#Threat_Research
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Write-Ups/HTTP Desync Attack (Request Smuggling).md at main · AnkitCuriosity/Write-Ups
Write-ups of my findings. Contribute to AnkitCuriosity/Write-Ups development by creating an account on GitHub.
#reversing
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
Boschko Security Blog
GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
Discovered multiple vulnerabilities in the IoT hardware, software, & cloud peripheral applications (CVE-2022-31898 CVE-2022-42055 CVE-2022-42054).
#tools
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
0xdf hacks stuff
HTB: CarpeDiem
CarpeDiem is a hard linux box that involves pivoting through a small network of Docker containers. I’ll start by getting admin access to a website, and using an upload feature to get a webshell and a foothold in that container. From there, I’ll enumerate…
⚡1
#Malware_analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
Volexity
₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]
#exploit
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
#Threat_Research
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
#tools
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
GitHub
GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
PrintNotifyPotato. Contribute to BeichenDream/PrintNotifyPotato development by creating an account on GitHub.
#Threat_Research
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
GitHub
GitHub - DataDog/threatest: Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Threatest is a CLI and Go framework for end-to-end testing threat detection rules. - DataDog/threatest
#Malware_analysis
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
#Threat_Research
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Black_Hat_Python_2nd.pdf
4.6 MB
#Tech_book
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
#tools
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
GitHub
GitHub - Aetsu/Neton: Neton is a tool for getting information from Internet connected sandboxes
Neton is a tool for getting information from Internet connected sandboxes - Aetsu/Neton
👍1
#exploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
GitHub
GitHub - SystemVll/CVE-2022-26265: The first proof of concept of the Contao CMS RCE
The first proof of concept of the Contao CMS RCE. Contribute to SystemVll/CVE-2022-26265 development by creating an account on GitHub.
ALASTOR.pdf
1.5 MB
#Research
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
"ALASTOR: Reconstructing the Provenance of Serverless Intrusions", 2022.
]-> https://bitbucket.org/sts-lab/alastor/src
branch_injection.pdf
289.7 KB
#reversing
"Exploiting Branch Target Injection", 2021.
"Exploiting Branch Target Injection", 2021.
Attacking_riscv.pdf
626.9 KB
#Research
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.
#Hardware_Security
"Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming", 2022.
hunting_cobaltstrike_beacons.pdf
13.6 MB
#Tech_book
"Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence", 2022.
"Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence", 2022.
vlc_vnc_int_overflow.pdf
94.6 KB
#Whitepaper
"VLC: Integer overflow in vnc module <= 3.0.18 (CVE-2022-41325): Security advisory".
"VLC: Integer overflow in vnc module <= 3.0.18 (CVE-2022-41325): Security advisory".
SSH_pentesting.pdf
2.1 MB
#Whitepaper
"SSH Penetration Testing", 2022.
"SSH Penetration Testing", 2022.
Scapolite.pdf
1.3 MB
#hardening
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.