❤1👍1🏆1
#Offensive_security
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
1. SMB "Access is denied" caused by anti-NTLM relay protection
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
2. Implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path
https://github.com/D1rkMtr/RecyclePersist
3. Vulnerabilities on redirected•com
https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f
Medium
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…
#Threat_Research
Open-source Cobalt Strike stager decoder
https://stairwell.com/news/stairwell-releases-open-source-cobalt-strike-stager-decoder
]-> https://github.com/stairwell-inc/cobalt-strike-stager-parser
Open-source Cobalt Strike stager decoder
https://stairwell.com/news/stairwell-releases-open-source-cobalt-strike-stager-decoder
]-> https://github.com/stairwell-inc/cobalt-strike-stager-parser
Apple_vs_EMA.pdf
14 MB
#Research
"Apple vs. EMA: Electromagnetic Side Channel Attacks on Apple CoreCrypto", 2022.
]-> A Potholing Tour in a SoC:
An electromagnetic-wave side-channel issue on ARMv8 AES instructions:
https://eshard.com/posts/sca-attacks-on-armv8
"Apple vs. EMA: Electromagnetic Side Channel Attacks on Apple CoreCrypto", 2022.
]-> A Potholing Tour in a SoC:
An electromagnetic-wave side-channel issue on ARMv8 AES instructions:
https://eshard.com/posts/sca-attacks-on-armv8
#exploit
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
seclists.org
oss-sec: Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication
#tools
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
#reversing
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Forwarded from ㅤㅤㅤㅤㅤㅤ ㅤㅤㅤㅤㅤㅤ
Linux sysadmins, beware!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Forwarded from 卩ro 爪Cracker
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
Forwarded from 卩ro 爪Cracker
List of git commits before and after a security audit
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
Forwarded from 卩ro 爪Cracker
GraphQL exploitation – All you need to know – Cybervelia
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
Forwarded from ㅤㅤㅤ
#windows #system call #bypass
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Forwarded from 卩ro 爪Cracker
#exploit
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
GitHub
GitHub - Wh04m1001/RazerEoP
Contribute to Wh04m1001/RazerEoP development by creating an account on GitHub.
Leviathan.pdf
5.2 MB
#Sec_code_review
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
#Malware_analysis
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
Gendigital
NeedleDropper
New dropper strain hides payloads effectively
Threema_analysis.pdf
413.9 KB
#Research
"Three Lessons From Threema: Analysis of a Secure Messenger", 2022.
"Three Lessons From Threema: Analysis of a Secure Messenger", 2022.
#Threat_Research
1.Practice of Automatic Vulnerability Mining Based on Code Attribute Graph
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5
2. ReVoLTE Attack - Voice calls in LTE
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte
]-> Demo/App: https://revolte-attack.net
]-> Android App that allows you to detect vulnerabilities in deployed LTE/5G networks:
https://github.com/RUB-SysSec/mobile_sentinel
]-> USENIX document:
https://www.usenix.org/conference/usenixsecurity20/presentation/rupprecht
1.Practice of Automatic Vulnerability Mining Based on Code Attribute Graph
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5
2. ReVoLTE Attack - Voice calls in LTE
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte
]-> Demo/App: https://revolte-attack.net
]-> Android App that allows you to detect vulnerabilities in deployed LTE/5G networks:
https://github.com/RUB-SysSec/mobile_sentinel
]-> USENIX document:
https://www.usenix.org/conference/usenixsecurity20/presentation/rupprecht
blog.0kami.cn
基于代码属性图的自动化漏洞挖掘实践 - wh1t3p1g's blog
happy hunting bugs <feedId:69986037923968000+userId:56297007026754560>
👍1
EyeSpyVPN.pdf
8.6 MB
#Whitepaper
"EyeSpy - Iranian Spyware Delivered in VPN Installers", 2023.
"EyeSpy - Iranian Spyware Delivered in VPN Installers", 2023.