#redteam
It seems you like RDP password, also client side ?
#redteam Mimikatz update
https://twitter.com/i/status/1398633925715636224
https://github.com/gentilkiwi/mimikatz/releases
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
It seems you like RDP password, also client side ?
#redteam Mimikatz update
https://twitter.com/i/status/1398633925715636224
https://github.com/gentilkiwi/mimikatz/releases
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Twitter
🥝 Benjamin Delpy
It seems you like RDP password, also client side ? > github.com/gentilkiwi/mim… Just released a #mimikatz supporting clients embedding 'mstscax.dll', like mRemoteNG, Remote Dekstop Manager, RDCMan, ... and all others RDP credentials as well as with the classic…
استفاده از VPN خوب هست ولی باید توجه داشت در صورت آسیب پذیری روی VPN یا لو رفتن پسورد یک کاربر شبکه حتما به خطر میافته
https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi
https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi
https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Canadian Centre for Cyber Security
Get quick, easy access to all Canadian Centre for Cyber Security services and information.
https://thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html
https://positive.security/blog/hacking-linux-marketplaces
***For users of any of the mentioned Pling-based marketplaces, we recommend the following:
1)Do not run the PlingStore Electron application (best, remove the AppImage) until the RCE is fixed
2)Be aware that any listing on appimagehub.com/store.kde.org/gnome-look.org/xfce-look.org/pling.com could hijack your account on the platform via XSS and any of the downloadable assets might be compromised (best, log out of your account and do not use the websites until the issues have been fixed)
کشف آسیب پذیری stored XSS و RCE که روی PLING توسط positive sec
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d0fd32558a10ac4a461932_pling_new_listing.png
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11669d91f9d5a6c93f93a_pling_xss.png
RCE
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11c6988d3736d6d4c281b_gnomelook_PlingStore.png
https://uploads-ssl.webflow.com/5f6498c074436c50c016e745/60d0a8dd9019016a68c8c867_websocket_poc-transcode.mp4
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://positive.security/blog/hacking-linux-marketplaces
***For users of any of the mentioned Pling-based marketplaces, we recommend the following:
1)Do not run the PlingStore Electron application (best, remove the AppImage) until the RCE is fixed
2)Be aware that any listing on appimagehub.com/store.kde.org/gnome-look.org/xfce-look.org/pling.com could hijack your account on the platform via XSS and any of the downloadable assets might be compromised (best, log out of your account and do not use the websites until the issues have been fixed)
کشف آسیب پذیری stored XSS و RCE که روی PLING توسط positive sec
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d0fd32558a10ac4a461932_pling_new_listing.png
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11669d91f9d5a6c93f93a_pling_xss.png
RCE
https://uploads-ssl.webflow.com/5f6498c074436c349716e747/60d11c6988d3736d6d4c281b_gnomelook_PlingStore.png
https://uploads-ssl.webflow.com/5f6498c074436c50c016e745/60d0a8dd9019016a68c8c867_websocket_poc-transcode.mp4
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks
Unpatched Critical Flaw Affects Pling Store App for Linux Themes and Icons
#SecurityTips
https://github.com/hackerscrolls/SecurityTips
https://github.com/hackerscrolls/SecurityTips/blob/master/MindMaps/File_upload_bugs.xmind
#bypassuploader
https://github.com/barrracud4/image-upload-exploits
https://book.hacktricks.xyz/pentesting-web/file-upload
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://github.com/hackerscrolls/SecurityTips
https://github.com/hackerscrolls/SecurityTips/blob/master/MindMaps/File_upload_bugs.xmind
#bypassuploader
https://github.com/barrracud4/image-upload-exploits
https://book.hacktricks.xyz/pentesting-web/file-upload
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
GitHub - hackerscrolls/SecurityTips
Contribute to hackerscrolls/SecurityTips development by creating an account on GitHub.
Mirage 1.2 is released, with a lot of new experimental features :) It supports InjectaBLE attacks, HackRF One, Sniffle (1.5) and a new Logitech Unifying MiTM attack. As usual, the tool is available here: github.com/RCayre/mirage
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
GitHub - RCayre/mirage: Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications.
Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications. - GitHub - RCayre/mirage: Mirage is a powerful and modular framework dedicated to the sec...
