Interesting thread on malware.

https://twitter.com/k3dg3/status/1575173131198558208

Tool 🔧 VirusTotalC2: Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list.

https://github.com/D1rkMtr/VirusTotalC2

● Yet another website: sqlflow.gudusoft.com (Visualizing SQL queries)

A tool 🔧 to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.

https://github.com/Dec0ne/ShadowSpray/

Converting LFI into RCE by chaining PHP encoding filters.

https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html

Zero-Day: Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike .

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2

https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html

Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).

https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966

Exploit Archaeology: A Forensic History Of In-the-wild NSO Group Exploits.

https://github.com/blackorbird/APT_REPORT/blob/master/NSOGroup/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf

● Exclusive - Zero-Day: A medium to high severity vulnerability in SAP portal allows a low privileged authenticated user to escalate privileges within the system abusing certain API end-points.

The latest software / CMS is vulnerable and possibly all previous versions as well.
SAP has been informed about the bug who have confirmed it and have planned to roll out the fix by mid-2023 (Seems SAP does not prioritize security).

No CVE was assigned. Researcher: Aamer

Zero-Day writeup: Accidental $70k Google Pixel Lock 🔐 Screen Bypass.

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass

wa-tunnel - HTTP Tunneling through Whatsapp.

https://github.com/aleixrodriala/wa-tunnel

🚨 Researchers from Google's Project Zero security team said that the Samsung S10, A50, and A51 models were affected, and that only devices powered by Samsung's home-made Exynos chip were vulnerable, meaning the targets (as well as the attackers) were located in Europe, the Middle East, or Africa.

CVE-2021-25337, CVE-2021-25369, CVE-2021-25370

https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html

https://www.techradar.com/news/samsung-phones-are-being-targeted-by-some-seriosuly-shady-zero-days

This (t.me/ckuRED/212) comes as nation state actors are involved in wild exploitation.

Remote Code Execution in Exchange PowerShell Backend.

https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend

Client-side prototype pollution.

https://portswigger.net/web-security/prototype-pollution

Cracking Zeppelin ransomware keys.

https://blog.unit221b.com/dont-read-this-blog/0xdead-zeppelin

Orpheus - Bypasses most Kerberoast Detections (with Modified KDC Options and Encryption Types).

https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/