CVE-2020-6418-exploit.js
3.9 KB
🔥Deconstructing and Exploiting CVE-2020-6418 (exploit here)
This vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome’s V8 prior to 80.0.3987.122. In this article, Daniel Toh Jing En will give a step-by-step analysis of the vulnerability, from the root cause to exploitation.
This vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome’s V8 prior to 80.0.3987.122. In this article, Daniel Toh Jing En will give a step-by-step analysis of the vulnerability, from the root cause to exploitation.
exploit.c
5.7 KB
|CVE-2022-2602 Kernel Exploit|
🔥The vulnerability is an UAF that impacts the registered file descriptor functionality in the io_uring subsystem. It's possible to register a file in the io_uring context, free it from the Unix Garbage Collector(GC) and re-use it with the requested io_uring operation (for example, a writev operation). To exploit the bug, it was a matter of replace the freed file structure with a read-only file (e.g. /etc/passwd), in order to write into it, and achieve a good timing with a small race window.
🔥The vulnerability is an UAF that impacts the registered file descriptor functionality in the io_uring subsystem. It's possible to register a file in the io_uring context, free it from the Unix Garbage Collector(GC) and re-use it with the requested io_uring operation (for example, a writev operation). To exploit the bug, it was a matter of replace the freed file structure with a read-only file (e.g. /etc/passwd), in order to write into it, and achieve a good timing with a small race window.
poc_userfaultfd.c
4.1 KB
🔥CVE-2022-2602 Exploit using userfaultfd technique
poc_inode_locking.c
5 KB
🔥CVE-2022-2602 Exploit using inode locking technique.
📕DirtyCred: Escalating Privilege in Linux Kernel
🔖Blog posts:
DirtyCred Remastered: how to turn an UAF into Privilege Escalation
CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
📕DirtyCred: Escalating Privilege in Linux Kernel
🔖Blog posts:
DirtyCred Remastered: how to turn an UAF into Privilege Escalation
CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
💥Home Grown Red Team: Let’s Make Some Malware In C:
Part 3
This post is going to be all about the dll!
Part 3
This post is going to be all about the dll!
💥OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.
After initial access via this new exploit method, the threat actor leveraged legitimate Plink and AnyDesk executables to maintain access, and performed anti-forensics techniques on the Microsoft Exchange server in an attempt to hide their activity.
CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.
After initial access via this new exploit method, the threat actor leveraged legitimate Plink and AnyDesk executables to maintain access, and performed anti-forensics techniques on the Microsoft Exchange server in an attempt to hide their activity.
#Analytics
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Google
Countering threats from North Korea
On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609.
#Blue_Team_Techniques
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
GitHub
GitHub - certsocietegenerale/IRM: Incident Response Methodologies 2022
Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
#Offensive_security
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
GitHub
GitHub - mgeeky/msidump: MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data…
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. - mgeeky/msidump
#Threat_Research
#Cloud_Security
1. Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
2. Elastic IP Hijacking - A New Attack Vector in AWS
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
#Cloud_Security
1. Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
2. Elastic IP Hijacking - A New Attack Vector in AWS
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
#exploit
1. CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521:
Remote DoS in Linux kernel WILC1000 wireless driver
https://securitylab.github.com/advisories/GHSL-2022-112_GHSL-2022-115_wilc1000
2. CVE-2022-2602:
io_uring kernel exploit
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
3. Directory Traversal Vulnerability in Huawei HG255s Products
https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015
1. CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521:
Remote DoS in Linux kernel WILC1000 wireless driver
https://securitylab.github.com/advisories/GHSL-2022-112_GHSL-2022-115_wilc1000
2. CVE-2022-2602:
io_uring kernel exploit
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit
3. Directory Traversal Vulnerability in Huawei HG255s Products
https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015
GitHub Security Lab
GHSL-2022-112_GHSL-2022-115: Remote denial of service in Linux kernel WILC1000 wireless driver - CVE-2022-47518, CVE-2022-47519…
Multiple vulnerabilities in the Linux kernel Microchip WILC1000 802.11 wireless driver can allow remote and local attackers to trigger a denial of service when parsing management frames.
#Offensive_security
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
#Threat_Research
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
1. Analysis of the First Critical Vulnerability of Aptos Move VM
https://medium.com/numen-cyber-labs/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e
2. OWASSRF - New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations
Medium
Analysis of the First Critical 0-Day Vulnerability of Aptos Move VM
An Analysis on a Critical Aptos vulnerability discovered by Numen Cyber Technology