Tool 🔧 OSV-Scanner: Vulnerability Scanner for Open Source.
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html
https://github.com/google/osv-scanner
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html
https://github.com/google/osv-scanner
Google Online Security Blog
Announcing OSV-Scanner: Vulnerability Scanner for Open Source
Posted by Rex Pan, software engineer, Google Open Source Security Team Today, we’re launching the OSV-Scanner , a free tool that gives ope...
Critical Windows code-execution vulnerability went undetected until now.
https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/
https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/
Ars Technica
Critical Windows code-execution vulnerability went undetected until now
Microsoft elevates security rating for vulnerability resembling EternalBlue.
● Exclusive - Zero-Day: A critical security vulnerability has been identified in appviewx. It can be used to spoof certificates.
This is not the official def. Will wait for researcher to share details.
cKure Red
● Exclusive - Zero-Day: A critical security vulnerability has been identified in appviewx. It can be used to spoof certificates. This is not the official def. Will wait for researcher to share details.
Impact of the Zero-Day (mentioned here: https://t.me/ckuRED/231).
Enrollment: An adversary can issue a certificate from the CA and later use that for hosting fake websites that all the clients of that firm under attack will automatically trust.
Revocation: An adversary can bring down any website /application by just getting the public certificate of that application.
Optionally, if you have to plan big, discover all applications, download the public certificate, and at once revoke all.
Enrollment: An adversary can issue a certificate from the CA and later use that for hosting fake websites that all the clients of that firm under attack will automatically trust.
Revocation: An adversary can bring down any website /application by just getting the public certificate of that application.
Optionally, if you have to plan big, discover all applications, download the public certificate, and at once revoke all.
AMSI Bypass Using CLR Hooking.
https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
Practical Security Analytics LLC
New AMSI Bypass Using CLR Hooking
Introduction In this article, I will present a new technique to bypass Microsoft’s Anti-Malware Scan Interface (AMSI) using API Call Hooking of CLR methods. When executed on a Windows system,…
Reverse shell with the XOR encryption for the communication between server/client, but now with C#.
https://twitter.com/zux0x3a/status/1609592330373455872
https://github.com/0xsp-SRD/0xsp.com/tree/main/rev_shell_xor_enc
https://twitter.com/zux0x3a/status/1609592330373455872
https://github.com/0xsp-SRD/0xsp.com/tree/main/rev_shell_xor_enc
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding.
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
Meta for Developers
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Facebook For Developers
⚠️ Zero-Day: Vulnerability in JWT Secret Poisoning (CVE-2022-23529).
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
https://nvd.nist.gov/vuln/detail/CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
https://nvd.nist.gov/vuln/detail/CVE-2022-23529
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
Exploiting null-dereferences in the Linux kernel.
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
projectzero.google
Exploiting null-dereferences in the Linux kernel - Project Zero
Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able t...
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847).
https://www.codelivly.com/linux-privilege-escalation-dirtypipe/
https://www.codelivly.com/linux-privilege-escalation-dirtypipe/
Codelivly
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions
Top 10 Web Hacking Techniques of 2022.
https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
A simple script as malware that will turn off the firewall, start an HTTP server, forward its port through 'ngrok' and send the URL of the server through a Telegram bot.
https://github.com/usdchef/malvinci
https://github.com/usdchef/malvinci
GitHub
GitHub - mazithesage/malvinci: This simple but powerful script will introduce a new type of malware that will turn off the firewall…
This simple but powerful script will introduce a new type of malware that will turn off the firewall, start an HTTP server, forward its port through ngrok, and send the URL of the server through a ...
Privacy-Breach: United States 🇺🇸
The IRS has paid an Israeli 🇮🇱 company! 'Cobwebs Technologies' hundreds of thousands of dollars for an internet investigative tool that allows the IRS to conduct undercover investigations online, according to internal IRS documents obtained by Motherboard.
vice.com/en/article/xgynn4/company-helping-irs-go-undercover-cobwebs-technologies
The IRS has paid an Israeli 🇮🇱 company! 'Cobwebs Technologies' hundreds of thousands of dollars for an internet investigative tool that allows the IRS to conduct undercover investigations online, according to internal IRS documents obtained by Motherboard.
vice.com/en/article/xgynn4/company-helping-irs-go-undercover-cobwebs-technologies
VICE
The Company Helping the IRS Go Undercover Online
Internal IRS documents obtained by Motherboard show the IRS paid Israeli firm Cobwebs Technologies hundreds of thousands of dollars for a tool that helps it monitor the web while undercover.
CVE-2023-21752; allows a basic user to execute arbitrary code on a host to delete files from [a] specified storage path, from Windows Backup and Restore service.
The vulnerability is triggered using the Race Condition between temporary file creation and deletion, which takes place following the authentication process.
https://cloudsek.com/threatintelligence/cve-2023-21752-privilege-escalation-vulnerability-on-windows-backup-service
https://www.infosecurity-magazine.com/news/hackers-exploit-flaw-windows/
The vulnerability is triggered using the Race Condition between temporary file creation and deletion, which takes place following the authentication process.
https://cloudsek.com/threatintelligence/cve-2023-21752-privilege-escalation-vulnerability-on-windows-backup-service
https://www.infosecurity-magazine.com/news/hackers-exploit-flaw-windows/
Cloudsek
CVE-2023-21752: Privilege Escalation Vulnerability on Windows Backup Service | Threat Intelligence | CloudSEK
CloudSEK’s Threat Intelligence team has uncovered a cybercrime forum post, where an analysis of the recently disclosed CVE-2023-21752 was provided by a threat actor with a medium reputation
Vulnerability write-up - "Dangerous assumptions".
https://www.codean.io/blog/vulnerability-write-up---%22dangerous-assumptions%22
https://www.codean.io/blog/vulnerability-write-up---%22dangerous-assumptions%22
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
The GitHub Blog
The code that wasn't there: Reading memory on an Android device by accident
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space…
Tool that could notify you when your hacking tools finish running.
Supports
✅ Slack
✅ Discord
✅ Pushover
✅ Email
✅ Teams
✅ Goolge Chat
✅ Custom options
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
https://github.com/projectdiscovery/notify
Supports
✅ Slack
✅ Discord
✅ Pushover
✅ Teams
✅ Goolge Chat
✅ Custom options
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
https://github.com/projectdiscovery/notify
GitHub
GitHub - projectdiscovery/notify: Notify is a Go-based assistance package that enables you to stream the output of several tools…
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms. - projectdiscovery/notify