Forwarded from Deadly malware xp
#Threat_Research
1. Java XML security issues and how to address them
https://semgrep.dev/blog/2022/xml-security-in-java
2. QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml
1. Java XML security issues and how to address them
https://semgrep.dev/blog/2022/xml-security-in-java
2. QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml
Forwarded from Deadly malware xp
#Cloud_Security
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
Datadoghq
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
Public disclosure of a method to bypass CloudTrail for specific IAM actions.
Forwarded from Deadly malware xp
#Malware_analysis
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
Forwarded from Deadly malware xp
Ultraverse.pdf
10.3 MB
#Research
"Ultraverse: Efficient Retroactive Operation for Attack Recovery in Database Systems and Web Frameworks", 2023.
"Ultraverse: Efficient Retroactive Operation for Attack Recovery in Database Systems and Web Frameworks", 2023.
Forwarded from 卩ro 爪Cracker
Centreon Map plugin allows pre-auth remote process memory dump (CVSS 8.3) - PoC
https://ift.tt/3U9xKJI
Submitted January 19, 2023 at 12:33PM by qwerty0x41
via reddit https://ift.tt/xvS2PIr
https://ift.tt/3U9xKJI
Submitted January 19, 2023 at 12:33PM by qwerty0x41
via reddit https://ift.tt/xvS2PIr
Forwarded from 卩ro 爪Cracker
Exploiting CVE-2021-3490 for Container Escapes
https://ift.tt/r2cXUpe
Submitted January 19, 2023 at 05:01PM by Gallus
via reddit https://ift.tt/v3dSMqc
https://ift.tt/r2cXUpe
Submitted January 19, 2023 at 05:01PM by Gallus
via reddit https://ift.tt/v3dSMqc
CrowdStrike.com
Exploiting CVE-2021-3490 for Container Escapes | CrowdStrike
Learn how to modify and exploit a Linux Kernel vulnerability to escape container environments, and how CrowdStrike can help to prevent and hunt for similar threats.
Forwarded from 卩ro 爪Cracker
POC Exploit for CVE-2022-47966 affecting multiple ManageEngine products
https://ift.tt/4cZl7zt
Submitted January 19, 2023 at 06:52PM by scopedsecurity
via reddit https://ift.tt/we3bRx4
https://ift.tt/4cZl7zt
Submitted January 19, 2023 at 06:52PM by scopedsecurity
via reddit https://ift.tt/we3bRx4
GitHub
GitHub - horizon3ai/CVE-2022-47966: POC for CVE-2022-47966 affecting multiple ManageEngine products
POC for CVE-2022-47966 affecting multiple ManageEngine products - horizon3ai/CVE-2022-47966
Forwarded from 卩ro 爪Cracker
CVE-2022-47966.py
3.1 KB
💥PoC for CVE-2022-47966
Usage:
⚙️For AD related products, such as ADManager, an issuer argument is required:
Usage:
⚙️For AD related products, such as ADManager, an issuer argument is required:
python3 ./CVE-2022-47966.py --url https://10.0.40.90:8443/samlLogin/<guid> --issuer https://sts.windows.net/<guid>/ --command notepad.exe⚙️For other products, a URL is all that is required:
python3 ./CVE-2022-47966.py --url https://10.0.40.64:8080/SamlResponseServlet --command notepad.exeForwarded from 卩ro 爪Cracker
Simple, open-source, lightweight stress testing tool
https://ift.tt/CJDx5pf
Submitted January 19, 2023 at 09:38PM by chrisy_e
via reddit https://ift.tt/NblMW8E
https://ift.tt/CJDx5pf
Submitted January 19, 2023 at 09:38PM by chrisy_e
via reddit https://ift.tt/NblMW8E
GitHub
GitHub - getanteon/anteon: Anteon (formerly Ddosify): eBPF-based Kubernetes Monitoring and Performance Testing
Anteon (formerly Ddosify): eBPF-based Kubernetes Monitoring and Performance Testing - getanteon/anteon
Forwarded from 卩ro 爪Cracker
New Remcos RATversion uses direct syscalls to evade detection.
https://ift.tt/nPdt9Wk
Submitted January 19, 2023 at 10:49PM by woja111
via reddit https://ift.tt/1IFTKng
https://ift.tt/nPdt9Wk
Submitted January 19, 2023 at 10:49PM by woja111
via reddit https://ift.tt/1IFTKng
Rapid7
Rapid7 Managed Cybersecurity: Outpace Attackers
Forwarded from 卩ro 爪Cracker
Aerleon a vendor agnostic firewall management system
https://ift.tt/5L72C9O
Submitted January 20, 2023 at 12:19AM by ankenyr
via reddit https://ift.tt/TFMavi7
https://ift.tt/5L72C9O
Submitted January 20, 2023 at 12:19AM by ankenyr
via reddit https://ift.tt/TFMavi7
GitHub
GitHub - aerleon/aerleon: Multi-platform ACL generation system
Multi-platform ACL generation system. Contribute to aerleon/aerleon development by creating an account on GitHub.
Forwarded from 卩ro 爪Cracker
How to completely own an airline in 3 easy steps
https://ift.tt/DsZiIY6
Submitted January 20, 2023 at 07:48AM by _vavkamil_
via reddit https://ift.tt/CoDSNga
https://ift.tt/DsZiIY6
Submitted January 20, 2023 at 07:48AM by _vavkamil_
via reddit https://ift.tt/CoDSNga
maia :3
how to completely own an airline in 3 easy steps
and grab the TSA nofly list along the way
Forwarded from 卩ro 爪Cracker
Gold Digger
Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.
https://github.com/ustayready/golddigger
Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.
https://github.com/ustayready/golddigger
Forwarded from 卩ro 爪Cracker
spray.js
1.1 KB
Forwarded from 卩ro 爪Cracker
Android Exploit to get a System based shell (UID 1000) on ANY Samsung Mobile Device based on CVE-2019-16253
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
XDA Forums
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL...
***MODERATOR ANNOUNCEMENT: THREAD CLOSED***
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
⚡1
#exploit
1. CVE-2022-47966:
RCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products
https://github.com/horizon3ai/CVE-2022-47966
]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive
2. CVE-2022-39955:
Charset confusion + WAF bypasses via 0days
https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec
3. Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html
1. CVE-2022-47966:
RCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products
https://github.com/horizon3ai/CVE-2022-47966
]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive
2. CVE-2022-39955:
Charset confusion + WAF bypasses via 0days
https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec
3. Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html