Forwarded from 卩ro 爪Cracker
A new feature in*huntintel.io:
1. Open Instagram Username Search Tool
2. Enter the name of the account.
3. Wait (if you think you are waiting too long, refresh the page)
4. See the geotagged user's posts on the world map!
1 month/1 check a day free (code CYBER100)
1. Open Instagram Username Search Tool
2. Enter the name of the account.
3. Wait (if you think you are waiting too long, refresh the page)
4. See the geotagged user's posts on the world map!
1 month/1 check a day free (code CYBER100)
Forwarded from 卩ro 爪Cracker
Secret Handshake
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it is
https://github.com/jconwell/secret_handshake
#malware
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it is
https://github.com/jconwell/secret_handshake
#malware
YouTube
Secret Handshake
Secret Handshake
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication…
A prototype malware C2 channel using x509 certificates over mTLS
I always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication…
❤1
Forwarded from 卩ro 爪Cracker
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
⚡1
❤1👍1🏆1
#Offensive_security
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
Medium
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…
#Threat_Research
Open-source Cobalt Strike stager decoder
https://stairwell.com/news/stairwell-releases-open-source-cobalt-strike-stager-decoder
]-> https://github.com/stairwell-inc/cobalt-strike-stager-parser
Open-source Cobalt Strike stager decoder
https://stairwell.com/news/stairwell-releases-open-source-cobalt-strike-stager-decoder
]-> https://github.com/stairwell-inc/cobalt-strike-stager-parser
Apple_vs_EMA.pdf
14 MB
#Research
"Apple vs. EMA: Electromagnetic Side Channel Attacks on Apple CoreCrypto", 2022.
]-> A Potholing Tour in a SoC:
An electromagnetic-wave side-channel issue on ARMv8 AES instructions:
https://eshard.com/posts/sca-attacks-on-armv8
"Apple vs. EMA: Electromagnetic Side Channel Attacks on Apple CoreCrypto", 2022.
]-> A Potholing Tour in a SoC:
An electromagnetic-wave side-channel issue on ARMv8 AES instructions:
https://eshard.com/posts/sca-attacks-on-armv8
#exploit
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
seclists.org
oss-sec: Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication
#tools
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
#reversing
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Forwarded from ㅤㅤㅤㅤㅤㅤ ㅤㅤㅤㅤㅤㅤ
Linux sysadmins, beware!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Forwarded from 卩ro 爪Cracker
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
Forwarded from 卩ro 爪Cracker
List of git commits before and after a security audit
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
Forwarded from 卩ro 爪Cracker
GraphQL exploitation – All you need to know – Cybervelia
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
Forwarded from ㅤㅤㅤ
#windows #system call #bypass
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Forwarded from 卩ro 爪Cracker
#exploit
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
GitHub
GitHub - Wh04m1001/RazerEoP
Contribute to Wh04m1001/RazerEoP development by creating an account on GitHub.
Leviathan.pdf
5.2 MB
#Sec_code_review
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
#Malware_analysis
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
Gendigital
NeedleDropper
New dropper strain hides payloads effectively