#tools
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
GitHub
GitHub - pietroborrello/CustomProcessingUnit: The first analysis framework for CPU microcode
The first analysis framework for CPU microcode. Contribute to pietroborrello/CustomProcessingUnit development by creating an account on GitHub.
#Red_Team_Tactics
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
SpecterOps
Stalking inside of your Chromium Browser - SpecterOps
With chromium-based browsers being the new favorite, learn how to combine multiple commands supported by CDP to save time and increase efficiency in a red team engagement.
#exploit
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
#tools
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
GitHub
GitHub - root-tanishq/userefuzz: User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz
#Threat_Research
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Write-Ups/HTTP Desync Attack (Request Smuggling).md at main · AnkitCuriosity/Write-Ups
Write-ups of my findings. Contribute to AnkitCuriosity/Write-Ups development by creating an account on GitHub.
#reversing
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
Boschko Security Blog
GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
Discovered multiple vulnerabilities in the IoT hardware, software, & cloud peripheral applications (CVE-2022-31898 CVE-2022-42055 CVE-2022-42054).
#tools
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
0xdf hacks stuff
HTB: CarpeDiem
CarpeDiem is a hard linux box that involves pivoting through a small network of Docker containers. I’ll start by getting admin access to a website, and using an upload feature to get a webshell and a foothold in that container. From there, I’ll enumerate…
⚡1
#Malware_analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
Volexity
₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]
#exploit
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
#Threat_Research
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
#tools
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
GitHub
GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
PrintNotifyPotato. Contribute to BeichenDream/PrintNotifyPotato development by creating an account on GitHub.
#Threat_Research
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
GitHub
GitHub - DataDog/threatest: Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Threatest is a CLI and Go framework for end-to-end testing threat detection rules. - DataDog/threatest
#Malware_analysis
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
#Threat_Research
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Black_Hat_Python_2nd.pdf
4.6 MB
#Tech_book
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
#tools
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
GitHub
GitHub - Aetsu/Neton: Neton is a tool for getting information from Internet connected sandboxes
Neton is a tool for getting information from Internet connected sandboxes - Aetsu/Neton
👍1
#exploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
GitHub
GitHub - SystemVll/CVE-2022-26265: The first proof of concept of the Contao CMS RCE
The first proof of concept of the Contao CMS RCE. Contribute to SystemVll/CVE-2022-26265 development by creating an account on GitHub.
ALASTOR.pdf
1.5 MB
#Research
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
branch_injection.pdf
289.7 KB
#reversing
"Exploiting Branch Target Injection", 2021.
"Exploiting Branch Target Injection", 2021.
Attacking_riscv.pdf
626.9 KB
#Research
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.