#tools
#Blue_Team_Techniques
1. Potential Cloud Account Takeover
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Potential%20Cloud%20Account%20Takeover.md
2. Kernel-mode WinDbg extension for Protected Process investigation
https://github.com/daem0nc0re/TangledWinExec/tree/main/ProtectedProcess#ppeditor
#Blue_Team_Techniques
1. Potential Cloud Account Takeover
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Potential%20Cloud%20Account%20Takeover.md
2. Kernel-mode WinDbg extension for Protected Process investigation
https://github.com/daem0nc0re/TangledWinExec/tree/main/ProtectedProcess#ppeditor
GitHub
Threat-Hunting-and-Detection/Credential Access/Potential Cloud Account Takeover.md at main · Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language). - Cyb3r-Monk/Threat-Hunting-and-Detection
#exploit
KITCTFCTF 2022 V8 Heap Sandbox Escape
https://ju256.de/posts/kitctfctf22-date
]-> PoC: https://github.com/ju256/kitctfctf22-solutions/blob/main/date/expl.js
KITCTFCTF 2022 V8 Heap Sandbox Escape
https://ju256.de/posts/kitctfctf22-date
]-> PoC: https://github.com/ju256/kitctfctf22-solutions/blob/main/date/expl.js
Home | ju256
KITCTFCTF 2022 V8 Heap Sandbox Escape
Two weeks ago we organized our first ever CTF KITCTFCTF 2022. Even though it was a challenging and stressful task, I certainly had a blast preparing challenges and watching the playing teams progress.
One of my challenges called Date was a V8 exploitation…
One of my challenges called Date was a V8 exploitation…
#Red_Team_Tactics
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
x4sh3s
Divide And Bypass: A new Simple Way to Bypass AMSI
This post is about a new simple way to bypass AMSI (Antimalware Scan Interface), that can be applied on small scripts, specially the popular AMSI bypasses.
#Offensive_security
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
#tools
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
GitHub
GitHub - redballoonsecurity/ofrak: OFRAK: unpack, modify, and repack binaries.
OFRAK: unpack, modify, and repack binaries. Contribute to redballoonsecurity/ofrak development by creating an account on GitHub.
#exploit
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
jhftss.github.io
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue.…
#Malware_analysis
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
Securelist
BlueNoroff introduces new methods bypassing MoTW
We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.
#reversing
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
objective-see.org
L’art de l’évasion
How Shlayer hides its configuration inside Apple proprietary DMG files
Malware_det_DL (1).pdf
4.1 MB
#Research
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
#𝑆𝑀𝑇𝑃𝑆 🟢🔥
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
❤1
Free WHM 🔟✔️
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
Россияне в третьем квартале текущего года вывели в другие страны рекордные 1,47 трлн рублей. Это почти в три раза больше, чем в первом и втором кварталах, и в 26 раз больше, чем в третьем квартале 2021 года.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Forwarded from Cyber security intelligent program
This media is not supported in your browser
VIEW IN TELEGRAM
❤1
#Cloud_Security
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
SANS Internet Storm Center
Playing with Powershell and JSON (and Amazon and Firewalls)
Playing with Powershell and JSON (and Amazon and Firewalls), Author: Rob VandenBrink
#exploit
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
#Malware_analysis
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
#Threat_Research
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation