Forwarded from 卩ro 爪Cracker
Fuzzing ping(8)…and finding a 24 year old bug
https://ift.tt/z5ORFPV
Submitted December 11, 2022 at 09:57AM by Gallus
via reddit https://ift.tt/kyRpCqZ
https://ift.tt/z5ORFPV
Submitted December 11, 2022 at 09:57AM by Gallus
via reddit https://ift.tt/kyRpCqZ
#exploit
1. Exploiting CVE-2022-42703 - Bringing back the stack attack
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
2. CVE-2022-36537:
ZK Framework - Exposure of Sensitive Information to an Unauthorized Actor
https://github.com/agnihackers/CVE-2022-36537-EXPLOIT
1. Exploiting CVE-2022-42703 - Bringing back the stack attack
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
2. CVE-2022-36537:
ZK Framework - Exposure of Sensitive Information to an Unauthorized Actor
https://github.com/agnihackers/CVE-2022-36537-EXPLOIT
projectzero.google
Exploiting CVE-2022-42703 - Bringing back the stack attack
Seth Jenkins, Project ZeroThis blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - F...
#Red_Team_Tactics
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
Gist
Frida script to bypass common methods of sslpining Android
Frida script to bypass common methods of sslpining Android - mixunpin.js
👍1
#tools
#Malware_analysis
1. IATelligence - Script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
https://github.com/fr0gger/IATelligence
2. Examining Malware Distribution Behaviours
https://arb0ur.substack.com/p/examining-malware-distribution-behaviours
#Malware_analysis
1. IATelligence - Script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
https://github.com/fr0gger/IATelligence
2. Examining Malware Distribution Behaviours
https://arb0ur.substack.com/p/examining-malware-distribution-behaviours
GitHub
GitHub - fr0gger/IATelligence: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more…
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related - fr0gger/IATelligence
#compilers
Codon - high-performance, zero-overhead, extensible Python compiler using LLVM
https://github.com/exaloop/codon
Codon - high-performance, zero-overhead, extensible Python compiler using LLVM
https://github.com/exaloop/codon
GitHub
GitHub - exaloop/codon: A high-performance, zero-overhead, extensible Python compiler with built-in NumPy support
A high-performance, zero-overhead, extensible Python compiler with built-in NumPy support - exaloop/codon
#tools
#Blue_Team_Techniques
1. Simple Bash IOC Scanner
https://github.com/Neo23x0/Fenrir
2. Firewalls under the hood - UFW
https://blog.kanbach.org/post/firewalls-under-the-hood-ufw
#Blue_Team_Techniques
1. Simple Bash IOC Scanner
https://github.com/Neo23x0/Fenrir
2. Firewalls under the hood - UFW
https://blog.kanbach.org/post/firewalls-under-the-hood-ufw
GitHub
GitHub - Neo23x0/Fenrir: Simple Bash IOC Scanner
Simple Bash IOC Scanner. Contribute to Neo23x0/Fenrir development by creating an account on GitHub.
#Offensive_security
1. A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
https://github.com/bohops/DynamicDotNet
2. Payload generator to exfiltrate user cookies through the PHP info page bypassing the HttpOnly flag during XSS exploitation
https://github.com/HackCommander/PHP-info-cookie-stealer
3. From SQL Injection to RCE on Intel DCM (CVE-2022-21225)
https://www.rcesecurity.com/2022/12/from-zero-to-hero-part-2-intel-dcm-sql-injection-to-rce-cve-2022-21225
1. A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
https://github.com/bohops/DynamicDotNet
2. Payload generator to exfiltrate user cookies through the PHP info page bypassing the HttpOnly flag during XSS exploitation
https://github.com/HackCommander/PHP-info-cookie-stealer
3. From SQL Injection to RCE on Intel DCM (CVE-2022-21225)
https://www.rcesecurity.com/2022/12/from-zero-to-hero-part-2-intel-dcm-sql-injection-to-rce-cve-2022-21225
GitHub
GitHub - bohops/DynamicDotNet: A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
A collection of various and sundry code snippets that leverage .NET dynamic tradecraft - bohops/DynamicDotNet
#tools
#Threat_Research
1. Return Address Spoofing on x64
https://offensivecraft.wordpress.com/2022/12/08/the-stack-series-return-address-spoofing-on-x64
2. Detecting heap memory pitfalls
https://antonio-cooler.gitbook.io/coolervoid-tavern/detecting-heap-memory-pitfalls
]-> https://github.com/CoolerVoid/heap_detective
#Threat_Research
1. Return Address Spoofing on x64
https://offensivecraft.wordpress.com/2022/12/08/the-stack-series-return-address-spoofing-on-x64
2. Detecting heap memory pitfalls
https://antonio-cooler.gitbook.io/coolervoid-tavern/detecting-heap-memory-pitfalls
]-> https://github.com/CoolerVoid/heap_detective
offensivecraft
The Stack Series: Return Address Spoofing on x64
