Mitre's Center Releases FIN6 Adversary Emulation Plan

Blogpost: https://medium.com/mitre-engenuity/center-releases-fin6-adversary-emulation-plan-775d8c5ebe9b

Github: https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/fin6

@BlueTeamLibrary

Zerologon desatado: la vulnerabilidad que permite comprometer cualquier controlador de dominio de Windows fácilmente

https://www.hackplayers.com/2020/09/zerologon-desatado-comprometer-DCs-facilmente.html

National Vulnerability Database
CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

National Vulnerability Database
CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

National Vulnerability Database
CVE-2020-24561

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.

National Vulnerability Database
CVE-2020-7295

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

National Vulnerability Database
CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails
https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/

Micropatch for Zerologon, the "perfect" Windows vulnerability (CVE-2020-1472)

https://blog.0patch.com/2020/09/micropatch-for-zerologon-perfect.html

Muere una paciente del hospital Universitario de Düsseldorf tras sufrir el propio hospital un ataque de Ransomware.

El BSI ya alerto previamente al hospital de que su sistema Citrix era vulnerable y que se debía de parchear.

El Ransomware llevaba una nota de rescate dirigida a la Universidad de Heinrich Heine, que la investigación por parte de la policia encontró en uno de los servidores.

La policía se puso en contacto con los ciberdelincuentes tras recibir el Ransomware y les advirtieron de que habían atacado a un hospital, y de forma inmediata, los ciberdelincuentes les dieron las claves de desencriptado para que volvieran a poner todos los sistemas del hospital en marcha.

Sin embargo, la parte más trágica de todo, es que un paciente en estado muy grave, iba a ser atendido de urgencia en ese hospital, pero no fue posible por que en ese momento el hospital estaba completamente paralizado por el Ransomware, y tuvieron que derivar al paciente al hospital de Wüppertal, donde murió al instante, sin que los médicos pudieran hacer nada para salvar su vida.

Esta es la primera vez que un Ransomware se cobra una vida humana, lo cual, nos hace plantearos, tanto a nosotros como a vosotros, una seria pregunta.

¿Están los sistemas críticos de nuestro país preparados ante un ataque de Ransomware como este? ¿Se debería de invertir más en ciberseguridad tanto en PYMES como en grandes empresas y sistemas criticos?

Fuente: Traducción de las noticias alemanas gracias a @cibernicola, el cual es un seguidor y colaborador de Security News. https://pastebin.com/UBqyFtkr

#Ransomware #Hospital #Alemania #Cibercrimen #Ciberseguridad #Muerte

National Vulnerability Database
CVE-2020-0389

In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408

Zerologon: Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)

https://www.secura.com/pathtoimg.php?id=2055



Test tool: https://github.com/SecuraBV/CVE-2020-1472

PoC: https://github.com/dirkjanm/CVE-2020-1472

National Vulnerability Database
CVE-2020-0313

In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989

CVE-2020-1464:
Windows Spoofing Vulnerability (GlueBall) -
wild-exploited vulnerability (PoC)
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd

NUCLEAR RANSOMWARE :)new update/more features
F E A T U R E S :

Generate a ransomware payload
With or without GUI payload

FUD (Fully Undetectable by Anti-Virus)

Works on Windows, MacOS and Linux

Super fast encryption with PyCrypto

Compile to EXE, APP or Unix/Linux executable

Custom icon for your EXE payload

Receive keys of victims

Decrypt files

Demo mode (payload won't encrypt anything)

Fullscreen mode (Warning takes over the screen)

Custom warning message for your victim

Custom image in your payload

Ghost mode (Rename by adding .DEMON extention instead
of encrypting the files)

Multiple encryption methods

Select file extentions to target

Decide if payload should self-destruct (Console mode feature
only)

Decide wich drive to target for encryption (working directory)

Verified server access through port forwarding VPN

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/leonv024/RAASNet.git

2) pip3 install -r requirements.txt

3) python3 RAASNet.py


On Linux, you might need to install these packages:

4) sudo apt install python3-tk python3-pil python3-pil.imagetk

5) Testing connection with remote server:

6) Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989

7) python3 test_socket.py

8)video https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif

U S E F O R L E A R N

♨️ alertas de alto nivel para administradores de servidores windows

📛 vulnerabilidad RCE en Microsoft SQL Server 2016

🔸 mala gestión de las solicitudes de las páginas cargadas permite a los piratas informáticos cargar y explotar su código preferido en el contexto de los informes. El atacante puede enviar una página mano a mano al servicio de informes o al proveedor de informes e inyectar el código que desea.

