Cross_Layer_Attacks.pdf
1.1 MB
#Research
"From IP to Transport and Beyond: Cross-Layer Attacks Against Applications", 2022.
"From IP to Transport and Beyond: Cross-Layer Attacks Against Applications", 2022.
#DFIR
DFIR Artifact Museum from various operating systems
https://github.com/AndrewRathbun/DFIRArtifactMuseum
DFIR Artifact Museum from various operating systems
https://github.com/AndrewRathbun/DFIRArtifactMuseum
GitHub
GitHub - AndrewRathbun/DFIRArtifactMuseum: The goal of this repo is to archive artifacts from all versions of various OS's and…
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access t...
Forwarded from Cyber security intelligent program
💥Phantom DLL Hollower is a PoC performs Phantom DLL Hollowing which reported by @_forrestorr.
🔖Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
⚙️Phantom DLL hollowing PoC
🔖Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
⚙️Phantom DLL hollowing PoC
❤1
Forwarded from Cyber security intelligent program
🔥PhpMyAdmin Setup is Accessible Without Authentication
1️⃣Recon through shodan and censys
2️⃣Visit all ips and fuzz them according to their running services.
3️⃣wappalyzer showed php so sid0krypt used php.txt from here
4️⃣phpMyAdmin/setup was accessible
1️⃣Recon through shodan and censys
2️⃣Visit all ips and fuzz them according to their running services.
3️⃣wappalyzer showed php so sid0krypt used php.txt from here
4️⃣phpMyAdmin/setup was accessible
Forwarded from Cyber security intelligent program
💥Using the bruteforce of directories, an endpoint was found: /phpmyadmin/scripts/setup.php
🤙Thx @0x_rood
🤙Thx @0x_rood
Forwarded from Cyber security intelligent program
🔥🔥🔥The OWASSRF + TabShell exploit chain
This blog post shares the detail of two vulnerabilities :
OWASSRF(crowdstrike) & TabShell.
📺Demo: TabShell Microsoft Exchange
This blog post shares the detail of two vulnerabilities :
OWASSRF(crowdstrike) & TabShell.
📺Demo: TabShell Microsoft Exchange
Forwarded from Cyber security intelligent program
💥New Security Bulletin Zoom(3 LPE: CVE-2022-36926 + CVE-2022-36927, CVE-2022-36929 & CVE-2022-36930 )
Forwarded from Cyber security intelligent program
UnhookingPatch.zip
7.8 KB
🔥🔥🔥UnhookingPatch is a bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
🔖Syscall instruction Unhooking(HalosGate)
🔖Syscall instruction Unhooking(HalosGate)
Forwarded from Cyber security intelligent program
🔥🔥🔥vb2_mmap race with vb2_core_reqbufs leads to UAF
The following bug is in the vb2 subsystem, which is a subsystem reachable on typical desktop Linux systems with a webcam via V4L2 at /dev/video*. This subsystem can consequently be reached by an
unprivileged user in the video group (which is a common setup via
uaccess udev rules). This bug may also be reachable on Android in some SELinux contexts.
videobuf2 allows userland to register multiple different types of
buffers to back the vb2_queue for streaming I/O, including memory mapping (via mmap), user pointers, and DMA buffers. In the vb2_mmap handler, the memory type of the associated backing store is verified outside the queue lock, which means a concurrent vb2_core_reqbufs
(reachable from VIDIOC_REQBUFS ioctl) can change the memory type before vb2_mmap completes.
The following bug is in the vb2 subsystem, which is a subsystem reachable on typical desktop Linux systems with a webcam via V4L2 at /dev/video*. This subsystem can consequently be reached by an
unprivileged user in the video group (which is a common setup via
uaccess udev rules). This bug may also be reachable on Android in some SELinux contexts.
videobuf2 allows userland to register multiple different types of
buffers to back the vb2_queue for streaming I/O, including memory mapping (via mmap), user pointers, and DMA buffers. In the vb2_mmap handler, the memory type of the associated backing store is verified outside the queue lock, which means a concurrent vb2_core_reqbufs
(reachable from VIDIOC_REQBUFS ioctl) can change the memory type before vb2_mmap completes.
Forwarded from Cyber security intelligent program
mmap_reqbuf_race.c
3.7 KB
Forwarded from Deadly malware xp
#tools
#Offensive_security
1. Alcatraz - x64 binary obfuscator
https://github.com/weak1337/Alcatraz
2. Phantom DLL Hollower
https://github.com/daem0nc0re/TangledWinExec/tree/main/PhantomDllHollower
#Offensive_security
1. Alcatraz - x64 binary obfuscator
https://github.com/weak1337/Alcatraz
2. Phantom DLL Hollower
https://github.com/daem0nc0re/TangledWinExec/tree/main/PhantomDllHollower
GitHub
GitHub - weak1337/Alcatraz: x64 binary obfuscator
x64 binary obfuscator. Contribute to weak1337/Alcatraz development by creating an account on GitHub.
👍2
Forwarded from Deadly malware xp
aws_sec_incident_resp.pdf
749.1 KB
#Cloud_Security
"AWS Security Incident Response Guide", 2022.
"AWS Security Incident Response Guide", 2022.
Forwarded from Deadly malware xp
#Red_Team_Tactics
1. NTLMRecon: identify commonly accessible NTLM authentication endpoints
https://github.com/praetorian-inc/NTLMRecon#installation
2. Bypass firewalls with of-CORs and typo-squatting
https://github.com/trufflesecurity/of-cors
1. NTLMRecon: identify commonly accessible NTLM authentication endpoints
https://github.com/praetorian-inc/NTLMRecon#installation
2. Bypass firewalls with of-CORs and typo-squatting
https://github.com/trufflesecurity/of-cors
GitHub
GitHub - praetorian-inc/NTLMRecon: A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM…
A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints. - praetorian-inc/NTLMRecon
Forwarded from Deadly malware xp
#exploit
1. The OWASSRF + TabShell exploit chain
https://blog.viettelcybersecurity.com/tabshell-owassrf
2. CVE-2022-3515/CVE-2022-47629:
Integer overflow bug Libksba library (x.509)
https://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md
3. CVE-2022-44877:
Centos Web Panel 7 Unauthenticated RCE
https://github.com/numanturle/CVE-2022-44877
1. The OWASSRF + TabShell exploit chain
https://blog.viettelcybersecurity.com/tabshell-owassrf
2. CVE-2022-3515/CVE-2022-47629:
Integer overflow bug Libksba library (x.509)
https://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md
3. CVE-2022-44877:
Centos Web Panel 7 Unauthenticated RCE
https://github.com/numanturle/CVE-2022-44877
👍1
Forwarded from Deadly malware xp
#Malware_analysis
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
Sekoia.io Blog
Unveiling of a large resilient infrastructure distributing information stealers
The distribution methods used to distribute infostealer are varied, ranging from malspam to fake installers. Discover their infection chains.