Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys
#nettitude
CVE-2024-31497 is a vulnerability in PuTTY, a popular Windows SSH client, relating to a flaw in its P-521 ECDSA implementation. This vulnerability is known to affect versions 0.68 through 0.80, which span the last 7 years. This potentially affects anyone who has used a P-521 ECDSA SSH key with an affected version, regardless of whether [...]
via Nettitude Labs Blog (author: Graham Sutherland)
#nettitude
CVE-2024-31497 is a vulnerability in PuTTY, a popular Windows SSH client, relating to a flaw in its P-521 ECDSA implementation. This vulnerability is known to affect versions 0.68 through 0.80, which span the last 7 years. This potentially affects anyone who has used a P-521 ECDSA SSH key with an affected version, regardless of whether [...]
via Nettitude Labs Blog (author: Graham Sutherland)
Entra ID Banned Password Lists: password spraying optimizations and defenses
#synacktiv
via Synacktiv Blog (author: Matthieu Barjole)
#synacktiv
via Synacktiv Blog (author: Matthieu Barjole)
Introducing DAST scanning in the Cloud, with Burp Suite Enterprise Edition
#portswigger
We’re excited to announce that Burp Suite Enterprise Edition is now available in PortSwigger’s secure cloud. You can now free up testing time with scalable, automated DAST scanning, without the burden
via PortSwigger Blog
#portswigger
We’re excited to announce that Burp Suite Enterprise Edition is now available in PortSwigger’s secure cloud. You can now free up testing time with scalable, automated DAST scanning, without the burden
via PortSwigger Blog
Introducing the MLCommons AI Safety v0.5 Proof of Concept
#nettitude
Artificial Intelligence (AI) has been making significant strides in recent years, with advancements in machine learning and deep learning techniques. However, as AI systems become more complex and powerful, ensuring their safety becomes increasingly critical. In a ground-breaking move towards enhancing AI safety, MLCommons, an open collaboration-focused Artificial Intelligence engineering consortium, has unveiled the MLCommons [...]
via Nettitude Labs Blog (author: Dave Parsons)
#nettitude
Artificial Intelligence (AI) has been making significant strides in recent years, with advancements in machine learning and deep learning techniques. However, as AI systems become more complex and powerful, ensuring their safety becomes increasingly critical. In a ground-breaking move towards enhancing AI safety, MLCommons, an open collaboration-focused Artificial Intelligence engineering consortium, has unveiled the MLCommons [...]
via Nettitude Labs Blog (author: Dave Parsons)
Quantum readiness: Introduction to Modern Cryptography
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
#nettitude
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is heavily locked down and prevents unauthorised code from running. Source: https://www.melbourneglobal.com.au/cisco-esa-c195-k9-esa-c195-email/ I recently took one of these apart in order [...]
via Nettitude Labs Blog (author: Aaron Thacker)
#nettitude
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is heavily locked down and prevents unauthorised code from running. Source: https://www.melbourneglobal.com.au/cisco-esa-c195-k9-esa-c195-email/ I recently took one of these apart in order [...]
via Nettitude Labs Blog (author: Aaron Thacker)
👍1
OUned.py: exploiting hidden Organizational Units ACL attack vectors in Active Directory
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
So I became a node: exploiting bootstrap tokens in Azure Kubernetes Service
#synacktiv
via Synacktiv Blog (author: Paul Barbé)
#synacktiv
via Synacktiv Blog (author: Paul Barbé)
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3
#trustedsec
This is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities. This requirement is one (1) of the most misunderstood…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
This is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities. This requirement is one (1) of the most misunderstood…
via TrustedSec Blog (author: Chris Camejo)
Loading DLLs Reflections
#trustedsec
We're back with another post about common malware techniques. This time we're not talking about process hollowing. We are going to branch off and talk about the reflective loading of a DLL. This is a technique used to…
via TrustedSec Blog (author: Scott Nusbaum)
#trustedsec
We're back with another post about common malware techniques. This time we're not talking about process hollowing. We are going to branch off and talk about the reflective loading of a DLL. This is a technique used to…
via TrustedSec Blog (author: Scott Nusbaum)
🔥1
CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox
#mdsec
VirtualBox is popular open source, cross-platform, virtualization software developed by Oracle Corporation. Earlier this year we identified an arbitrary file move vulnerability in the VirtualBox system service service that could...
