Forwarded from 卩ro 爪Cracker
Bypassing Web Application Firewalls
https://ift.tt/ad0kRiL
Submitted December 01, 2022 at 04:51PM by ma-ni
via reddit https://ift.tt/fH8D37r
https://ift.tt/ad0kRiL
Submitted December 01, 2022 at 04:51PM by ma-ni
via reddit https://ift.tt/fH8D37r
Forwarded from 卩ro 爪Cracker
Coercer-master.zip
5.9 MB
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
https://github.com/p0dalirius/Coercer
#DFIR
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware
https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware
https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware
The DFIR Report
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
In June of 2022, we observed a threat actor gaining access to an environment via Emotet and operating over a eight day period. During this time period, multiple rounds of enumeration and lateral movement occurred using Cobalt Strike. Remote access tools were…
#Red_Team_Tactics
1. Pyramid - Python scripts/module to evade EDRs
https://github.com/naksyn/Pyramid
2. Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
3. OffSecOps: Using Jenkins For Red Team Tooling
https://http418infosec.com/offsecops-using-jenkins-for-red-team-tooling
1. Pyramid - Python scripts/module to evade EDRs
https://github.com/naksyn/Pyramid
2. Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
3. OffSecOps: Using Jenkins For Red Team Tooling
https://http418infosec.com/offsecops-using-jenkins-for-red-team-tooling
GitHub
GitHub - naksyn/Pyramid: a tool to help operate in EDRs' blind spots
a tool to help operate in EDRs' blind spots. Contribute to naksyn/Pyramid development by creating an account on GitHub.
#tools
#Sec_code_review
Heap_detective - detect heap memory pitfalls in C++/C
https://github.com/CoolerVoid/heap_detective
#Sec_code_review
Heap_detective - detect heap memory pitfalls in C++/C
https://github.com/CoolerVoid/heap_detective
#exploit
1. Exploiting an N-day vBulletin PHP Object Injection Vulnerability
https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
2. CVE-2022-3654:
Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2358
1. Exploiting an N-day vBulletin PHP Object Injection Vulnerability
https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
2. CVE-2022-3654:
Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2358
#tools
#Offensive_security
laZzzy - shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
#Offensive_security
laZzzy - shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques
#reversing
Guide to Reversing and Exploiting iOS binaries
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
]-> Part 1, 2:
Guide to Reversing and Exploiting iOS binaries
Part 3 - Heap Overflows on iOS ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
]-> Part 1, 2:
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
#Threat_Research
1. Specialized Zero-Knowledge Proof failures
https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures
2. Windows Internet Key Exchange (IKE) RCE Vulnerability Analysis (CVE-2022-34721)
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis
1. Specialized Zero-Knowledge Proof failures
https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures
2. Windows Internet Key Exchange (IKE) RCE Vulnerability Analysis (CVE-2022-34721)
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis
The Trail of Bits Blog
Specialized Zero-Knowledge Proof failures
Zero-knowledge (ZK) proofs are useful cryptographic tools that have seen an explosion of interest in recent years, largely due to their applications to cryptocurrency. The fundamental idea of a ZK proof is that a person with a secret piece of information…
#Blue_Team_Techniques
Get-InjectedThreadEx - Detecting Thread Creation Trampolines
https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
]-> PowerShell detection script:
https://github.com/jdu2600/Get-InjectedThreadEx
Get-InjectedThreadEx - Detecting Thread Creation Trampolines
https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
]-> PowerShell detection script:
https://github.com/jdu2600/Get-InjectedThreadEx
www.elastic.co
Get-InjectedThreadEx – Detecting Thread Creation Trampolines — Elastic Security Labs
In this blog, we will demonstrate how to detect each of four classes of process trampolining and release an updated PowerShell detection script – Get-InjectedThreadEx
#exploit
1. Linux Kernel:
UAF in Bluetooth L2CAP Handshake
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
Infoleak in Bluetooth L2CAP Handling
https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
2. Xiongmai IoT Exploitation
https://vulncheck.com/blog/xiongmai-iot-exploitation
1. Linux Kernel:
UAF in Bluetooth L2CAP Handshake
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
Infoleak in Bluetooth L2CAP Handling
https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
2. Xiongmai IoT Exploitation
https://vulncheck.com/blog/xiongmai-iot-exploitation
GitHub
Linux Kernel: UAF in Bluetooth L2CAP Handshake
### Summary
There are use-after-free vulnerabilities in the Linux kernel's `net/bluetooth/l2cap_core.c`'s `l2cap_connect` and `l2cap_le_connect_req` functions which may allow code executio...
There are use-after-free vulnerabilities in the Linux kernel's `net/bluetooth/l2cap_core.c`'s `l2cap_connect` and `l2cap_le_connect_req` functions which may allow code executio...
#tools
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
#Offensive_security
1. PwnFox - Firefox/Burp extension that provide usefull tools for your security audit
https://github.com/yeswehack/PwnFox
2. wwwtree - utility for quickly locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from filesystem to a victim machine during privilege escalation
https://github.com/t3l3machus/wwwtree
GitHub
GitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. - yeswehack/PwnFox
#Cloud_Security
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers
Part 1: https://tutorialboy24.blogspot.com/2022/08/detailed-talk-about-k8s-cluster.html
Part 2: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
Tutorial Boy
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
#Malware_analysis
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
1. New details on commercial spyware vendor Variston
https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston
2. HiveV5 file decryptor PoC
https://github.com/reecdeep/HiveV5_file_decryptor
Google
New details on commercial spyware vendor Variston
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Snapfuzz.pdf
693.9 KB
#Fuzzing
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
"SnapFuzz: An Efficient Fuzzing Framework for Network Applications", 2022.
]-> https://google.github.io/clusterfuzz/#trophies
#Blue_Team_Techniques
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
1. PowerHuntShares - audit script designed in inventory, analyze, and report excessive privileges configured on AD domains
https://github.com/NetSPI/PowerHuntShares
2. Open-source YARA signatures
https://github.com/pracsec/YaraTools
GitHub
GitHub - NetSPI/PowerHuntShares: PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges…
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains. - NetSPI/PowerHuntShares
#Threat_Research
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Dynamic Analysis of Windows Exploit Mitigations - Import Address Filtering
https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
SkyPort.pdf
414.9 KB
#Research
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches", 2022.
A_Case_Study_Malware_Classification.pdf
1.5 MB
#Malware_analysis
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
"Fusing Feature Engineering and Deep Learning: A Case Study for Malware Classification", 2022.
]-> Repo: https://github.com/danielgibert/fusing_feature_engineering_and_deep_learning_a_case_study_for_malware_classification
LTrack.pdf
2.5 MB
#Research
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.
"LTRACK: Stealthy Tracking of Mobile Phones in LTE", 2022.