Google , Shodan , Github dorking
https://infosecwriteups.com/dorking-for-bug-bounties-d81cc857b2c8
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://infosecwriteups.com/dorking-for-bug-bounties-d81cc857b2c8
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Medium
Dorking for Bug Bounties
Introduction: My name is Kabir Suda alias MR-SINISTER, mrsinister1501 or mrsinister15 and welcome to my third blog. This is about different…
SoheilSec
NSA Funds Development , Release of D3FEND https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/ 🌐 Peneter BLog 🔊 Clubhouse 🔊 Telegram Channel
Playing with MITRE for SIEM Detection Rules
https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/
#blueteam
$SIEM
#mitre
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/
#blueteam
$SIEM
#mitre
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Linkedin
Archan Choudhury on LinkedIn: #blackperl #usecases #mitreattack | 61 comments
⏳ Playing with MITRE for SIEM Detection Rules ⏳
I often get the question how to use MITRE to build the SIEM Detection Rules and all theory lectures are... 61 comments on LinkedIn
I often get the question how to use MITRE to build the SIEM Detection Rules and all theory lectures are... 61 comments on LinkedIn
Ghidra 10 final was just released :)
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
آشنایی با ghidra از زبان توسعه دهندگان آن ها و چیشد که این ابزار NSA را عمومی کردند ! و توضیح در مورد اینکه شیوه نگرش NSA نسبت به عمومی کردن ابزارهای دیگه به چه صورت هست در کنفرانس #blackhat
https://www.youtube.com/watch?v=kx2xp7IQNSc
منابع آموزشی کار با
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questionsghidra
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
آنالیز Firmware کار تو حوزه Embedded devices
https://chdk.fandom.com/wiki/Firmware_analysis_with_Ghidra
https://github.com/ghidraninja
مثال های زیادی در مورد آنالیز ransomware ها استریم کرده
https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
https://www.youtube.com/watch?v=d4Pgi5XML8E
https://www.youtube.com/watch?v=tH9A2zVIzKI
#ghidra #reverseengineering
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
آشنایی با ghidra از زبان توسعه دهندگان آن ها و چیشد که این ابزار NSA را عمومی کردند ! و توضیح در مورد اینکه شیوه نگرش NSA نسبت به عمومی کردن ابزارهای دیگه به چه صورت هست در کنفرانس #blackhat
https://www.youtube.com/watch?v=kx2xp7IQNSc
منابع آموزشی کار با
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questionsghidra
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
آنالیز Firmware کار تو حوزه Embedded devices
https://chdk.fandom.com/wiki/Firmware_analysis_with_Ghidra
https://github.com/ghidraninja
مثال های زیادی در مورد آنالیز ransomware ها استریم کرده
https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
https://www.youtube.com/watch?v=d4Pgi5XML8E
https://www.youtube.com/watch?v=tH9A2zVIzKI
#ghidra #reverseengineering
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
Release Ghidra 10.0 · NationalSecurityAgency/ghidra
WARNING: Contains log4j vulnerability
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
Bypassing AppLocker Custom Rules
Applocker is becoming one of the most implemented security features in big organizations.
اپلاکر یکی از ابزارهای خوب مایکروسافت برای جلوگیری از نصب شدن و ران شدن ابزارهای مخرب (نفوذ) هست.
https://blog.pwn.al/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
#Applocker
#bypass
#bypassApplocker
#microsoftsecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Applocker is becoming one of the most implemented security features in big organizations.
اپلاکر یکی از ابزارهای خوب مایکروسافت برای جلوگیری از نصب شدن و ران شدن ابزارهای مخرب (نفوذ) هست.
https://blog.pwn.al/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
#Applocker
#bypass
#bypassApplocker
#microsoftsecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
0x09AL Security blog
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically especially for workstations. Unfortunately for the blue-team, there are a lot of custom configurations…
SoheilSec
استفاده از VPN خوب هست ولی باید توجه داشت در صورت آسیب پذیری روی VPN یا لو رفتن پسورد یک کاربر شبکه حتما به خطر میافته https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi https://thehackernews.com/2021/06/north-korea-exploited…
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.
#Zyxel
#VPN
#attacksurface
#cybersecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.
#Zyxel
#VPN
#attacksurface
#cybersecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
استفاده از ماینرها دقیقا بعد از افشای سری اکسپلویت های #NSA توسط تیم #shadowbroker بود حالا اینکه این تیم جزوی از دولت چین هست و شواهد حاکی بر این بوده که قبل از افشا 1 سال قبلش از اکسپلویت ها روی یک سری تارگت کار میکردند نداریم.
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
ولی جالبیش اینکه از سال 2016 که مصادف با افشای اطلاعات #edwardsnowden بوده هکر ها برای کسب در امد سرورهای اصطلاحا بی صاحب رو هک میکردند و روش ماینر نصب میکردند یک مدت هم ترند بود که اتوماینر میفروختند و تو همین ایران هم استفاده می شد #autominer
https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
ولی شیوه ای که تیم چینی استفاده کرده برای ماین کردن بیش از 2 میلیون دلار واقعا جذابه !
حالا اومدن چی کار کردن اومدن Windows Defender طراحی کردند جایگزین کردن به عنوان سرویس تو ویندوز جدا از خلاف بودن ذهن خلاقی دارند هکرهای چینی
https://www.pcrisk.com/removal-guides/15093-msascuil-exe-virus
علاوه بر ماین کردن در سرورها در سرتاسر دنیا اطلاعات بانکی پسوردها رو سرقت میکردند و اینطوری تعداد زیادی VPS برای ماین به دامنه کاریشون اضافه می شده.
https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html
"Crackonosh shows the risks in downloading cracked software," Avast security researcher Daniel Beneš said. "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."
