🔥You’ve Crossed the Line — Disturbing a Host’s Rest
Akamai Security Research dove deeply into MS-RPC research this past year. For a protocol that does so much, MS-RPC is largely under-researched, and it can have real-world effects. One of those effects is that vulnerabilities in an RPC interface become exposed. This is what we are focusing on in this blog post: vulnerabilities within the Local Session Manager (LSM) RPC interface.
🔥cve-2022-37973 PoC Exploit
🔥cve-2022-37998 PoC Exploit
🧰RPC Toolkit(set of tools, articles, blog posts and links to help security researchers drive their RPC research)
Akamai Security Research dove deeply into MS-RPC research this past year. For a protocol that does so much, MS-RPC is largely under-researched, and it can have real-world effects. One of those effects is that vulnerabilities in an RPC interface become exposed. This is what we are focusing on in this blog post: vulnerabilities within the Local Session Manager (LSM) RPC interface.
🔥cve-2022-37973 PoC Exploit
🔥cve-2022-37998 PoC Exploit
🧰RPC Toolkit(set of tools, articles, blog posts and links to help security researchers drive their RPC research)
🔥Windows Contacts(примеры использования Windows Contact API ) RCE vuln(CVE-2022-44666)
⚠️Проблема(эта уязвимость покрывает не полностью проблему) не до конца исправлена, так что и подробности в виде рецензии от мелкомягких отложена на неопределенный срок!
⚠️Проблема(эта уязвимость покрывает не полностью проблему) не до конца исправлена, так что и подробности в виде рецензии от мелкомягких отложена на неопределенный срок!
#reversing
#IoT_Security
How to Identify a Microcontroller Model Using Firmware Analysis
https://www.apriorit.com/dev-blog/787-reverse-engineering-microcontroller-model-identification
#IoT_Security
How to Identify a Microcontroller Model Using Firmware Analysis
https://www.apriorit.com/dev-blog/787-reverse-engineering-microcontroller-model-identification
Apriorit
How to Identify a Microcontroller Model Using Firmware Analysis - Apriorit
Use the firmware analysis process to automatically identify a microcontroller model you need to work with by analyzing the firmware source code.
#info
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
opensourcesecurityindex.io
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
#exploit
1. CVE-2022-45771:
Pwndoc LFI to RCE
https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
2. Discord Image Token Password Grabber Exploit
https://github.com/bluewolf2778/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
1. CVE-2022-45771:
Pwndoc LFI to RCE
https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
2. Discord Image Token Password Grabber Exploit
https://github.com/bluewolf2778/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
GitHub
GitHub - p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE: Pwndoc local file inclusion to remote code execution of Node.js code on the…
Pwndoc local file inclusion to remote code execution of Node.js code on the server - p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
#tools
#Offensive_security
1. udhcpc process crash on BusyBox 1.24.2
https://research.nccgroup.com/2022/12/12/klee-for-the-cve
2. Signing-key abuse and update exploitation framework
https://github.com/kpcyrd/sh4d0wup
3. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
#Offensive_security
1. udhcpc process crash on BusyBox 1.24.2
https://research.nccgroup.com/2022/12/12/klee-for-the-cve
2. Signing-key abuse and update exploitation framework
https://github.com/kpcyrd/sh4d0wup
3. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
#Threat_Research
1. Driving Through Defenses: Targeted Attacks Leverage Signed Malicious Microsoft Drivers
https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers
2. Analysis of Royal Ransomware
https://www.cybereason.com/blog/royal-ransomware-analysis
1. Driving Through Defenses: Targeted Attacks Leverage Signed Malicious Microsoft Drivers
https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers
2. Analysis of Royal Ransomware
https://www.cybereason.com/blog/royal-ransomware-analysis
SentinelOne
Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers
Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
#cryptography
Comparison of Symmetric Encryption Methods
https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods
Comparison of Symmetric Encryption Methods
https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods
Dhole Moments
Comparison of Symmetric Encryption Methods - Dhole Moments
There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against eac…
#Sec_code_review
1. Tai-e - static analysis framework for Java
https://github.com/pascal-lab/Tai-e
2. OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
1. Tai-e - static analysis framework for Java
https://github.com/pascal-lab/Tai-e
2. OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
GitHub
GitHub - pascal-lab/Tai-e: An easy-to-learn/use static analysis framework for Java
An easy-to-learn/use static analysis framework for Java - pascal-lab/Tai-e
#tools
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
GitHub
GitHub - optiv/Talon: A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory…
A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment. - optiv/Talon
#exploit
1. CVE-2022-42895:
Linux Kernel: Infoleak in Bluetooth L2CAP Handling
https://seclists.org/oss-sec/2022/q4/190
2. CVE-2021-43444 - 43449:
Exploiting ONLYOFFICE Web Sockets for Unauth RCE
https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution
3. Exploiting SUID Binaries
https://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a
1. CVE-2022-42895:
Linux Kernel: Infoleak in Bluetooth L2CAP Handling
https://seclists.org/oss-sec/2022/q4/190
2. CVE-2021-43444 - 43449:
Exploiting ONLYOFFICE Web Sockets for Unauth RCE
https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution
3. Exploiting SUID Binaries
https://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a
seclists.org
oss-sec: Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling
👍2
DACLs_abuse.png
1.1 MB
#Infographics
#Offensive_security
DACLs (Active Directory Discretionary Access Control Lists) abuse
https://www.thehacker.recipes/ad/movement/dacl
#Offensive_security
DACLs (Active Directory Discretionary Access Control Lists) abuse
https://www.thehacker.recipes/ad/movement/dacl
Cooprudea.com.sql
249.9 MB
🌐 Cooprudea.com
ip, ip_long, user_login, user_id, stamp, activity, session_id, country, details, ac_bot, ac_status, ac_by_user
email_to, subject, content, sender_name, sender_email, debug_mode, debugging_output, timestamp, status
📣CVE-2022-28672.zip
16.3 KB
🔥🔥🔥Foxit PDF Reader UAF RCE Exploit JIT Spraying(CVE-2022-28672) - blog post.
This research shows that if Foxit Reader had been compiled with CFG support, the discovered bug would have been more difficult to exploit. However, the lack of CFG support allowed the attacker to use JIT spraying to bypass existing mitigations such as ASLR and DEP. This highlights the importance of using multiple layers of defense to protect against attacks.
💥PoC Exploit
📺Demo: Foxit PDF Reader RCE Demo - CVE-2022-28672
This research shows that if Foxit Reader had been compiled with CFG support, the discovered bug would have been more difficult to exploit. However, the lack of CFG support allowed the attacker to use JIT spraying to bypass existing mitigations such as ASLR and DEP. This highlights the importance of using multiple layers of defense to protect against attacks.
💥PoC Exploit
📺Demo: Foxit PDF Reader RCE Demo - CVE-2022-28672
🔥CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated RCE.