🥔 Coerced Potato

New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.

⚙️ Tool:
https://github.com/hackvens/CoercedPotato

📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html

CVE-2023-36723 Windows Container Manager Service Elevation of Privilege Vulnerability.

An attacker can abuse this vulnerability to execute code in process that is running with SYSTEM privileges by abusing SxS assembly loading.

@hackingbra

Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

POC: https://github.com/leesh3288/CVE-2023-4911

MS Office 365 Word - XSS
https://blog.pksecurity.io/2023/10/04/microsoft-office.html

MS Windows 11 apds.dll DLL Hijacking
https://packetstormsecurity.com/files/175006/Microsoft-Windows-11-apds.dll-DLL-Hijacking.html

CVE-2023-22515 : Broken Access Control Vulnerability in Confluence Data Center and Server

#FOFA
Query: icon_hash="-305179312"
Query: app="ATLASSIAN-Confluence"

#SHODAN
Query: http.favicon.hash:-305179312

#HUNTER.HOW
Query: product.name="Confluence"

1. CVE-2023-26369:
Adobe PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html

2. CVE-2023-2729:
Synology NAS DSM Account Takeover
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure

3. CVE-2021-44168:
Download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS <7.0.3
https://github.com/0xhaggis/CVE-2021-44168

Stealth redirector for red team operation security
https://github.com/D00Movenok/BounceBack


Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft

CVE-2023-36745: Microsoft Exchange Server RCE
#CVE-2023-36745

https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/

PoC: https://github.com/N1k0la-T/CVE-2023-36745

#CVE-2023-46747-#RCE

https://github.com/W01fh4cker/CVE-2023-46747-RCE

VirusTotal é subsidiária da Chronicle Security, que é uma empresa do Google. Jamais sejam tão idiotas ao ponto de escrever seus malwares e uparem lá para testes de detecção. Todas essas informações de malwares são vendidas para empresas de AV, EDR, IDS e etc.

[EN]

VirusTotal is a subsidiary of Chronicle Security, which is a Google company. Never be so stupid as to write your malware and upload it there for detection tests. All this malware information is sold to AV, EDR, IDS companies.

Em breve farei upload de mais materiais, essas ultimas semanas meu tempo foi muito ocupado.

Google: YouTube lento para todos que bloqueiam anúncios de publicidade

▶️Os usuários do Reddit descobriram que o Google fez alterações no código do YouTube, fazendo com que os vídeos da plataforma carregassem mais lentamente em navegadores com bloqueadores de anúncios ativos.

▶️O problema foi percebido pela primeira vez no Firefox, onde o YouTube começou a carregar 5 segundos mais lento que no Chrome.

▶️Os usuários da extensão uBlock Origin desenvolveram um filtro especial que permite contornar o carregamento lento de vídeos no YouTube.

#Google #YouTube #AdBlockers

Leaking ASCII Kernel Data

SLAM exploits unmasked gadgets to let a userland process leak arbitrary ASCII kernel data. In the demo below, we leak the root password hash within half a minute on a last-generation Ubuntu system, where we emulate the upcoming Intel LAM feature.

Code and data:
https://github.com/vusec/slam

Feliz ano novo! Tudo de melhor para nós. 🎉