Esta vulnerabilidad se puede rastrear al ID CVE-2020-0618, y los administradores del servidor pueden corregir cómo las solicitudes de página
https://www.exploit-db.com/exploits/48816

​​🔰 CCNA Complete Courses Free Download 🔰

Ⓜ️ The Cisco Certified Network Associate (CCNA) certification is the second level of Cisco’s five-level career certification process. A CCNA certification certifies a technician’s ability to install, set up, configure, troubleshoot and operate a medium-sized routed and switched computer network. This also includes implementing and verifying connections to a wide area network (WAN).

◾️ CCNA Security Latest Course Download:
https://mega.nz/#F!VooVWb5b!SYOifjCW569KQ5pkpe4taA

◾️ CCNA Wireless Latest Course Download:
https://mega.nz/#F!5k5RiBZD!3euwAjHUwTT2uDjSNd62PQ

◾️ CCNA Service Provider Latest Course Download:
https://mega.nz/#F!R4Q3hZpI!qKYBgyYPz5IbvGJp_2TNvA

◾️ CCNA Cyber Ops Latest Course Download:
https://mega.nz/#F!E8ZznLjK!7svH9q5kuygqXoeRSgGwmQ

◾️ CCNA Data Center Latest Course Download:
https://mega.nz/#F!44RBVLBD!Rz7MhffUkRKA3KT-X0f4Ng

◾️CCNA Routing and Switching Latest Course Download:
https://mega.nz/#F!44RBVLBD!Rz7MhffUkRKA3KT-X0f4Ng

◾️CCNA Cloud Latest Course Download:
https://mega.nz/#F!h8J1Rb5L!5Yr9Uc2deHaAcRe2cl1qMg

◾️ CCNA Collaboration Latest Course Download:
https://mega.nz/#F!xloRCCKR!T6grMYndq4x30YDPdQBSpQ

IP Network scanning

[+] ARP Scan
arp-scan 192.168.50.8/28 -I eth0

[+] NMAP Scans

[+] Nmap ping scan
sudo nmap –sn -oA nmap_pingscan 192.168.100.0/24 (-PE)


[+] Nmap SYN/Top 100 ports Scan
nmap -sS -F -oA nmap_fastscan 192.168.0.1/24

[+] Nmap SYN/Version All port Scan - ## Main Scan
sudo nmap -sV -PN -p0- -T4 -A --stats-every 60s --reason -oA nmap_scan 192.168.0.1/24

[+] Nmap SYN/Version No Ping All port Scan
sudo nmap -sV -Pn -p0- --exclude 192.168.0.1 --reason -oA nmap_scan 192.168.0.1/24

[+] Nmap UDP All port scan - ## Main Scan
sudo nmap -sU -p0- --reason --stats-every 60s --max-rtt-timeout=50ms --max-retries=1 -oA nmap_scan 192.168.0.1/24

[+] Nmap UDP/Fast Scan
nmap -F -sU -oA nmap_UDPscan 192.168.0.1/24

[+] Nmap Top 1000 port UDP Scan
nmap -sU -oA nmap_UDPscan 192.168.0.1/24

[+] HPING3 Scans
hping3 -c 3 -s 53 -p 80 -S 192.168.0.1
Open = flags = SA
Closed = Flags = RA
Blocked = ICMP unreachable
Dropped = No response

[+] Source port scanning
nmap -g <port> (88 (Kerberos) port 53 (DNS) or 67 (DHCP))
Source port also doesn't work for OS detection.

[+] Speed settings
-n Disable DNS resolution
-sS TCP SYN (Stealth) Scan
-Pn Disable host discovery
-T5 Insane time template
--min-rate 1000 1000 packets per second
--max-retries 0 Disable retransmission of timed-out probes

[+] Netcat (swiss army knife)
# Connect mode (ncat is client) | default port is 31337
ncat <host> [<port>]

# Listen mode (ncat is server) | default port is 31337
ncat -l [<host>] [<port>]

# Transfer file (closes after one transfer)
ncat -l [<host>] [<port>] < file

# Transfer file (stays open for multiple transfers)
ncat -l --keep-open [<host>] [<port>] < file

# Receive file
ncat [<host>] [<port>] > file

# Brokering | allows for multiple clients to connect
ncat -l --broker [<host>] [<port>]

# Listen with SSL | many options, use ncat --help for full list
ncat -l --ssl [<host>] [<port>]

# Access control
ncat -l --allow <ip>
ncat -l --deny <ip>

# Proxying
ncat --proxy <proxyhost>[:<proxyport>] --proxy-type {http | socks4} <host>[<port>]

# Chat server | can use brokering for multi-user chat
ncat -l --chat [<host>] [<port>]

Si me das tu número de teléfono es probable que ni imagines lo que puedo averiguar sobre ti
https://www.xataka.com/privacidad/me-das-tu-numero-telefono-probable-imagines-puedo-averiguar-ti/