An unpatched critical zero-day arbitrary code execution vulnerability has been discovered in Zoom video conferencing software exploitable on Microsoft Windows 7 or older operating system.
Details: https://thehackernews.com/2020/07/zoom-windows-security.html
Details: https://thehackernews.com/2020/07/zoom-windows-security.html
Junos Space 16.1R1.7
vCPU : 1
RAM : 16384 MB (16GB)
qemu : x86_64
console : telnet
option : -smp 4 -nographic
note :
16 GB RAM is the bare minimum; you should use 32/64 GB in production deplyments. Default credentials: - CLI: admin / abc123 - WebUI: super / juniper123
Tested on GNS3 & EVE-NG
https://drive.google.com/open?id=1IwOcet_kZ_QBXyxDLseNU58yyxT598DO
vCPU : 1
RAM : 16384 MB (16GB)
qemu : x86_64
console : telnet
option : -smp 4 -nographic
note :
16 GB RAM is the bare minimum; you should use 32/64 GB in production deplyments. Default credentials: - CLI: admin / abc123 - WebUI: super / juniper123
Tested on GNS3 & EVE-NG
https://drive.google.com/open?id=1IwOcet_kZ_QBXyxDLseNU58yyxT598DO
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Stored%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7
Security Impact Rating: Medium
CVE: CVE-2020-3340
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Stored%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7
Security Impact Rating: Medium
CVE: CVE-2020-3340
Cisco
Cisco Security Threat and Vulnerability Intelligence
The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.
Remote Code Execution in Citrix ADC
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/
PT SWARM
Remote Code Execution in Citrix ADC
Many of you have probably heard of the CVE-2019-19781 vulnerability that I discovered at the end of last year. It is a critical vulnerability in Citrix ADC that allows unauthorized users to execute arbitrary operating system commands. It caused quite a stir…
📃 "Ofuscando ficheros con PowerShell" https://www.flu-project.com/2020/06/ofuscando-ficheros-con-powershell.html
Flu Project | Zerolynx Cybersecurity Blog
Ofuscando ficheros con PowerShell
El otro día, tras una pequeña investigación por Internet, descubrimos una herramienta que nos llamó la atención y que os traemos hoy en este post.
Una vulnerabilidad permite hackear una app rastreadora en smartwatch
https://unaaldia.hispasec.com/2020/07/una-vulnerabilidad-permite-hackear-una-app-rastreadora-en-smartwatch.html
https://unaaldia.hispasec.com/2020/07/una-vulnerabilidad-permite-hackear-una-app-rastreadora-en-smartwatch.html
Una al Día
Una vulnerabilidad permite hackear una app rastreadora en smartwatch — Una al Día
Cada vez son más las personas que sustituyen el reloj de toda la vida por un smartwatch que les permita hacer uso de funcionalidades que van bastante más allá del mero hecho de consultar la hora. E…
Desarrollo W3b de 0 a 100 [MG]32.9 GB |50+ hs de clases | mega-curso | 12/2018 |Idioma: Español
https://mega.nz/#F!HNsUzAaB!0l1xH606IJcc6EXzzyQbrA
https://mega.nz/#F!HNsUzAaB!0l1xH606IJcc6EXzzyQbrA
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
CVE-2020-11519/11520:
Winmagic SecureDoc 8.3, 8.5 -
Improper Privilege Management/
Privileged Code Execution (PoC Exploit)
https://github.com/patois/winmagic_sd#cve-2020-11519
Winmagic SecureDoc 8.3, 8.5 -
Improper Privilege Management/
Privileged Code Execution (PoC Exploit)
https://github.com/patois/winmagic_sd#cve-2020-11519
GitHub
GitHub - patois/winmagic_sd: Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520
Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520 - patois/winmagic_sd
Hola espero esten bien.
Vuelvo y les dejo el script corregido de dns-spoof habia olvidado colocar el codigo de iptables para redireccionar a la pagina falsa por si alguno ensayo en script y no le funciono ya esta corregido.
https://github.com/Anonimo501/dns-spoof
Vuelvo y les dejo el script corregido de dns-spoof habia olvidado colocar el codigo de iptables para redireccionar a la pagina falsa por si alguno ensayo en script y no le funciono ya esta corregido.
https://github.com/Anonimo501/dns-spoof
GitHub
GitHub - Anonimo501/dns-spoof
Contribute to Anonimo501/dns-spoof development by creating an account on GitHub.
📃 "Fingerprints para detectar y evadir sandboxes conocidos" https://www.hackplayers.com/2020/06/fingerprints-para-detectar-y-evadir-sandboxes.html
Hackplayers
Fingerprints para detectar y evadir sandboxes conocidos
Hoy en día detonar malware en una sandbox es uno de los métodos más usados a la hora de analizar malware, sobretodo cuando tenemos un mo...
The Basics of Exploit Development:
1. Win32 Buffer Overflows
https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1
2. SEH Overflows
https://www.coalfire.com/The-Coalfire-Blog/March-2020/The-Basics-of-Exploit-Development-2-SEH-Overflows
3. Egg Hunters
https://www.coalfire.com/The-Coalfire-Blog/May-2020/The-Basics-of-Exploit-Development-3-Egg-Hunters
1. Win32 Buffer Overflows
https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1
2. SEH Overflows
https://www.coalfire.com/The-Coalfire-Blog/March-2020/The-Basics-of-Exploit-Development-2-SEH-Overflows
3. Egg Hunters
https://www.coalfire.com/The-Coalfire-Blog/May-2020/The-Basics-of-Exploit-Development-3-Egg-Hunters
Coalfire
Coalfire Blog
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.
Buenas noches.
Vengo a compartirles un script que termine hoy.
hack-wpa2 es una herramienta basada en bash de linux que utiliza la Suite de Aircrack para automatizar la configuracion y el ataque, tener en cuenta que el script no viene con diccionario.
Les dejo un saludo:
https://github.com/Anonimo501/hack-wpa2.git
Vengo a compartirles un script que termine hoy.
hack-wpa2 es una herramienta basada en bash de linux que utiliza la Suite de Aircrack para automatizar la configuracion y el ataque, tener en cuenta que el script no viene con diccionario.
Les dejo un saludo:
https://github.com/Anonimo501/hack-wpa2.git
GitHub
GitHub - Anonimo501/hack-wpa2
Contribute to Anonimo501/hack-wpa2 development by creating an account on GitHub.
ULTIMATE HACKING PACKAGE
1. Cyber security analyst training
2. Cyber security advanced test detecting techniques
3. Cyber security Malicious software detector
4. Cyber security source code defender
5. Cyber security threat intelligence research
6. Cyber security web application defender
7. Cyber training 365 certified ethical Hacker
8. Cyber training 365 computer hacker and forensics
9. Cyber training 365 kali 101
Total size: 36.90 GB
https://mega.nz/folder/HGg2TCTA#CjyPNP3bktKV9w4_g2xUDg/folder/vfgiDK4T
1. Cyber security analyst training
2. Cyber security advanced test detecting techniques
3. Cyber security Malicious software detector
4. Cyber security source code defender
5. Cyber security threat intelligence research
6. Cyber security web application defender
7. Cyber training 365 certified ethical Hacker
8. Cyber training 365 computer hacker and forensics
9. Cyber training 365 kali 101
Total size: 36.90 GB
https://mega.nz/folder/HGg2TCTA#CjyPNP3bktKV9w4_g2xUDg/folder/vfgiDK4T
mega.nz
File folder on MEGA