Top 25 CWE 2021: las debilidades de software más peligrosas
https://blog.segu-info.com.ar/2021/07/top-25-cwe-2021-las-debilidades-de.html
https://blog.segu-info.com.ar/2021/07/top-25-cwe-2021-las-debilidades-de.html
#exploit
PoC for exploiting CVE-2021-28903:
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem()
https://github.com/AlAIAL90/CVE-2021-28903
PoC for exploiting CVE-2021-28903:
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem()
https://github.com/AlAIAL90/CVE-2021-28903
ExploitDB Just tweeted ****************************************** [webapps] Microsoft SharePoint Server 2019 - Remote Code Execution (2) https://t.co/Vxas2ftaha
Exploit Database
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
Microsoft SharePoint Server 2019 - Remote Code Execution (2). CVE-2020-1147 . webapps exploit for ASPX platform
#APT31 #Zirconium
Comprometen routers de oficinas y de casas
Los routers comprometidos permiten a los crackers mantener el anonimato durante ataques a gran escala.
APT31 ha estado atacando un gran número de routers para utilizarlos contra organizaciones y autoridades francesas.
Fuente en inglés:
https://arstechnica.com/gadgets/2021/07/home-and-office-routers-come-under-attack-by-china-state-hackers-france-warns/
Comprometen routers de oficinas y de casas
Los routers comprometidos permiten a los crackers mantener el anonimato durante ataques a gran escala.
APT31 ha estado atacando un gran número de routers para utilizarlos contra organizaciones y autoridades francesas.
Fuente en inglés:
https://arstechnica.com/gadgets/2021/07/home-and-office-routers-come-under-attack-by-china-state-hackers-france-warns/
Ars Technica
Home and office routers come under attack by China state hackers, France warns
Compromised routers give the hackers anonymity in ongoing large-scale attacks.
Cisco SD-WAN Software Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Information%20Disclosure%20Vulnerability&vs_k=1
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.
This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq
Security Impact Rating: Medium
CVE: CVE-2021-1614
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Information%20Disclosure%20Vulnerability&vs_k=1
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.
This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq
Security Impact Rating: Medium
CVE: CVE-2021-1614
Cisco
Cisco Security Advisory: Cisco SD-WAN Software Information Disclosure Vulnerability
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.
This vulnerability is due to insufficient…
This vulnerability is due to insufficient…
⛲
https://noviello.it/es/como-instalar-y-configurar-wireguard-vpn-en-debian-10/
Documento 👇👀
https://t.me/MegaGrAn1976/7062
Video👇👀
https://t.me/MegaGrAn1976/7063
Video👇👀
Como usar el cliente WireGuard
🔗 https://t.me/MegaGrAn1976/7064
Instalación windows y terminales Linux.
🔗👇👀https://t.me/MegaGrAn1976/7065
https://noviello.it/es/como-instalar-y-configurar-wireguard-vpn-en-debian-10/
Documento 👇👀
https://t.me/MegaGrAn1976/7062
Video👇👀
https://t.me/MegaGrAn1976/7063
Video👇👀
Como usar el cliente WireGuard
🔗 https://t.me/MegaGrAn1976/7064
Instalación windows y terminales Linux.
🔗👇👀https://t.me/MegaGrAn1976/7065
Noviello.it
Cómo instalar y configurar WireGuard VPN en Debian 10
Debian 10: cómo instalar y configurar WireGuard VPN en Debian 10. WireGuard es una VPN (red privada virtual) genérica que utiliza criptografía ...
ExploitDB Just tweeted ****************************************** [dos] Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC) https://t.co/A5ANdxL2rb
Exploit Database
Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)
Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC).. dos exploit for Windows platform
Cositas básicas
📃 "Así es cómo tu CPU y GPU realizan los cálculos matemáticos en tu PC" https://hardzone.es/reportajes/que-es/alu/
📃 "Disco duro: qué es, tipos y cómo funciona" https://www.elgrupoinformatico.com/noticias/disco-duro-que-tipos-como-funciona-t79244.html
📃 "Qué es la memoria RAM y cómo funciona" https://www.profesionalreview.com/2018/11/01/memoria-ram/
📃 "Controla el funcionamiento de tu tarjeta de red con NetworkCountersWatch" https://www.redeszone.net/2017/09/25/networkcounterswatch-informacion-tarjeta-red/
📃 "¿Cómo funciona un router?" https://www.cisco.com/c/es_mx/solutions/small-business/resource-center/networking/how-does-a-router-work.html
📃 "La informática forense en la investigación de delitos" https://protecciondatos-lopd.com/empresas/informatica-forense/
📃 "Cómo proteger tu empresa gracias a una auditoría de ciberseguridad" https://keepcoding.io/blog/auditoria-de-ciberseguridad/
📃 "¿Qué es un pentesting, o prueba de penetración?" https://nordvpn.com/es/blog/que-es-el-pentesting/
🎓 "Curso de Wireless Penetration Testing con Kali linux" https://www.youtube.com/watch?v=2TFnEcJEL10&list=PL-G03HRCQgdFKAaW718J14tKDM63mGirL
📃 "¿Qué es una VPN?" https://nordvpn.com/es/what-is-a-vpn/
Descuento a una VPN para los suscriptores de @seguridadinformatic4 Utiliza el cupón informatica o entra directamente en este enlace: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=45752&url_id=11987
📃 "Así es cómo tu CPU y GPU realizan los cálculos matemáticos en tu PC" https://hardzone.es/reportajes/que-es/alu/
📃 "Disco duro: qué es, tipos y cómo funciona" https://www.elgrupoinformatico.com/noticias/disco-duro-que-tipos-como-funciona-t79244.html
📃 "Qué es la memoria RAM y cómo funciona" https://www.profesionalreview.com/2018/11/01/memoria-ram/
📃 "Controla el funcionamiento de tu tarjeta de red con NetworkCountersWatch" https://www.redeszone.net/2017/09/25/networkcounterswatch-informacion-tarjeta-red/
📃 "¿Cómo funciona un router?" https://www.cisco.com/c/es_mx/solutions/small-business/resource-center/networking/how-does-a-router-work.html
📃 "La informática forense en la investigación de delitos" https://protecciondatos-lopd.com/empresas/informatica-forense/
📃 "Cómo proteger tu empresa gracias a una auditoría de ciberseguridad" https://keepcoding.io/blog/auditoria-de-ciberseguridad/
📃 "¿Qué es un pentesting, o prueba de penetración?" https://nordvpn.com/es/blog/que-es-el-pentesting/
🎓 "Curso de Wireless Penetration Testing con Kali linux" https://www.youtube.com/watch?v=2TFnEcJEL10&list=PL-G03HRCQgdFKAaW718J14tKDM63mGirL
📃 "¿Qué es una VPN?" https://nordvpn.com/es/what-is-a-vpn/
Descuento a una VPN para los suscriptores de @seguridadinformatic4 Utiliza el cupón informatica o entra directamente en este enlace: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=45752&url_id=11987
HardZone
Así es cómo tu CPU y GPU realizan los cálculos matemáticos en tu PC
La ALU o unidad lógico-aritmética es la pieza dentro de la CPU y CPU que se encarga de los cálculos matemáticos. ¿Cuál es su funcionamiento?
Vulnerabilidades críticas en Oracle WebLogic Server
https://unaaldia.hispasec.com/2021/07/vulnerabilidades-criticas-en-oracle-weblogic-server.html
https://unaaldia.hispasec.com/2021/07/vulnerabilidades-criticas-en-oracle-weblogic-server.html
Una al Día
Vulnerabilidades críticas en Oracle WebLogic Server
Publicados los boletines de seguridad trimestrales de Oracle que solventan múltiples vulnerabilidades críticas.
IoT-PT: entorno virtual de pentesting para dispositivos IoT
https://blog.segu-info.com.ar/2021/07/iot-pt-entorno-virtual-de-pentesting.html
https://blog.segu-info.com.ar/2021/07/iot-pt-entorno-virtual-de-pentesting.html
Segu-Info - Ciberseguridad desde 2000
IoT-PT: entorno virtual de pentesting para dispositivos IoT
XCSSET, el malware de MacOS vuelve con novedades
https://unaaldia.hispasec.com/2021/07/xcsset-el-malware-de-macos-vuelve-con-novedades.html
https://unaaldia.hispasec.com/2021/07/xcsset-el-malware-de-macos-vuelve-con-novedades.html
Una al Día
XCSSET, el malware de MacOS vuelve con novedades
Un malware cuyo principal objetivo es el sistema operativo MacOS ha vuelto con una actualización que le dota de más funcionalidades.
# CVE-2017-9841. The exploit targets Drupal sites that currently or
previously used the Mailchimp or Mailchimp commerce module and still have a
vulnerable version of the file
sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php.
See below for details on whether a file is vulnerable or not. The vulnerable
file might be at other paths on your individual site, but an automated attack
exists that is looking for that specific path. This attack can execute PHP on
the server
previously used the Mailchimp or Mailchimp commerce module and still have a
vulnerable version of the file
sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php.
See below for details on whether a file is vulnerable or not. The vulnerable
file might be at other paths on your individual site, but an automated attack
exists that is looking for that specific path. This attack can execute PHP on
the server
Nuevo video! Esta vez de la máquina Anonymous, de la plataforma THM, cualquier feedback es de mucha ayuda gracias!
https://www.youtube.com/watch?v=GH2FFIGd-y4
https://www.youtube.com/watch?v=GH2FFIGd-y4
RomBuster - router exploitation tool
#RomBuster #Router #Exploitation #Exploit #VULNERABILITIES
https://reconshell.com/rombuster-router-exploitation-tool/
#RomBuster #Router #Exploitation #Exploit #VULNERABILITIES
https://reconshell.com/rombuster-router-exploitation-tool/
How to Check Open Ports in Your Linux System
https://reconshell.com/how-to-check-open-ports-in-your-linux-system/
https://reconshell.com/how-to-check-open-ports-in-your-linux-system/
Penetration Testing Tools, ML and Linux Tutorials
How to Check Open Ports in Your Linux System - Penetration Testing Tools, ML and Linux Tutorials
As a Linux system administrator, to transmit data from server to server having a good command over the TCP (Transmission Control Protocol) protocols is very
El gobierno de Chile ha puesto urgencia a la discusión del TPP en el Senado. Su aprobación significará mayores restricciones y persecución en la actividad digital y en el intercambio de contenidos. Más información ⬇️
https://colectivodisonancia.net/2021/01/no-al-tpp/
Infografía TPP: https://colectivodisonancia.net/no-al-tpp-info/
https://colectivodisonancia.net/2021/01/no-al-tpp/
Infografía TPP: https://colectivodisonancia.net/no-al-tpp-info/
Colectivo Disonancia
No al TPP
El TPP11 es un tratado económico y político que amenaza la autonomía de las comunicaciones y la capacidad de organizarnos en red.
KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
📃 "Escalada de privilegios en Linux con polkit" https://unaaldia.hispasec.com/2021/06/escalada-de-privilegios-en-linux-con-polkit.html
Una al Día
Escalada de privilegios en Linux con polkit
Un reciente artículo detalla el procedimiento que permite realizar una escalada de privilegios en sistemas Linux que utilizan el servicio polkit.
Gracias a todos los nuevos integrantes del grupo, por estar aquí y a los que siempre han estado desde el comienzo, un saludo y no olviden compartir el canal para que podamos seguir creciendo muchas gracias a todos.
Canal en telegram
⚔🛡☣ Comunidad Anonimo501 💻📱🖥
https://t.me/Pen7esting
Canal de Youtube
https://youtube.com/c/Anonimo501
Github
https://github.com/Anonimo501
Canal en telegram
⚔🛡☣ Comunidad Anonimo501 💻📱🖥
https://t.me/Pen7esting
Canal de Youtube
https://youtube.com/c/Anonimo501
Github
https://github.com/Anonimo501
Telegram
Comunidad Pen7esting
@Anonimo501