via MDSec Blog (author: Admin)
#mdsec
VirtualBox is popular open source, cross-platform, virtualization software developed by Oracle Corporation. Earlier this year we identified an arbitrary file move vulnerability in the VirtualBox system service service that could...
via MDSec Blog (author: Admin)
🔥2
👻 Souls without bodies, phantom types shenanigans 👻
#synacktiv
via Synacktiv Blog (author: Simon Marechal)
#synacktiv
via Synacktiv Blog (author: Simon Marechal)
Shellcode: Data Masking 2
#odzhan
Introduction This is a quick follow up post to Data Masking that discussed how one might use the Fisher-Yates shuffle and a DRBG to mask shellcode. There’s a lot of ways to mask data that don’t involve using an XOR …
via modexp Blog (author: odzhan)
#odzhan
Introduction This is a quick follow up post to Data Masking that discussed how one might use the Fisher-Yates shuffle and a DRBG to mask shellcode. There’s a lot of ways to mask data that don’t involve using an XOR …
via modexp Blog (author: odzhan)
OST Release Blog: EDR Tradecraft, Presets, PowerShell Tradecraft, and More
#outflank
Malicious actors continuously deploy new or improved techniques. Red teams must maintain an equally rapid pace of development of their tooling arsenal to remain effective at testing evolving defensive measure and preparing organizations for advanced threats. With the dedicated research and development efforts from the Outflank team, OST is constantly evolving, with additions of new, leading-edge tools unique to the market as well as regular enhancements to our existing tools.
In this quarterly release blog, we’ll summarize some of the latest updates we’ve made over the past few months.
via Outflank Blog (author: Marc Smeets)
#outflank
Malicious actors continuously deploy new or improved techniques. Red teams must maintain an equally rapid pace of development of their tooling arsenal to remain effective at testing evolving defensive measure and preparing organizations for advanced threats. With the dedicated research and development efforts from the Outflank team, OST is constantly evolving, with additions of new, leading-edge tools unique to the market as well as regular enhancements to our existing tools.
In this quarterly release blog, we’ll summarize some of the latest updates we’ve made over the past few months.
via Outflank Blog (author: Marc Smeets)
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
#trustedsec
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been…
via TrustedSec Blog (author: nyx geek)
#trustedsec
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been…
via TrustedSec Blog (author: nyx geek)
ADCS Attack Paths in BloodHound — Part 2
#specterops
via SpecterOps Team Medium (author: Jonas Bülow Knudsen)
#specterops
via SpecterOps Team Medium (author: Jonas Bülow Knudsen)
Medium
ADCS Attack Paths in BloodHound — Part 2
In this blog post, we will cover how we have incorporated the Golden Certificates and the ADCS ESC3 abuse technique in BloodHound.
Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps
#netspi
NetSPI explores extracting managed identity credentials from Azure Function Apps to expose sensitive data.
via NetSPI Technical Blog (author: Karl Fosaaen)
#netspi
NetSPI explores extracting managed identity credentials from Azure Function Apps to expose sensitive data.
via NetSPI Technical Blog (author: Karl Fosaaen)
Automating Managed Identity Token Extraction in Azure Container Registries
#netspi
Learn the processes used to create a malicious Azure Container Registry task that can be used to export tokens for Managed Identities attached to an ACR.
via NetSPI Technical Blog (author: Karl Fosaaen)
#netspi
Learn the processes used to create a malicious Azure Container Registry task that can be used to export tokens for Managed Identities attached to an ACR.
via NetSPI Technical Blog (author: Karl Fosaaen)