cKure Red pinned ยซโ ๏ธ โDespicableโ iPhone Hacks In Armenia Find NSO Spyware โIn Active Warzoneโ. For the first time, the Israeli companyโs spyware has been used in a conflict zone, according to researchers. In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokespersonโฆยป
Money message ransomware group hacks MSI and steals BIOS / Intel keys which will enable bad actors to code sign the firmware and send as an update to MSI systems.
MSI Signing Keys for Intel Boot Guard we're released by the group.
Now anyone can sign device firmware with MSI private keys. This represents a long-term persistent risk to be considered by all users.
The data is leaked after MSI ignored to pay the group.
https://vt.tiktok.com/ZSLNqWmTx/
https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/
https://www.kaspersky.com/blog/msi-firmware-keys-leak/48300/
https://socradar.io/money-message-ransomware-leaks-msi-signing-keys-for-intel-boot-guard/
MSI Signing Keys for Intel Boot Guard we're released by the group.
Now anyone can sign device firmware with MSI private keys. This represents a long-term persistent risk to be considered by all users.
The data is leaked after MSI ignored to pay the group.
https://vt.tiktok.com/ZSLNqWmTx/
https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/
https://www.kaspersky.com/blog/msi-firmware-keys-leak/48300/
https://socradar.io/money-message-ransomware-leaks-msi-signing-keys-for-intel-boot-guard/
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability). PoC released for the bug exploited in attacks.
https://blog.avast.com/avast-patches-microsoft-vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/
https://blog.avast.com/avast-patches-microsoft-vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/
Avast
Avast discovers and helps patch a major vulnerability
Avast researchers discovered a dangerous vulnerability in Microsoft software, then worked with Microsoft to rapidly patch it.
cKure Red
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability). PoC released for the bug exploited in attacks. https://blog.avast.com/avast-patches-microsoft-vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336 https://www.bโฆ
YouTube
CVE-2023-29336 Exploit Demo on Windows Server 2016
CVE-2023-29336 - Win32k Elevation of Privilege Vulnerability.
Our researcher just developed the exploit and passed testing on Windows Server 2016
Our researcher just developed the exploit and passed testing on Windows Server 2016
Zero-Day: Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away (AirGap).
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
Ars Technica
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
Chinese hackers use DNS-over-HTTPS for Linux malware communication.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
Stairwell
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant โ Stairwell
Exploiting CVE-2023-33476 for remote code execution.
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
hyprblog
chonked pt.2: exploiting cve-2023-33476 for remote code execution
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite.
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
Google Dork - Valuable Extensions.
site:"target[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccessAnother approach of Threadless injection discovered by x.com/_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state.
โ This is untested code and could have unintended consequences.
https://github.com/TheD1rkMtr/D1rkInject
โ This is untested code and could have unintended consequences.
https://github.com/TheD1rkMtr/D1rkInject
X (formerly Twitter)
CCob๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ (@_EthicalChaos_) on X
Ceri Coburn: Hacker | Rฬทuฬทnฬทnฬทeฬทrฬท DIYer| Vizsla Fanboy and a Little Welsh Bull apparently ๐ด๓ ง๓ ข๓ ท๓ ฌ๓ ณ๓ ฟ
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
Damn Exploitable Android App - Abusing Info Leaks to bypass ASLR.
https://www.mobilehackinglab.com/blog/damn-exploitable-android-app-abusing-info-leaks-to-bypass-aslr
https://www.mobilehackinglab.com/blog/damn-exploitable-android-app-abusing-info-leaks-to-bypass-aslr
Mobilehackinglab
Damn Exploitable Android App - Abusing Info Leaks to bypass ASLR
Dive into our latest blog to learn a clever technique for exploiting format string vulnerabilities to bypass ASLR, revealing key memory addresses and targeting the Damn Exploitable Android App.
Exploiting A Flaw In Bitmap Handling In Windows User-mode Printer Drivers.
https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers
https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers
Zero Day Initiative
Zero Day Initiative โ Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers
In this guest blog from researcher Marcin Wiฤ
zowski, he details CVE-2023-21822 โ a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin hasโฆ
STUXNET - TACTICS & TECHNIQUES.pdf
3.1 MB
A brief peak onto one of the world's most high profile cases involving nation state actors, millions of dollars and thousands of hours of work involving 5 countries across 3 continents over at least half a decade.
This function combines all the above functions and takes necessary information from the user to change the IP and MAC address, start the responder and tcpdump tools, and run the nbtscan tool.
https://github.com/alperenugurlu/Nac_Bypass_Agent
https://github.com/alperenugurlu/Nac_Bypass_Agent
GitHub
GitHub - alperenugurlu/Nac_Bypass_Agent: This function combines all the above functions and takes necessary information from theโฆ
This function combines all the above functions and takes necessary information from the user to change the IP and MAC address, start the responder and tcpdump tools, and run the nbtscan tool. - alp...
Sites scramble to block ChatGPT web crawler after instructions emerge.
https://arstechnica.com/information-technology/2023/08/openai-details-how-to-keep-chatgpt-from-gobbling-up-website-data/
User agent token: GPTBot
Full user-agent string: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.0; +https://openai.com/gptbot)https://arstechnica.com/information-technology/2023/08/openai-details-how-to-keep-chatgpt-from-gobbling-up-website-data/
Ars Technica
Sites scramble to block ChatGPT web crawler after instructions emerge
Restrictions don't apply to current OpenAI models, but will affect future versions.
Cyber-War by Russia: SandWorm group's latest Operation
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain.
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/SBU%20exposes%20russian%20intelligence%20attempts%20to%20penetrate%20Armed%20Forces'%20planning%20operations%20system.pdf
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain.
https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/SBU%20exposes%20russian%20intelligence%20attempts%20to%20penetrate%20Armed%20Forces'%20planning%20operations%20system.pdf
GitHub
APT_REPORT/Sandworm/SBU exposes russian intelligence attempts to penetrate Armed Forces' planning operations system.pdf at masterโฆ
Interesting APT Report Collection And Some Special IOC - blackorbird/APT_REPORT