​​The PenTesters Framework (PTF)

A Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As #pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

https://github.com/trustedsec/ptf

For a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837

Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - SUID-root program installed by default on Ubuntu
https://ift.tt/OvQHKgX

Submitted December 01, 2022 at 07:23AM by Gallus
via reddit https://ift.tt/07bJkwg

Remote code execution bug in FreeBSD's ping (CVE-2022-23093)
https://ift.tt/TrukG2P

Submitted December 01, 2022 at 09:40AM by Gallus
via reddit https://ift.tt/xfckVmZ

Bypassing Web Application Firewalls
https://ift.tt/ad0kRiL

Submitted December 01, 2022 at 04:51PM by ma-ni
via reddit https://ift.tt/fH8D37r

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

https://github.com/p0dalirius/Coercer

#DFIR
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware
https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware

#Red_Team_Tactics
1. Pyramid - Python scripts/module to evade EDRs
https://github.com/naksyn/Pyramid
2. Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
3. OffSecOps: Using Jenkins For Red Team Tooling
https://http418infosec.com/offsecops-using-jenkins-for-red-team-tooling

#tools
#Sec_code_review
Heap_detective - detect heap memory pitfalls in C++/C
https://github.com/CoolerVoid/heap_detective

#exploit
1. Exploiting an N-day vBulletin PHP Object Injection Vulnerability
https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection

2. CVE-2022-3654:
Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2358

#tools
#OSINT
CVE and PoC SearchBot v.0.3.5:
- search and monitoring of new CVE;
- search and monitoring of PoCs.

#tools
#Offensive_security
laZzzy - shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques

#reversing
Guide to Reversing and Exploiting iOS binaries
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html

]-> Part 1, 2:

#Threat_Research
1. Specialized Zero-Knowledge Proof failures
https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures
2. Windows Internet Key Exchange (IKE) RCE Vulnerability Analysis (CVE-2022-34721)
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis

#Blue_Team_Techniques
Get-InjectedThreadEx - Detecting Thread Creation Trampolines
https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
]-> PowerShell detection script:
https://github.com/jdu2600/Get-InjectedThreadEx

#exploit
1. Linux Kernel:
UAF in Bluetooth L2CAP Handshake
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
Infoleak in Bluetooth L2CAP Handling
https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357

2. Xiongmai IoT Exploitation
https://vulncheck.com/blog/xiongmai-iot-exploitation

#tools
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree

#Cloud_Security
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html

#Malware_analysis
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor

#Fuzzing
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies

#Blue_Team_Techniques
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools