HackTheBox Writeup: Cap https://infosecwriteups.com/hackthebox-writeup-cap-43c7b6bcb32a?source=rss----7b722bfd1b8d---4

Cryptonite: Un Ransomware para Windows
https://esgeeks.com/cryptonite-ransomware-windows/?feed_id=9029&_unique_id=616b0bc788e05

Roban 35 millones de dólares clonando la voz de un director con inteligencia artificial
https://www.lavanguardia.com/tecnologia/20211016/7794770/roban-35-millones-dolares-clonando-voz-director-inteligencia-artificial-pmv.html

Collection Of Hacking Operating Systems

#operating_systems

🔸These are OS that have been designed specifically for hackers.

✔️ Backtrack5r3
🔗 Link :
https://linux.softpedia.com/dyn-postdownload.php/c230432fe1fe505590023b5beaf41c36/5f2d2982/2505/0/1

✔️ Kalilinux
🔗 Link :
https://cdimage.kali.org/kali-2020.2/kali-linux-2020.2-installer-amd64.iso

✔️ Knoppix
🔗 Link :
http://www.knopper.net/knoppix-mirrors/

✔️ Backbox linux
🔗 Link :
https://www.backbox.org/download/

✔️ Pentoo
🔗 Link :
https://www.pentoo.ch/isos/latest-iso-symlinks/Daily/

✔️ Matriux Krypton
🔗 Link :
https://sourceforge.net/projects/matriux/

✔️ NodeZero
🔗 Link :
https://sourceforge.net/projects/nodezero/files/NodeZero/NodeZero.iso/download

✔️ Blackbuntu
🔗 Link :
https://sourceforge.net/projects/blackbuntu/

✔️ CAINE (Computer Forensics Linux Live Distro)
🔗 Link :
https://mirror.parrotsec.org/mirrors/parrot/iso/caine/caine11.0.iso

✔️ DEFT
🔗 Link :
http://na.mirror.garr.it/mirrors/deft/iso/

✔️ Arch Linux
🔗 Link :
http://mirrors.evowise.com/archlinux/iso/2020.08.01/

✔️ Qubes OS
🔗 Link :
https://mirrors.edge.kernel.org/qubes/iso/Qubes-R4.0.3-x86_64.iso

✔️ Tails OS
🔗 Link :
https://tails.boum.org/install/index.en.html

✔️ Parrot OS
⚠️ Note There Are Different Notes, Read Here First: https://www.parrotsec.org/docs/getting-started/download/

🔗 Link :
https://www.parrotsec.org/download/

✔️ Samurai Web Testing Framework
🔗 Link :
https://sourceforge.net/projects/samurai/files/

✔️ BugTrack
🔗 Link :
https://sourceforge.net/projects/btrack/

✔️ Weakerthan Linux (Changed to Demon Linux)
🔗 Link :
https://demonlinux.com/download/iso/demon-2.4.4.iso

✔️ Cerberus (Windows)
🔗 Link :
https://mega.nz/file/1ZVRgSoQ#RsUCmgH_uJRmB1hg7YmseE9Lnz1VUZBYe-bjRckbNDs

✔️ Black Spider v2 (Windows)
🔗 Link :
https://drive.google.com/file/d/1zbvIhyLsz0q6nDGifnkBSzZaip67WdFP/view

✔️ Black Arch
🔗 Link :
https://ftp.halifax.rwth-aachen.de/blackarch/iso/blackarch-linux-live-2020.06.01-x86_64.iso

✔️ Network Security Toolkit (NST)
🔗 Link :
https://sourceforge.net/projects/nst/

✔️ Cyborg Hawk Linux
🔗 Link :
https://sourceforge.net/projects/cyborghawk1/files/Cyborg%20Hawk%20v1.1/cyborg-hawk-linux-v-1.1.iso/download

Ejecución remota de código en múltiples productos de Atlassian

Fecha de publicación: 21/10/2021
Importancia: 5 - Crítica

Recursos afectados:
Insight - Asset Management App, todas las versiones:
5.x,
6.x,
7.x,
8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.x, 8.6.x, 8.7.x, 8.8.x, y
8.9.x anteriores a la 8.9.3.
Jira Service Management Data Center and Server, todas las versiones:
4.15.x (Insight v. 9.0.x incluida),
4.16.x (Insight v. 9.0.x incluida),
4.17.x (Insight v. 9.0.x incluida),
4.18.x (Insight v. 9.0.x incluida) y
4.19.x (Insight v. 9.1.0 incluida).

Descripción:
El investigador, Khoadha, de Viettel Cyber Security, ha reportado a Atlassian una vulnerabilidad de severidad crítica que podría permitir a un atacante la ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-atlassian

Kit de exploits Magnitude se aprovecha de vulnerabilidades en Chrome
https://blog.segu-info.com.ar/2021/10/kit-de-exploits-magnitude-se-aprovecha.html

ZipExec - Execute binaries from a password protected zip

https://reconshell.com/zipexec-execute-binaries-from-a-password-protected-zip/

Vulnhub Doubletrouble: Walkthrough https://infosecwriteups.com/vulnhub-doubletrouble-walkthrough-b8958f894ca?source=rss----7b722bfd1b8d---4

Windows 11 se estrena con vulnerabilidades y un zero-day https://unaaldia.hispasec.com/2021/10/windows-11-se-estrena-con-vulnerabilidades-y-un-zero-day.html

ExploitDB Just tweeted ****************************************** [webapps] phpMyAdmin 4.8.1 - Remote Code Execution (RCE) https://t.co/ino5jDW5t6

Windows Privilege Escalation: Logon Autostart Execution (Registry Run Keys) https://www.hackingarticles.in/windows-privilege-escalation-logon-autostart-execution-registry-run-keys/

Cisco Email Security Appliance Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device.
This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO



Security Impact Rating: High



CVE: CVE-2021-34741

Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2

https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/

[webapps] Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
hxxps://www.exploit-db.com/exploits/50482

Cisco Policy Suite Static SSH Keys Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Policy%20Suite%20Static%20SSH%20Keys%20Vulnerability&vs_k=1

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.
This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv



Security Impact Rating: Critical



CVE: CVE-2021-40119

Game of Hacks: aprende a hackear
https://blog.segu-info.com.ar/2021/11/game-of-hacks-aprende-hackear.html

📃 "Documentación y formación en ciberseguridad" https://derechodelared.com/documentacion-y-formacion-en-ciberseguridad/

Windows 11 x64 | 21H2 |
👉5.15 GB | Multi | Build 22000.282 |
👉 Noviembre 2021
👉 Basado en: Windows 11 Pro
👉 Autor: Wender Hack
➰➰➰➰➰➰➰➰
https://mega.nz/file/u943EYpT#UVUr9Oda81cWg_kUjDVEnJSpch4jlWHJZhUrpvvJPE0