No olviden compartir el link del canal.

t.me/Pen7esting

Un saludo y Gracias. 👌🏻

A new Linux malware, dubbed 'CDRThief,' targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Details: https://thehackernews.com/2020/09/linux-voip-softswitch-malware.html

National Vulnerability Database
CVE-2018-20432

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

National Vulnerability Database
CVE-2020-11881

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.

Vulnerabilidades críticas en routers MoFi 4500

https://unaaldia.hispasec.com/2020/09/vulnerabilidades-criticas-en-routers-mofi-4500.html

Kali Linux 2020.3 Release (ZSH, Win-Kex, HiDPI & Bluetooth Arsenal)
https://www.kali.org/news/kali-2020-3-release/

Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners
https://medium.com/@matuzg/testing-docker-cve-scanners-part-2-5-exploiting-cve-scanners-b37766f73005

WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/

CVE-2020-1471: Libera el local admin que llevas dentro

«Dispositivos conectados al cuerpo humano: peligro real de muerte.» https://derechodelared.com/dispositivos-conectados-al-cuerpo-humano/

Varias vulnerabilidades fueron encontradas al escanear contenedores Docker
https://blog-desdelinux-net.cdn.ampproject.org/c/s/blog.desdelinux.net/varias-vulnerabilidades-fueron-encontradas-al-escanear-contenedores-docker/amp/

👾👾👾 Hola amigos! 👾👾👾

Les comparto un nuevo Vídeo en donde explico como usar algunas características de la herramienta Sublist3r para realizar enumeración de subdominios.



https://www.youtube.com/watch?v=QJQDWJ2_PRw

Udemy- Complete Linux Course Become a Linux Professional

Download Here
https://mega.nz/folder/Xyg11JZZ

Decryption Key: I-brHXcw73khzpcysqyhrQ

Mitre's Center Releases FIN6 Adversary Emulation Plan

Blogpost: https://medium.com/mitre-engenuity/center-releases-fin6-adversary-emulation-plan-775d8c5ebe9b

Github: https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/fin6

@BlueTeamLibrary

Zerologon desatado: la vulnerabilidad que permite comprometer cualquier controlador de dominio de Windows fácilmente

https://www.hackplayers.com/2020/09/zerologon-desatado-comprometer-DCs-facilmente.html

National Vulnerability Database
CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

National Vulnerability Database
CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

National Vulnerability Database
CVE-2020-24561

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.

National Vulnerability Database
CVE-2020-7295

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.