#Fuzzing
Fuzztruction - prototype of a fuzzer that does not directly mutate inputs but instead uses a so-called generator application to produce an input for our fuzzing target
https://github.com/fuzztruction/fuzztruction#preparing-the-runtime-environment-docker-image
Fuzztruction - prototype of a fuzzer that does not directly mutate inputs but instead uses a so-called generator application to produce an input for our fuzzing target
https://github.com/fuzztruction/fuzztruction#preparing-the-runtime-environment-docker-image
GitHub
GitHub - fuzztruction/fuzztruction
Contribute to fuzztruction/fuzztruction development by creating an account on GitHub.
👌1
#exploit
1. CVE-2022-31705:
Geekpwn 2022 Vmware EHCI OOB
https://github.com/s0duku/cve-2022-31705
2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section
https://bugs.chromium.org/p/project-zero/issues/detail?id=2391
3. Lexmark Printers/Copiers haxx 0-day Exploit
https://github.com/blasty/lexmark
1. CVE-2022-31705:
Geekpwn 2022 Vmware EHCI OOB
https://github.com/s0duku/cve-2022-31705
2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section
https://bugs.chromium.org/p/project-zero/issues/detail?id=2391
3. Lexmark Printers/Copiers haxx 0-day Exploit
https://github.com/blasty/lexmark
GitHub
GitHub - s0duku/cve-2022-31705: CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC
CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC - s0duku/cve-2022-31705
👌1
BlockScope.pdf
822.1 KB
#Research
"BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects", 2022.
]-> https://github.com/VPRLab/BS_VulnReport
"BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects", 2022.
]-> https://github.com/VPRLab/BS_VulnReport
👌1
#Offensive_security
1. Microsoft LAPS(E) in Judgement
https://www.trustedsec.com/blog/a-lapse-in-judgement
2. NonHeavyFTP:
A FTP Server pwn chanllenge
https://f0cus77.github.io/RWCTF-2023-NonHeavyFTP-writeup
1. Microsoft LAPS(E) in Judgement
https://www.trustedsec.com/blog/a-lapse-in-judgement
2. NonHeavyFTP:
A FTP Server pwn chanllenge
https://f0cus77.github.io/RWCTF-2023-NonHeavyFTP-writeup
TrustedSec
A LAPS(e) in Judgement
To keep things simple, instead of requiring an administrator to manually set, rotate, and store the local Administrator passwords, LAPS will do this…
👌1
#tools
#Malware_analysis
SEMA - ToolChain using Symbolic Execution for Malware Analysis
https://github.com/csvl/SEMA-ToolChain
#Malware_analysis
SEMA - ToolChain using Symbolic Execution for Malware Analysis
https://github.com/csvl/SEMA-ToolChain
👌1
#Threat_Research
1. RCE bug in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529
2. Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic
3. Navigating the Vast Ocean of Sandbox Evasions
https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection
1. RCE bug in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529
2. Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic
3. Navigating the Vast Ocean of Sandbox Evasions
https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
⚡1
Forwarded from Cyber security intelligent program
🕵️♂️StrongPity espionage campaign targeting Android users
ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers. Unlike the entirely web-based, genuine Shagle site that doesn’t offer an official mobile app to access its services, the copycat site only provides an Android app to download and no web-based streaming is possible.
ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers. Unlike the entirely web-based, genuine Shagle site that doesn’t offer an official mobile app to access its services, the copycat site only provides an Android app to download and no web-based streaming is possible.
📡Совсем скоро будет представлена эффективная и безопасная система система AARTOS DDS для обнаружения дронов, причем есть защита, которая подбирается индивидуально под заказчика. Сие чуда будет показано на выставке Perimeter Protection с 17 по 19 января 2023 года
Forwarded from 卩ro 爪Cracker
SpyDialer
Free search contact information by phone number, name, address or email.
Even shows the names of the neighbors, but the information displayed by the service requires additional verification.
https://spydialer.com
#osint #humint #usa
Free search contact information by phone number, name, address or email.
Even shows the names of the neighbors, but the information displayed by the service requires additional verification.
https://spydialer.com
#osint #humint #usa
Forwarded from 卩ro 爪Cracker
When searching for geolocation information, don't forget to check the whois. At https://iqwhois.com/advanced-search STREET name you can find all the sites registered to people who live there.
It's possible also search by city and zip code.
#osint #geoint
It's possible also search by city and zip code.
#osint #geoint
Forwarded from 卩ro 爪Cracker
A new feature in*huntintel.io:
1. Open Instagram Username Search Tool
2. Enter the name of the account.
3. Wait (if you think you are waiting too long, refresh the page)
4. See the geotagged user's posts on the world map!
1 month/1 check a day free (code CYBER100)
1. Open Instagram Username Search Tool
2. Enter the name of the account.
3. Wait (if you think you are waiting too long, refresh the page)
4. See the geotagged user's posts on the world map!
1 month/1 check a day free (code CYBER100)
Forwarded from 卩ro 爪Cracker
Secret Handshake
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it is
https://github.com/jconwell/secret_handshake
#malware
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it is
https://github.com/jconwell/secret_handshake
#malware
YouTube
Secret Handshake
Secret Handshake
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication…
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication…
❤1
Forwarded from 卩ro 爪Cracker
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
⚡1
❤1👍1🏆1
#Offensive_security
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
Medium
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…