#Malware_analysis
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
Synacktiv
PrideLocker - a new fork of Babuk ESX encryptor
A few months after the leak of Babuk source code in September 2021, new ransomware families with very similar capabilities already seem to emerge. During an incident response, Synacktiv's CSIRT detect
#Threat_Research
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
1. Reveal Intrusion Campaign Targeting Telco and BPO Companies
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies
2. Moobot Uses a Fake Vulnerability (CVE-2022-28958)
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
crowdstrike.com
Analysis of an Intrusion Campaign Targeting Telco and BPO Companies
CrowdStrike Services analyzes a recent intrusion campaign targeting telecom and business process outsourcing companies and shares how to defend against this attack.
#Red_Team_Tactics
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
1. Red Team Notes 2.0
https://dmcxblue.gitbook.io/red-team-notes-2-0
2. Bypassing MFA with the Pass-the-Cookie Attack
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack
3. RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass
dmcxblue.gitbook.io
Introduction | Red Team Notes 2.0
#tools
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
#Offensive_security
GOAD (Game Of Active Directory)
Part 1 - 5:
Part 6 - ADCS
https://mayfly277.github.io/posts/GOADv2-pwning-part6
Part 7 - MSSQL
https://mayfly277.github.io/posts/GOADv2-pwning-part7
Part 8 - Privilege escalation
https://mayfly277.github.io/posts/GOADv2-pwning-part8
Part 9 - Lateral move
https://mayfly277.github.io/posts/GOADv2-pwning-part9
Part 10 - Delegations
https://mayfly277.github.io/posts/GOADv2-pwning-part10
Part 11 - ACL
https://mayfly277.github.io/posts/GOADv2-pwning-part11
]-> GOAD (ver. 2) Tool: https://mayfly277.github.io/posts/GOADv2
Mayfly
GOAD - part 6 - ADCS
In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam unauthenticated and ESC8 attack to get domain admin on essos.local…
tesi.pdf
2.1 MB
#Research
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
"Reinforcement Learning-aided Dynamic Analysis of Evasive Malware" 2022.
#exploit
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
1. CVE-2022-2414:
XXE in pki-core
https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept
2. CVE-2022-41057:
Windows: HTTP.SYS Kerberos PAC Verification Bypass EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
3. CVE-2022-44638:
Integer overflow in pixman_sample_floor_y leads to heap out-of-bounds write
https://bugs.chromium.org/p/project-zero/issues/detail?id=234
GitHub
GitHub - amitlttwo/CVE-2022-2414-Proof-Of-Concept: A flaw was found in pki-core. Access to external entities when parsing XML documents…
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the co...
#Analytics
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
SentinelOne
macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques
Apple’s security measures are evolving, but macOS malware is still one step ahead. Learn how to keep the Macs in your fleet safe from attackers.
To find XSS bugs in a website
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
You can follow these steps :👇
➡ Identify all the input fields on the website, such as text boxes, dropdown menus, and search boxes.
➡ Test each input field by entering different types of data, such as numbers, special characters, and long strings of text.
➡ Pay attention to how the website responds to your input. If the website echoes your input back to you in any way, such as in an error message or a search result, there may be a potential XSS vulnerability.
➡ If you suspect that a particular input field is vulnerable to XSS, try entering special characters, such as the "<" and ">" characters, to see if the website processes them in a way that could allow an attacker to inject malicious code.
➡ If you are able to successfully inject malicious code into the website, you have found an XSS vulnerability.
🌟 Keep in mind that finding XSS vulnerabilities requires a combination of technical skill and attention to detail.
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #infosec #cybersecurity
#Offensive_security
1. Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
2. Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
1. Loading unsigned Windows drivers without reboot
https://v1k1ngfr.github.io/loading-windows-unsigned-driver
2. Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
https://github.com/machine1337/pycrypt
vegvisir
Loading unsigned Windows drivers without reboot
Loading unsigned Windows drivers without reboot. Dive into gdrv-loader source code.
#exploit
1. Linux Kernel Exploit Development: 1-day case study
https://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study
2. CVE-2021-38003:
Vulnerability that exists in the V8 Javascript engine
https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003
3. CVE-2022-41128:
Type confusion in Internet Explorer's JScript9 engine
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html
1. Linux Kernel Exploit Development: 1-day case study
https://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study
2. CVE-2021-38003:
Vulnerability that exists in the V8 Javascript engine
https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003
3. CVE-2022-41128:
Type confusion in Internet Explorer's JScript9 engine
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html
STAR Labs
TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)
Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report…
sniper_backdoor.pdf
933.9 KB
#Research
"Sniper Backdoor: Single Client Targeted Backdoor Attack in Federated Learning", 2022.
"Sniper Backdoor: Single Client Targeted Backdoor Attack in Federated Learning", 2022.
#tools
#Red_Team_Tactics
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
#Red_Team_Tactics
BlackHat Europe 2022:
Shoggoth - Asmjit Based Polymorphic Shellcode Encryptor
https://github.com/frkngksl/Shoggoth
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
WebSpec.pdf
950.7 KB
#WebApp_Security
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
#Threat_Research
1. Hooking System Calls in Windows 11 22H2: bug in copying the process handle on the current latest version of Avast Free Antivirus (22.11.6041 build 22.11.7716.762)
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
2. Kubernetes Threat Matrix v.3
https://www.microsoft.com/en-us/security/blog/2022/12/07/mitigate-threats-with-the-new-threat-matrix-for-kubernetes
1. Hooking System Calls in Windows 11 22H2: bug in copying the process handle on the current latest version of Avast Free Antivirus (22.11.6041 build 22.11.7716.762)
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
2. Kubernetes Threat Matrix v.3
https://www.microsoft.com/en-us/security/blog/2022/12/07/mitigate-threats-with-the-new-threat-matrix-for-kubernetes
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post I’ll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass