
Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)
https://github.com/bob11vrdp/CVE-2022-39425
2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
3. CVE-2022-22971:
Spring Framework DoS with STOMP over WebSocket
https://github.com/tchize/CVE-2022-22971
GitHub
GitHub - bob11vrdp/CVE-2022-39425: CVE-2022-39425 PoC
CVE-2022-39425 PoC. Contribute to bob11vrdp/CVE-2022-39425 development by creating an account on GitHub.
NIST.SP.800-215.pdf
1 MB
#Infosec_Standards
NIST SP 800-215: "Guide to a Secure Enterprise Network Landscape", August 5, 2022.
NIST SP 800-215: "Guide to a Secure Enterprise Network Landscape", August 5, 2022.
AUTOARMOR.pdf
1 MB
#Research
"Automatic Policy Generation for Inter-Service Access Control of Microservices", 2021.
"Automatic Policy Generation for Inter-Service Access Control of Microservices", 2021.
Investigating_co-occurrences_MITRE.pdf
538.7 KB
#Research
"Investigating co-occurrences of MITRE ATT\&CK Techniques", 2022.
"Investigating co-occurrences of MITRE ATT\&CK Techniques", 2022.