introduction The stack of a process has the potential to give away the true nature of the running program in the memory. Hence it is one of the monitored entities by the security solutions. When a …
#exploit
1. ThinkPHP latest RCE reproduction and analysis
https://xz.aliyun.com/t/11940
2. Folina, Shadow Credentials, and WSUS exploitation
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
3. CVE-2022-1361:
Improper Neutralization of Special Elements Used In a SQL Command: New Technique Discovered To Bypass WAF Of Several Vendors
https://gbhackers.com/bypass-web-application-firewalls/amp
1. ThinkPHP latest RCE reproduction and analysis
https://xz.aliyun.com/t/11940
2. Folina, Shadow Credentials, and WSUS exploitation
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
3. CVE-2022-1361:
Improper Neutralization of Special Elements Used In a SQL Command: New Technique Discovered To Bypass WAF Of Several Vendors
https://gbhackers.com/bypass-web-application-firewalls/amp
#Malware_analysis
1. Drokbk Malware
https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver
2. Typosquat/Ransomware Campaign in PyPI and NPM
https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi
1. Drokbk Malware
https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver
2. Typosquat/Ransomware Campaign in PyPI and NPM
https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi
Secureworks
Drokbk Malware Uses GitHub as Dead Drop Resolver
A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.
#Malware_analysis
1. Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions
2. Azov Ransomware: Polymorphic Wiper
https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper
1. Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions
2. Azov Ransomware: Polymorphic Wiper
https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper
JFrog
Invisible npm malware - evading security checks with crafted versions
The npm CLI has a very convenient and well-known security feature – when installing an npm package, the CLI checks the package and all of its dependencies for well-known vulnerabilities – The check is triggered on package installation (when running npm install)…
👍1
#exploit
1. CVE-2022-45025:
Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
https://github.com/yuriisanin/CVE-2022-45025
2. Exploring Chrome’s CVE-2020-6418
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
3. CVE-2022-39066:
SQL Injection Vulnerability in ZTE MF286R
https://github.com/v0lp3/CVE-2022-39066
1. CVE-2022-45025:
Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
https://github.com/yuriisanin/CVE-2022-45025
2. Exploring Chrome’s CVE-2020-6418
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
3. CVE-2022-39066:
SQL Injection Vulnerability in ZTE MF286R
https://github.com/v0lp3/CVE-2022-39066
GitHub
GitHub - yuriisanin/CVE-2022-45025: [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) - yuriisanin/CVE-2022-45025
PCI_Sec_Soft_Std_1_2.pdf
914.3 KB
#Infosec_Standards
"PCI Software Security Framework - Secure Software Requirements and Assessment Procedures", Version 1.2, Dec. 2022.
"PCI Software Security Framework - Secure Software Requirements and Assessment Procedures", Version 1.2, Dec. 2022.
#Offensive_security
1. AV Evasion Methodology
https://book.hacktricks.xyz/windows-hardening/av-bypass
2. Bypassing MacOS Privacy Controls
https://blog.xpnsec.com/bypassing-macos-privacy-controls
1. AV Evasion Methodology
https://book.hacktricks.xyz/windows-hardening/av-bypass
2. Bypassing MacOS Privacy Controls
https://blog.xpnsec.com/bypassing-macos-privacy-controls
#Threat_Research
1. Exploitable memory corruption using CVE-2020-25669 and Linux Kernel
https://www.synopsys.com/blogs/software-security/cyrc-case-study-linux-kernel-vulnerability
2. Zeek-Formatted Threat Intelligence Feeds
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
1. Exploitable memory corruption using CVE-2020-25669 and Linux Kernel
https://www.synopsys.com/blogs/software-security/cyrc-case-study-linux-kernel-vulnerability
2. Zeek-Formatted Threat Intelligence Feeds
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
Blackduck
In-Depth Analysis of Linux Kernel Vulnerability: CVE-2020-25669 | Black Duck Blog
Delve into our comprehensive analysis of the Linux Kernel vulnerability CVE-2020-25669, exploring the memory corruption issue and its exploitability.
#Infographics
#Infosec_Standards
Types of VPN
]-> RFC4026: "Provider Provisioned VPN Terminology", 2018.
https://datatracker.ietf.org/doc/rfc4026
#Infosec_Standards
Types of VPN
]-> RFC4026: "Provider Provisioned VPN Terminology", 2018.
https://datatracker.ietf.org/doc/rfc4026
Dirty_Vanity.pdf
2.3 MB
#Red_Team_Tactics
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
Routing_security.pdf
3.3 MB
#Whitepaper
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.