لطفا #splunk #kerio کرک شده نصب نکنید !
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
ولی جالبیش اینکه از سال 2016 که مصادف با افشای اطلاعات #edwardsnowden بوده هکر ها برای کسب در امد سرورهای اصطلاحا بی صاحب رو هک میکردند و روش ماینر نصب میکردند یک مدت هم ترند بود که اتوماینر میفروختند و تو همین ایران هم استفاده می شد #autominer
https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
ولی شیوه ای که تیم چینی استفاده کرده برای ماین کردن بیش از 2 میلیون دلار واقعا جذابه !
حالا اومدن چی کار کردن اومدن Windows Defender طراحی کردند جایگزین کردن به عنوان سرویس تو ویندوز جدا از خلاف بودن ذهن خلاقی دارند هکرهای چینی
https://www.pcrisk.com/removal-guides/15093-msascuil-exe-virus
علاوه بر ماین کردن در سرورها در سرتاسر دنیا اطلاعات بانکی پسوردها رو سرقت میکردند و اینطوری تعداد زیادی VPS برای ماین به دامنه کاریشون اضافه می شده.
https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html
"Crackonosh shows the risks in downloading cracked software," Avast security researcher Daniel Beneš said. "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."
لطفا #splunk #kerio کرک شده نصب نکنید !
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Gist
Curated list of links describing the leaked Equation Group tools for Windows
Curated list of links describing the leaked Equation Group tools for Windows - EQgroup.md
With the shift in focus from CentOS project to CentOS Stream which will now serve as the upstream to RHEL, a few CentOS alternatives have been floated to replace CentOS 8.
EOL
https://wiki.centos.org/About/Product
گزینه های جایگزین
https://www.tecmint.com/migrate-from-centos-to-oracle-linux/
https://www.oracle.com/linux/technologies/oracle-linux-downloads.html
https://www.sonarqube.org/downloads/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
EOL
https://wiki.centos.org/About/Product
گزینه های جایگزین
https://www.tecmint.com/migrate-from-centos-to-oracle-linux/
https://www.oracle.com/linux/technologies/oracle-linux-downloads.html
https://www.sonarqube.org/downloads/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
کتاب هایی که دیشب در Clubhouse معرفی شده اند منابع بسیار خوبی هستند مخصوصا RTFM فقط کامندها و سوییچ های مورد نیاز در مراحل مختلف تست نفوذ به ریز گفته
#redTeam
#blueTeam
#RTFM
#BTFM
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
#redTeam
#blueTeam
#RTFM
#BTFM
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Peneter.com
Penetration Tester
SoheilSec
Playing with MITRE for SIEM Detection Rules https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/ #blueteam $SIEM #mitre 🌐 Peneter BLog 🔊 Clubhouse 🔊 Telegram Channel
What is Detection-Rule-Dump ?l
https://github.com/archanchoudhury/Detection-Rule-Dump
https://www.youtube.com/c/BlackPerl
#DFIR
#SIEM
#SOC
https://github.com/archanchoudhury/Detection-Rule-Dump
https://www.youtube.com/c/BlackPerl
#DFIR
#SIEM
#SOC
GitHub
GitHub - archanchoudhury/Detection-Rule-Dump: This is the One Stop place where you can several Detection Rules which can help you…
This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work. - archanchoudhury/Detection-Rule-Dump
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-asaftd-xss-multiple-FCB3vPZe.html
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited.
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software…
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software…
1)Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.
https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html
https://www.virustotal.com/gui/file/63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0/detection
https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
2)Social Engineering with Spam result will be ransomware entire network
https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
مهندسی اجتماعی چیست و روش های آن :
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/clubhouse-general-social-engineering-2-phishing/
https://blog.peneter.com/clubhouse-general-social-engineering-3-malware/
برای بررسی اینکه Domain در بلک لیست قرار دارد یا نه
https://powerdmarc.com/analyzer/
https://mxtoolbox.com/
3)SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
APT های این چند وقت اخیر
It's tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html
https://www.virustotal.com/gui/file/63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0/detection
https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
2)Social Engineering with Spam result will be ransomware entire network
https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
مهندسی اجتماعی چیست و روش های آن :
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/clubhouse-general-social-engineering-2-phishing/
https://blog.peneter.com/clubhouse-general-social-engineering-3-malware/
برای بررسی اینکه Domain در بلک لیست قرار دارد یا نه
https://powerdmarc.com/analyzer/
https://mxtoolbox.com/
3)SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
APT های این چند وقت اخیر
It's tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware
Hackers tricked Microsoft into digitally signing a malicious "Netfilter" driver linked to a Windows rootkit malware.