■ Historic picture. Jewish refugees sailing to Palestine.

■ The placard says: "The Germans have annihilated our families, don't annihilate our last hope"...

■ The Palestinians didn't even think about how that would end for them...

■ Follow @UkraineHumanRightsAbuses

☠️Cache poisoning in Drupal core

According to the CVE-2023-5256 disclosure, you can cache admin session cookies by causing a 4xx response when visiting a crafted URL in JSON:API.

You can lure an admin using a link, steal his session cookies and gain administrative access to the website. In this way, an attacker can completely compromise the confidentiality, integrity and availability of the website.

PoC

/jsonapi/user/user?filter[a-labex][condition][path]=cachingyourcookie

#web #cve #cache #drupal

Extreme Privacy: Mobile Devices - Digital Edition (2023)

Version : 2023.06.18

Info : https://inteltechniques.com/book7a.html

@hackingbra

🛡️ Awesome EDR Bypass Resources For Ethical Hacking ⚔️

EDR bypass technology is not just for attackers. Many malware now have EDR bypass capabilities, knowledge that pentesters and incident responders should also be aware of. This repository is not intended to be used to escalate attacks. Use it for ethical hacking.

https://github.com/tkmru/awesome-edr-bypass

CVE-2023-22515 Exploit Script🔐

This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances.

The script will provide information about the exploitation process, such as whether the vulnerability was successfully triggered, whether a new administrator was created, and whether authentication was successful.

https://github.com/Chocapikk/CVE-2023-22515

🥔 Coerced Potato

New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.

⚙️ Tool:
https://github.com/hackvens/CoercedPotato

📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html

CVE-2023-36723 Windows Container Manager Service Elevation of Privilege Vulnerability.

An attacker can abuse this vulnerability to execute code in process that is running with SYSTEM privileges by abusing SxS assembly loading.

@hackingbra

Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

POC: https://github.com/leesh3288/CVE-2023-4911

MS Office 365 Word - XSS
https://blog.pksecurity.io/2023/10/04/microsoft-office.html

MS Windows 11 apds.dll DLL Hijacking
https://packetstormsecurity.com/files/175006/Microsoft-Windows-11-apds.dll-DLL-Hijacking.html

CVE-2023-22515 : Broken Access Control Vulnerability in Confluence Data Center and Server

#FOFA
Query: icon_hash="-305179312"
Query: app="ATLASSIAN-Confluence"

#SHODAN
Query: http.favicon.hash:-305179312

#HUNTER.HOW
Query: product.name="Confluence"

1. CVE-2023-26369:
Adobe PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html

2. CVE-2023-2729:
Synology NAS DSM Account Takeover
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure

3. CVE-2021-44168:
Download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS <7.0.3
https://github.com/0xhaggis/CVE-2021-44168

Stealth redirector for red team operation security
https://github.com/D00Movenok/BounceBack


Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft

CVE-2023-36745: Microsoft Exchange Server RCE
#CVE-2023-36745

https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/

PoC: https://github.com/N1k0la-T/CVE-2023-36745

#CVE-2023-46747-#RCE

https://github.com/W01fh4cker/CVE-2023-46747-RCE

VirusTotal é subsidiária da Chronicle Security, que é uma empresa do Google. Jamais sejam tão idiotas ao ponto de escrever seus malwares e uparem lá para testes de detecção. Todas essas informações de malwares são vendidas para empresas de AV, EDR, IDS e etc.

[EN]

VirusTotal is a subsidiary of Chronicle Security, which is a Google company. Never be so stupid as to write your malware and upload it there for detection tests. All this malware information is sold to AV, EDR, IDS companies.

Em breve farei upload de mais materiais, essas ultimas semanas meu tempo foi muito ocupado.