"Masato Kinugawa vs Microsoft Teams" live from Pwn2Own Vancouver 2022.
https://t.co/EeQLS2Sbwfhttps://youtu.be/3fWo0E6Pa34
https://t.co/EeQLS2Sbwfhttps://youtu.be/3fWo0E6Pa34
Zero-Day: When Windows Active Directory is newly installed and settings are not changed, any user can create 10 computer accounts.
using this command
"djoin /PROVISION /DOMAIN <fqdn> /MACHINE cKPC /SAVEFILE C:\temp\cKPC.txt /DEFPWD /PRINTBLOB /NETBIOS cKPC"
This will create the computer account named cKPC with the password cKPC.
Credits: Qusai Alhaddad
using this command
"djoin /PROVISION /DOMAIN <fqdn> /MACHINE cKPC /SAVEFILE C:\temp\cKPC.txt /DEFPWD /PRINTBLOB /NETBIOS cKPC"
This will create the computer account named cKPC with the password cKPC.
Credits: Qusai Alhaddad
Zero-Day: A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet.
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
Check Point Research
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks - Check Point Research
Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum…
Zero-Day: New Windows Search zero-day added to Microsoft protocol nightmare.
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
BleepingComputer
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
Exclusive | Zero-Day: A high severity EoP bug has been identified by a fellow researcher in SolarWinds Orion platform.
● The bug is not patched and latest version of the software is vulnerable. We (ckure) have confirmed the bug with the researcher and will disclose once researcher and SolarWinds release a stable patch or a workaround.
● The bug is not patched and latest version of the software is vulnerable. We (ckure) have confirmed the bug with the researcher and will disclose once researcher and SolarWinds release a stable patch or a workaround.
Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild.
The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Spyware: The curious tale of a fake Carrier.app targeting users from Italy 🇮🇹 and Kazakhstan 🇰🇿
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
Blogspot
The curious tale of a fake Carrier.app
Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. Towards the ...
‘Syslogk’; a Linux kernel rootkit found under development in the wild.
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
(Based on --> adore-ng): Linux rootkit adapted for 2.6 and 3.x: https://github.com/yaoyumeng/adore-ng
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
(Based on --> adore-ng): Linux rootkit adapted for 2.6 and 3.x: https://github.com/yaoyumeng/adore-ng
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
https://github.com/Ignitetechnologies/Privilege-Escalation
https://github.com/Ignitetechnologies/Privilege-Escalation
GitHub
GitHub - Ignitetechnologies/Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand…
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. - Ignitetechnologies/Privilege-Escalation
This media is not supported in your browser
VIEW IN TELEGRAM
Cyber-War: Lithuania 🇱🇹 has been hit by cyber-attacks after an ultimatum from Russian 🇷🇺 Killnet hackers.
● Pasted 'ckure' emoji at bottom right of the video to obscure profanity.
● Pasted 'ckure' emoji at bottom right of the video to obscure profanity.
Cyber-War: Iran 🇮🇷 has been hit with a strong SCADA based cyber-attack as multiple organisations capitulate under the physical damages that have been caused.
Please note that this is 1-sided information by the threat actor who did not contact us directly.
In their message; they said, "Today, we, "Gonjeshke Darande", carried out cyberattacks against Iran's steel industry which affiliated with the IRGC and the Basij: the Khouzestan Steel Company (KSC), the Mobarakeh Steel Company (Isfahan) (MSC) and the Hormozgan Steel Company (HOSCO). These companies are subject to international sanctions and continue their operations despite the restrictions. These cyberattacks, being carried out carefully so to protect innocent individuals, are in response to the aggression of the Islamic Republic.
As you can see in attached video, these cyberattacks have been carried out carefully so to protect innocent individuals. We also expose here evidence of our access to these companies."
Please note that this is 1-sided information by the threat actor who did not contact us directly.
In their message; they said, "Today, we, "Gonjeshke Darande", carried out cyberattacks against Iran's steel industry which affiliated with the IRGC and the Basij: the Khouzestan Steel Company (KSC), the Mobarakeh Steel Company (Isfahan) (MSC) and the Hormozgan Steel Company (HOSCO). These companies are subject to international sanctions and continue their operations despite the restrictions. These cyberattacks, being carried out carefully so to protect innocent individuals, are in response to the aggression of the Islamic Republic.
As you can see in attached video, these cyberattacks have been carried out carefully so to protect innocent individuals. We also expose here evidence of our access to these companies."
cKure Red
Video
● Ckure is able to confirm the cyber-attack on Iran 🇮🇷 to be authentic.
Weaponizing and Abusing Hidden Functionalities
Contained in Office Document Properties.
https://www.offensive-security.com/offsec/macro-weaponization/
Contained in Office Document Properties.
https://www.offensive-security.com/offsec/macro-weaponization/
OffSec
Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties | OffSec
TJ shows us how adversaries use macro weaponization techniques to abuse hidden functionalities contained in Office document properties.
Bypassing Firefox's HTML Sanitizer API.
https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api
https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api
PortSwigger Research
Bypassing Firefox's HTML Sanitizer API
The HTML Sanitizer is a great new API that allows web developers to filter untrusted HTML natively in the browser rather than use a JavaScript library such as DOM Purify. Microsoft created a similar A