#tools
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
GitHub
GitHub - kubeshark/kubeshark: eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts…
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard. - kubeshark/kubes...
#exploit
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution
2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152
3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315
Daily CyberSecurity
CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution
CVE-2022-46169 is a command injection vulnerability that allows unauthenticated attackers to execute arbitrary code on a server running Cacti
Stealthy_Location_Identification_Attack.pdf
1.2 MB
#Research
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.
❤🔥1
#Malware_analysis
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
Synacktiv
PrideLocker - a new fork of Babuk ESX encryptor
#Threat_Research
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
CrowdStrike.com
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
CrowdStrike Services analyzes a recent intrusion campaign targeting telecom and business process outsourcing companies and shares how to defend against this attack.
#Red_Team_Tactics
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
dmcxblue.gitbook.io
Introduction | Red Team Notes 2.0
#tools
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
Mayfly
GOAD - part 6 - ADCS
In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam unauthenticated and ESC8 attack to get domain admin on essos.local…
tesi.pdf
2.1 MB
#Research
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
#exploit
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
GitHub
GitHub - amitlttwo/CVE-2022-2414-Proof-Of-Concept: A flaw was found in pki-core. Access to external entities when parsing XML documents…
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the co...
#Analytics
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
SentinelOne
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
To find XSS bugs in a website
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
👍2🥰1
#Offensive_security
1. Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
2. Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
1. Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
2. Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
vegvisir
Loading unsigned Windows drivers without reboot
Loading unsigned Windows drivers without reboot. Dive into gdrv-loader source code.
#exploit
1. Linux Kernel Exploit Development: 1-day case study
https://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study
2. CVE-2021-38003:
Vulnerability that exists in the V8 Javascript engine
https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003
3. CVE-2022-41128:
Type confusion in Internet Explorer's JScript9 engine
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html
1. Linux Kernel Exploit Development: 1-day case study
https://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study
2. CVE-2021-38003:
Vulnerability that exists in the V8 Javascript engine
https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003
3. CVE-2022-41128:
Type confusion in Internet Explorer's JScript9 engine
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html
STAR Labs
TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)
Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report…
sniper_backdoor.pdf
933.9 KB
#Research
"Sniper Backdoor: Single Client Targeted Backdoor Attack in Federated Learning", 2022.
"Sniper Backdoor: Single Client Targeted Backdoor Attack in Federated Learning", 2022.
#tools
#Red_Team_Tactics
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
#Red_Team_Tactics
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
WebSpec.pdf
950.7 KB
#WebApp_Security
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
#Threat_Research
1. Hooking System Calls in Windows 11 22H2: bug in copying the process handle on the current latest version of Avast Free Antivirus (22.11.6041 build 22.11.7716.762)
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
2. Kubernetes Threat Matrix v.3
https://www.microsoft.com/en-us/security/blog/2022/12/07/mitigate-threats-with-the-new-threat-matrix-for-kubernetes
1. Hooking System Calls in Windows 11 22H2: bug in copying the process handle on the current latest version of Avast Free Antivirus (22.11.6041 build 22.11.7716.762)
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
2. Kubernetes Threat Matrix v.3
https://www.microsoft.com/en-us/security/blog/2022/12/07/mitigate-threats-with-the-new-threat-matrix-for-kubernetes
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post I’ll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass