🔥Windows Contacts(примеры использования Windows Contact API ) RCE vuln(CVE-2022-44666)
⚠️Проблема(эта уязвимость покрывает не полностью проблему) не до конца исправлена, так что и подробности в виде рецензии от мелкомягких отложена на неопределенный срок!
⚠️Проблема(эта уязвимость покрывает не полностью проблему) не до конца исправлена, так что и подробности в виде рецензии от мелкомягких отложена на неопределенный срок!
#reversing
#IoT_Security
How to Identify a Microcontroller Model Using Firmware Analysis
https://www.apriorit.com/dev-blog/787-reverse-engineering-microcontroller-model-identification
#IoT_Security
How to Identify a Microcontroller Model Using Firmware Analysis
https://www.apriorit.com/dev-blog/787-reverse-engineering-microcontroller-model-identification
Apriorit
How to Identify a Microcontroller Model Using Firmware Analysis - Apriorit
Use the firmware analysis process to automatically identify a microcontroller model you need to work with by analyzing the firmware source code.
#info
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
opensourcesecurityindex.io
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
#exploit
1. CVE-2022-45771:
Pwndoc LFI to RCE
https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
2. Discord Image Token Password Grabber Exploit
https://github.com/bluewolf2778/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
1. CVE-2022-45771:
Pwndoc LFI to RCE
https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
2. Discord Image Token Password Grabber Exploit
https://github.com/bluewolf2778/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
GitHub
GitHub - p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE: Pwndoc local file inclusion to remote code execution of Node.js code on the…
Pwndoc local file inclusion to remote code execution of Node.js code on the server - p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
#tools
#Offensive_security
1. udhcpc process crash on BusyBox 1.24.2
https://research.nccgroup.com/2022/12/12/klee-for-the-cve
2. Signing-key abuse and update exploitation framework
https://github.com/kpcyrd/sh4d0wup
3. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
#Offensive_security
1. udhcpc process crash on BusyBox 1.24.2
https://research.nccgroup.com/2022/12/12/klee-for-the-cve
2. Signing-key abuse and update exploitation framework
https://github.com/kpcyrd/sh4d0wup
3. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
NCC Group Research Blog
Replicating CVEs with KLEE
This blog post details the steps taken to replicate a udhcpc process crash on BusyBox 1.24.2 using NVD – CVE-2016-2147 (nist.gov), and to produce a working denial of service exploit. We will …
#Threat_Research
1. Driving Through Defenses: Targeted Attacks Leverage Signed Malicious Microsoft Drivers
https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers
2. Analysis of Royal Ransomware
https://www.cybereason.com/blog/royal-ransomware-analysis
1. Driving Through Defenses: Targeted Attacks Leverage Signed Malicious Microsoft Drivers
https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers
2. Analysis of Royal Ransomware
https://www.cybereason.com/blog/royal-ransomware-analysis
SentinelOne
Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers
Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
#cryptography
Comparison of Symmetric Encryption Methods
https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods
Comparison of Symmetric Encryption Methods
https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods
Dhole Moments
Comparison of Symmetric Encryption Methods - Dhole Moments
There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against eac…
#Sec_code_review
1. Tai-e - static analysis framework for Java
https://github.com/pascal-lab/Tai-e
2. OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
1. Tai-e - static analysis framework for Java
https://github.com/pascal-lab/Tai-e
2. OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
GitHub
GitHub - pascal-lab/Tai-e: An easy-to-learn/use static analysis framework for Java
An easy-to-learn/use static analysis framework for Java - pascal-lab/Tai-e
#tools
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
GitHub
GitHub - optiv/Talon: A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory…
A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment. - optiv/Talon
#exploit
1. CVE-2022-42895:
Linux Kernel: Infoleak in Bluetooth L2CAP Handling
https://seclists.org/oss-sec/2022/q4/190
2. CVE-2021-43444 - 43449:
Exploiting ONLYOFFICE Web Sockets for Unauth RCE
https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution
3. Exploiting SUID Binaries
https://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a
1. CVE-2022-42895:
Linux Kernel: Infoleak in Bluetooth L2CAP Handling
https://seclists.org/oss-sec/2022/q4/190
2. CVE-2021-43444 - 43449:
Exploiting ONLYOFFICE Web Sockets for Unauth RCE
https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution
3. Exploiting SUID Binaries
https://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a
seclists.org
oss-sec: Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling
DACLs_abuse.png
1.1 MB
#Infographics
#Offensive_security
DACLs (Active Directory Discretionary Access Control Lists) abuse
https://www.thehacker.recipes/ad/movement/dacl
#Offensive_security
DACLs (Active Directory Discretionary Access Control Lists) abuse
https://www.thehacker.recipes/ad/movement/dacl
Cooprudea.com.sql
249.9 MB
🌐 Cooprudea.com
ip, ip_long, user_login, user_id, stamp, activity, session_id, country, details, ac_bot, ac_status, ac_by_user
email_to, subject, content, sender_name, sender_email, debug_mode, debugging_output, timestamp, status
📣CVE-2022-28672.zip
16.3 KB
🔥🔥🔥Foxit PDF Reader UAF RCE Exploit JIT Spraying(CVE-2022-28672) - blog post.
This research shows that if Foxit Reader had been compiled with CFG support, the discovered bug would have been more difficult to exploit. However, the lack of CFG support allowed the attacker to use JIT spraying to bypass existing mitigations such as ASLR and DEP. This highlights the importance of using multiple layers of defense to protect against attacks.
💥PoC Exploit
📺Demo: Foxit PDF Reader RCE Demo - CVE-2022-28672
This research shows that if Foxit Reader had been compiled with CFG support, the discovered bug would have been more difficult to exploit. However, the lack of CFG support allowed the attacker to use JIT spraying to bypass existing mitigations such as ASLR and DEP. This highlights the importance of using multiple layers of defense to protect against attacks.
💥PoC Exploit
📺Demo: Foxit PDF Reader RCE Demo - CVE-2022-28672
🔥CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated RCE.
Javascript-Keylogger.zip
13.7 KB
⌨️Javascript Keylogger can come handy in case you are able to access only
DOM/JS of a website and want to get naughty.
Usage:
💾change url variable in keylogger.js to url address where keylogger.php is located
💾load keylogger.js in the DOM of the attacked application
💾put keylogger.php and data.txt to your server where you have data write access (don't forget to set pertinent file privileges).
💥Profit! You're done, just let the victim come to attacked website with JS allowed in the browser and type something.
DOM/JS of a website and want to get naughty.
Usage:
💾change url variable in keylogger.js to url address where keylogger.php is located
💾load keylogger.js in the DOM of the attacked application
💾put keylogger.php and data.txt to your server where you have data write access (don't forget to set pertinent file privileges).
💥Profit! You're done, just let the victim come to attacked website with JS allowed in the browser and type something.
🔓Defeating Windows ASLR via low-entropy shared libraries in 2 hours
As it was demonstrated in this article, ASLR implementation on Windows has important nuances and in some situation can introduce additional risk for an application, especially if the target is a 32-bit program or it is linked with a library which was compiled without /HIGHENTROPYVA and /LARGEADDRESSAWARE flags. While the best solution would be to have per-execution randomization as it is done in Linux and modern MacOS, the good decision would be to move away from 32-bit to 64-bit applications and avoid linkage with shared libraries compiled without /HIGHENTROPYVA and /LARGEADDRESSAWARE flags. This would help to significantly increase complexity of an attack.
As it was demonstrated in this article, ASLR implementation on Windows has important nuances and in some situation can introduce additional risk for an application, especially if the target is a 32-bit program or it is linked with a library which was compiled without /HIGHENTROPYVA and /LARGEADDRESSAWARE flags. While the best solution would be to have per-execution randomization as it is done in Linux and modern MacOS, the good decision would be to move away from 32-bit to 64-bit applications and avoid linkage with shared libraries compiled without /HIGHENTROPYVA and /LARGEADDRESSAWARE flags. This would help to significantly increase complexity of an attack.