CVE-2023-0871, an XML external entity injection vulnerability in OpenNMS Horizon
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
Synopsys
OpenNMS Horizon CVE-2023-0871: XML Injection Vulnerability | Synopsys Blog
Explore in-depth coverage of the XML External Entity injection vulnerability (CVE-2023-0871) found in OpenNMS Horizon. Stay informed with our CyRC advisory.
๐1
Reconnaissance Tools | Part 1 | TryHackMe Red Team Recon
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This was part of TryHackMe Red team pathway.
Video is here
Writeup is here
๐ฃMotasemHa
๐@malwr
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This was part of TryHackMe Red team pathway.
Video is here
Writeup is here
๐ฃMotasemHa
๐@malwr
YouTube
Reconnaissance Tools | Part 1 | TryHackMe Red Team Recon
In this video walk-through, we covered the first part of passive and active reconnaissance basics and tools. We covered DNS reconnaissance using tools such as dig, whois, nslookup in addition to online tools such as threat intelligence platforms. This wasโฆ
How do you get a debit/credit card without linking it to you?
For Ops Sec purposes:
- how will you get a debit/credit card or whatsoever that you can use to pay for AWS etc without having it traced back to you?
P.S.: Legal methods only please. Please donโt suggest buying off credit card details from dumps etc.
๐ฃHuang_Hua
The way youโre asking this question is most certainly for nefarious based purposes. Most threat actors will use compromised aws accounts or buy cc dumps.
๐คAstroBoy1337
If you are doing legal and authorized testing, this is not necessary. As others have suggested, it is actually better to identify yourself to these services so they know that you aren't a real threat actor - otherwise, they suspend your account, you have bigger problems. They will be more likely to reach out if you information is legit and verifiable. I even use a +pentest alias in my contact email address.
For sketchier services (like residential proxy providers, in my experience) you can use something like Privacy.com, or use crypto if they accept it. The circumstances where you have to consider a service provider in your threat model as an authorized res teamer is few and far between.
๐คDoctorGasbag
Buy a cash card from Walmart or Le Target Boutique (Target). You hand them cash, they will activate it there, and you can use that for subsequent online transactions executed over a VPN. Those don't work with Azure but *shrugs* there are plenty of other providers that they do work with. I haven't tried them with AWS.
๐คCellUpper5067
๐@malwr
For Ops Sec purposes:
- how will you get a debit/credit card or whatsoever that you can use to pay for AWS etc without having it traced back to you?
P.S.: Legal methods only please. Please donโt suggest buying off credit card details from dumps etc.
๐ฃHuang_Hua
The way youโre asking this question is most certainly for nefarious based purposes. Most threat actors will use compromised aws accounts or buy cc dumps.
๐คAstroBoy1337
If you are doing legal and authorized testing, this is not necessary. As others have suggested, it is actually better to identify yourself to these services so they know that you aren't a real threat actor - otherwise, they suspend your account, you have bigger problems. They will be more likely to reach out if you information is legit and verifiable. I even use a +pentest alias in my contact email address.
For sketchier services (like residential proxy providers, in my experience) you can use something like Privacy.com, or use crypto if they accept it. The circumstances where you have to consider a service provider in your threat model as an authorized res teamer is few and far between.
๐คDoctorGasbag
Buy a cash card from Walmart or Le Target Boutique (Target). You hand them cash, they will activate it there, and you can use that for subsequent online transactions executed over a VPN. Those don't work with Azure but *shrugs* there are plenty of other providers that they do work with. I haven't tried them with AWS.
๐คCellUpper5067
๐@malwr
Reddit
From the redteamsec community on Reddit
Explore this post and more from the redteamsec community
๐4
New ways to inject system CA certificates in Android 14
๐ฃpimterry
Been using this the last couple days. Loved the ingenuity to it
๐คtysear
This is an update to a previous post from a couple of weeks back, discussed quite a bit in this sub over here: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
๐คpimterry
๐@malwr
๐ฃpimterry
Been using this the last couple days. Loved the ingenuity to it
๐คtysear
This is an update to a previous post from a couple of weeks back, discussed quite a bit in this sub over here: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
๐คpimterry
๐@malwr
Httptoolkit
New ways to inject system CA certificates in Android 14
A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level CA certificates,...
Cisco buying Splunk
https://www.cnbc.com/2023/09/21/cisco-acquiring-splunk-for-157-a-share-in-cash.html
๐ฃNatural_Sherbert_391
๐@malwr
https://www.cnbc.com/2023/09/21/cisco-acquiring-splunk-for-157-a-share-in-cash.html
๐ฃNatural_Sherbert_391
๐@malwr
CNBC
Cisco makes largest ever acquisition, buying cybersecurity company Splunk for $28 billion in cash
Cisco said it was acquiring cybersecurity software company Splunk for $157 a share in a cash deal worth about $28 billion.
reverse engineering nrf51 firmware
I recently managed to extract the firmware from a nrf51822 chip over swd. The problem is, I am an absolute beginner to reverse engineering firmware, binwalk comes up blank, and other things I've tried, like firmware mod kit, have come up blank. I have also managed to open it in ghidra, but it doesn't seem to be quite right. I have found this git repository(https://github.com/DigitalSecurity/nrf5x-tools) that can help with reversing, and the scripts seem to be correctly identifying the firmware binary as from an nrf51822, but for actually reversing the firmware the script requires IDA pro's python api, which is not at all viable given its price. Is there any way to do something similar in ghidra or some other software?
๐ฃMatlex2
๐@malwr
I recently managed to extract the firmware from a nrf51822 chip over swd. The problem is, I am an absolute beginner to reverse engineering firmware, binwalk comes up blank, and other things I've tried, like firmware mod kit, have come up blank. I have also managed to open it in ghidra, but it doesn't seem to be quite right. I have found this git repository(https://github.com/DigitalSecurity/nrf5x-tools) that can help with reversing, and the scripts seem to be correctly identifying the firmware binary as from an nrf51822, but for actually reversing the firmware the script requires IDA pro's python api, which is not at all viable given its price. Is there any way to do something similar in ghidra or some other software?
๐ฃMatlex2
๐@malwr
GitHub
GitHub - DigitalSecurity/nrf5x-tools: Nordic Semiconductor nRF5x series disassembly tools
Nordic Semiconductor nRF5x series disassembly tools - DigitalSecurity/nrf5x-tools
Binary Ninja 3.5 (Coruscant) released: mod/div deoptimization, UEFI support, auto variable naming, and more
๐ฃPsifertex
Coruscant? Uh, that doesnโt compute.
๐คlannibal_hecter
Binary Ninja is god tier.
๐คSoggy_Dingo_2767
๐@malwr
๐ฃPsifertex
Coruscant? Uh, that doesnโt compute.
๐คlannibal_hecter
Binary Ninja is god tier.
๐คSoggy_Dingo_2767
๐@malwr
Binary Ninja
Binary Ninja - 3.5: Expanded Universe
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Reverse engineering natively-compiled .NET apps
๐ฃatomlib_com
Yeah
๐คOther_Ad8905
No surprises hereโฆI donโt think MS has come up with a way to handle runtime type instantiation on reflected/non-static types. unity, with il2cpp, allows you to declare types, methods, classes, whatever in a config file so you ensure they are there even if they arenโt specified in the ast directly.
๐คtnavda
๐@malwr
๐ฃatomlib_com
Yeah
๐คOther_Ad8905
No surprises hereโฆI donโt think MS has come up with a way to handle runtime type instantiation on reflected/non-static types. unity, with il2cpp, allows you to declare types, methods, classes, whatever in a config file so you ensure they are there even if they arenโt specified in the ast directly.
๐คtnavda
๐@malwr
Michal's low level corner
Reverse engineering natively-compiled .NET apps
Digging into internals of apps built with native AOT.
CVE-2023-36844 | PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
AttackerKB
CVE-2023-36844 | AttackerKB
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to contโฆ
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
๐ฃnareksays
๐@malwr
๐ฃnareksays
๐@malwr
Group-IB
Itโs a trap: Detecting a cryptominer on a popular website using Group-IB MXDR
Group-IB analysts discovered and analyzed a cryptojacking campaign on a popular educational resource using Group-IB Managed XDR.
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
๐ฃziyahanalbeniz
๐@malwr
๐ฃziyahanalbeniz
๐@malwr
SOCRadarยฎ Cyber Intelligence Inc.
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
In a regular threat and vulnerability hunting activity, SOCRadar has discovered during their research that thousands of DICOM servers were...
Malware News pinned ยซโ
โ
โ
Share posts with your friends and other groups โ
โ
โ
ยป