Asta-decrypt

This is a simple script that implements the decryption routine for the encrypted final stage used by the Astaroth/Guildma malware family.

Astaroth uses an AutoIT script with an embedded DLL that writes the final payload to disk as db.temp and injects it into a hollow process. https://system32.ink/news-feed/p/134/

CVE-2022-46169

Exploit to CVE-2022-46169 vulnerability on Cacti 1.2.19

https://system32.ink/news-feed/p/135/

PTorZillaPrint: Firefox & Tor Browser fingerprint testing. https://github.com/arkenfox/TZP

Love you india ❤️❤️

Happy Indian Army Day 💖

Cheatsheets

of knowledge about information security. https://system32.ink/news-feed/p/138/

#tools
#Blue_Team_Techniques
1. Detecting Fake Events in Azure Sign-in Logs
https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html
2. Crassus - Windows privilege escalation discovery tool
https://github.com/vullabs/Crassus

#Infographics
#Malware_analysis
Antivirus Event Analysis Cheat Sheet, ver. 1.11.0.
]-> https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0

#Offensive_security
1. SCCM Site Takeover via Automatic Client Push Installation
https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1
2. Codecepticon - .NET application that allows you to obfuscate C#, VBA VB6 (macros), PowerShell source code
https://github.com/Accenture/Codecepticon

#Whitepaper
#SCADA_Security
"Implementing Scalable Security for Devices Without 802.1x Support", 2022.

#exploit
1. CVE-2022-28944/CVE-2022-24644:
EMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE
https://github.com/gerr-re/cve-2022-28944
https://github.com/gerr-re/cve-2022-24644

2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover

3. CVE-2022-3656:
Symbolic Link Following + Upload Warning Bypass
https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34

#Fuzzing
#WLAN_Security
A full-featured open-source Wi-Fi fuzzer
https://github.com/efchatz/WPAxFuzz

#Red_Team_Tactics
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc

#Malware_analysis
How to Analyze JavaScript Malware - A Case Study of Vjw0rm

#exploit
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc

2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871

#Offensive_security
1. .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar
2. Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading

#Research
"TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models", 2023.