#Analytics
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Google
Countering threats from North Korea
On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609.
#Blue_Team_Techniques
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
GitHub
GitHub - certsocietegenerale/IRM: Incident Response Methodologies 2022
Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
👍1
#Offensive_security
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
GitHub
GitHub - mgeeky/msidump: MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data…
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. - mgeeky/msidump
#Threat_Research
#Cloud_Security
1. Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
2. Elastic IP Hijacking - A New Attack Vector in AWS
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
#Cloud_Security
1. Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
2. Elastic IP Hijacking - A New Attack Vector in AWS
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
#exploit
1. CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521:
Remote DoS in Linux kernel WILC1000 wireless driver
https://securitylab.github.com/advisories/GHSL-2022-112_GHSL-2022-115_wilc1000
2. CVE-2022-2602:
io_uring kernel exploit
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
3. Directory Traversal Vulnerability in Huawei HG255s Products
https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015
1. CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521:
Remote DoS in Linux kernel WILC1000 wireless driver
https://securitylab.github.com/advisories/GHSL-2022-112_GHSL-2022-115_wilc1000
2. CVE-2022-2602:
io_uring kernel exploit
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
3. Directory Traversal Vulnerability in Huawei HG255s Products
https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015
GitHub Security Lab
GHSL-2022-112_GHSL-2022-115: Remote denial of service in Linux kernel WILC1000 wireless driver - CVE-2022-47518, CVE-2022-47519…
Multiple vulnerabilities in the Linux kernel Microchip WILC1000 802.11 wireless driver can allow remote and local attackers to trigger a denial of service when parsing management frames.
👍1
#Offensive_security
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
#Threat_Research
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
Medium
Analysis of the First Critical 0-Day Vulnerability of Aptos Move VM
An Analysis on a Critical Aptos vulnerability discovered by Numen Cyber Technology
#Red_Team_Tactics
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
The Trail of Bits Blog
What child is this?
A Primer on Process Reparenting in Windows. Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one making the call to CreateProcess. Malicious actors can use this technique to evade…
#tools
#Malware_analysis
1. PortexAnalyzer - free PE parser tailored for malware analysis
https://github.com/struppigel/PortexAnalyzerGUI/releases
2. XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
#Malware_analysis
1. PortexAnalyzer - free PE parser tailored for malware analysis
https://github.com/struppigel/PortexAnalyzerGUI/releases
2. XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
GitHub
Releases · struppigel/PortexAnalyzerGUI
Graphical interface for PortEx, a Portable Executable and Malware Analysis Library - struppigel/PortexAnalyzerGUI
#exploit
1. CVE-2022-48870:
maccms admin+ xss attacks
https://github.com/Cedric1314/CVE-2022-48870
2. CVE-2022-39253:
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
1. CVE-2022-48870:
maccms admin+ xss attacks
https://github.com/Cedric1314/CVE-2022-48870
2. CVE-2022-39253:
Docker host file read
https://github.com/ssst0n3/docker-cve-2022-39253-poc
GitHub
GitHub - Cedric1314/CVE-2022-44870: maccms admin+ xss attacks
maccms admin+ xss attacks . Contribute to Cedric1314/CVE-2022-44870 development by creating an account on GitHub.
Forwarded from 卩ro 爪Cracker
chatgpt_chinese_prompt_hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
Use prompt hack to bypass OpenAI's content policy restrictions by golfzert
https://github.com/golfzert/chatgpt-chinese-prompt-hack
👍2
Forwarded from 卩ro 爪Cracker
hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
OpenAI and #ChatGPT to do hackerish things by NoDataFound
https://github.com/NoDataFound/hackGPT
🏆1
Forwarded from 卩ro 爪Cracker
Forwarded from 卩ro 爪Cracker
Puckungfu: A NETGEAR WAN Command Injection
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Forwarded from 卩ro 爪Cracker
CVE-2022-2602
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
PoC Kernel Privilege Escalation Linux
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
#cve
