#exploit
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
1. CVE-2022-3328:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
https://seclists.org/oss-sec/2022/q4/164
2. CVE-2022-46146:
Authentication Bypass in Open-Source Prometheus Project
https://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project
3. CVE-2022-4116:
Quarkus Java framework RCE
https://joebeeton.github.io
]-> https://github.com/JoeBeeton/simple-request-attacks
seclists.org
oss-sec: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
#Threat_Research
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
Active C2 Discovery Using Protocol Emulation
Part 1 (HYDSEve, NetWire):
https://blogs.vmware.com/security/2019/11/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire.html
Part 2 (Winnti 4.0):
https://blogs.vmware.com/security/2020/02/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0.html
Part 3 (ShadowPad):
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
Part 4 (Dacls, aka MATA):
https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html
VMware Security Blog
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Malware C2 addresses can be an important IOC to detect known threats. VMware Threat Analysis Unit (TAU) analyzed HYDSEVEN NetWire samples then implemented a scanner to discover active C2 servers on the Internet by emulating the customized C2 protocol.
#Offensive_security
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
1. Demystifying the "SVCHOST.EXE" Process and Its Command Line Options
https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
2. Tools and PoCs for Windows syscall investigation
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
Medium
Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options
#tools
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
#Hardware_Security
Dynamic analysis framework for CPU microcode
https://github.com/pietroborrello/CustomProcessingUnit
]-> Ghidra Processor Module to disassemble/decompile the x86 Intel Atom microcode:
https://github.com/pietroborrello/ghidra-atom-microcode
GitHub
GitHub - pietroborrello/CustomProcessingUnit: The first analysis framework for CPU microcode
The first analysis framework for CPU microcode. Contribute to pietroborrello/CustomProcessingUnit development by creating an account on GitHub.
#Red_Team_Tactics
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
1. Stalking inside of your Chromium Browser
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
2. New PowerShell History Defense Evasion Technique
https://www.blackhillsinfosec.com/new-powershell-history-defense-evasion-technique
SpecterOps
Stalking inside of your Chromium Browser - SpecterOps
With chromium-based browsers being the new favorite, learn how to combine multiple commands supported by CDP to save time and increase efficiency in a red team engagement.
#exploit
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
1. Grafana RCE via SMTP server parameter injection
https://hackerone.com/reports/1200647
2. CVE-2022-23093:
FreeBSD Ping RCE
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
3. CVE-2022-34669:
NVidia GPU Display Driver Vulnerablities
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
#tools
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
#Fuzzing
Userefuzz - User-Agent, X-Forwarded-For and Referer SQLI Fuzzer
https://github.com/root-tanishq/userefuzz
GitHub
GitHub - root-tanishq/userefuzz: User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz
#Threat_Research
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
1. HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
2. Visual Studio Code: RCE
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Write-Ups/HTTP Desync Attack (Request Smuggling).md at main · AnkitCuriosity/Write-Ups
Write-ups of my findings. Contribute to AnkitCuriosity/Write-Ups development by creating an account on GitHub.
#reversing
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
1. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
https://boschko.ca/glinet-router
2. Hacking the router firmware used by (Telia) TG799vac Xtream v17.2-MINT delivered from Technicolor
https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT
Boschko Security Blog
GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
Discovered multiple vulnerabilities in the IoT hardware, software, & cloud peripheral applications (CVE-2022-31898 CVE-2022-42055 CVE-2022-42054).
#tools
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
#Offensive_security
1. HTB: CarpeDiem
https://0xdf.gitlab.io/2022/12/03/htb-carpediem.html
2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)
https://github.com/Wh04m1001/SysmonEoP
3. Nim DLL Sideloading/proxying
https://github.com/byt3bl33d3r/NimDllSideload
0xdf hacks stuff
HTB: CarpeDiem
CarpeDiem is a hard linux box that involves pivoting through a small network of Docker containers. I’ll start by getting admin access to a website, and using an upload feature to get a webshell and a foothold in that container. From there, I’ll enumerate…
⚡1
#Malware_analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
1. ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware
2. Blowing Cobalt Strike Out of the Water With Memory Analysis
https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis
Volexity
₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]
#exploit
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
1. CVE-2022-2650:
Brute Force on wger workout application v2.0
https://github.com/HackinKraken/CVE-2022-2650
2. CVE-2022-44721:
Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
#Threat_Research
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
#tools
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
#Offensive_security
1. PrintNotifyPotato - PrintNotify COM service for lifting rights (Windows 10, 11, Server 2012 - 2022)
https://github.com/BeichenDream/PrintNotifyPotato
2. Script for generating revshells
https://github.com/4ndr34z/shells
3. PoC Implementation of a TRUE call stack spoofer
https://github.com/klezVirus/SilentMoonwalk
GitHub
GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
PrintNotifyPotato. Contribute to BeichenDream/PrintNotifyPotato development by creating an account on GitHub.
#Threat_Research
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
#Blue_Team_Techniques
1. Threatest - CLI and Go framework for end-to-end testing threat detection rules
https://github.com/DataDog/threatest
2. Detect Tactics, Techniques & Combat Threats
https://github.com/rabobank-cdc/DeTTECT
GitHub
GitHub - DataDog/threatest: Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Threatest is a CLI and Go framework for end-to-end testing threat detection rules. - DataDog/threatest
#Malware_analysis
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
1. DuckLogs Malware
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild
2. A PoC ransomware sample to test out your ransomware response strategy
https://github.com/hazcod/ransomwhere
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
#Threat_Research
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
1. Novel Pipeline Vulnerability;
Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
2. MSI - Masquerading as a Software Installer
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Black_Hat_Python_2nd.pdf
4.6 MB
#Tech_book
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
"Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Edition", 2021.
]-> Python 3 Source Code:
https://github.com/EONRaider/blackhat-python3
#tools
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
#Offensive_security
1. Neton - tool for getting information from Internet connected sandboxes
https://github.com/Aetsu/Neton
2. Debugging Protected Processes
https://itm4n.github.io/debugging-protected-processes
]-> Controlling Windows PP(L)s:
https://github.com/itm4n/PPLcontrol
GitHub
GitHub - Aetsu/Neton: Neton is a tool for getting information from Internet connected sandboxes
Neton is a tool for getting information from Internet connected sandboxes - Aetsu/Neton
👍1
#exploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
1. CVE-2022-26265:
Contao CMS v.1.5.0 - RCE
https://github.com/Inplex-sys/CVE-2022-26265
2. CVE-2022-25765:
pdfkit URL Command Injection
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit
GitHub
GitHub - SystemVll/CVE-2022-26265: The first proof of concept of the Contao CMS RCE
The first proof of concept of the Contao CMS RCE. Contribute to SystemVll/CVE-2022-26265 development by creating an account on GitHub.