JuicyPotato
https://github.com/antonioCoco/JuicyPotatoNG
research: https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/
https://github.com/antonioCoco/JuicyPotatoNG
research: https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/
GitHub
GitHub - antonioCoco/JuicyPotatoNG: Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System - GitHub - antonioCoco/JuicyPotatoNG: Another Windows Local Privilege Escalation from Service Account to System
Sacrificing Suspended Processes
https://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes
payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods:
https://github.com/optiv/Freeze
https://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes
payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods:
https://github.com/optiv/Freeze
Optiv
Sacrificing Suspended Processes
EDR hooking has become a major part of an adversary’s ability to successfully compromise an endpoint system. Hooking is a technique that alters the behavior of an application, allowing EDR tools to monitor the execution flow that occurs in a process, gather…
How To Attack Admin Panels Successfully
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Medium
How To Attack Admin Panels Successfully
Attacking Web Apps Admin Panels The Right Way
👍1🔥1
Merlin - cross-platform post-exploitation HTTP/2 Command & Control server/agent (Go)
https://github.com/Ne0nd0g/merlin
https://github.com/Ne0nd0g/merlin
GitHub
GitHub - Ne0nd0g/merlin: Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. - Ne0nd0g/merlin
Attacking Encrypted HTTP Communications
https://www.pentestpartners.com/security-blog/attacking-encrypted-http-communications
https://www.pentestpartners.com/security-blog/attacking-encrypted-http-communications
Pen Test Partners
Attacking Encrypted HTTP Communications | Pen Test Partners
TL;DR The Reolink RLC-520A PoE camera obfuscates its HTTP communication by encrypting the POST body data. This level of security does defend against opportunistic attackers but falls short when defending against persistent attackers. Introduction Different…
1. Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
2. Detection and Hardening within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
2. Detection and Hardening within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening
Google Cloud Blog
Malware Persistence Within ESXi Hypervisors | Malicious VIBs | Google Cloud Blog
Malware Persistence within ESXi Hypervisors. Learn how attackers use vSphere Installation Bundles ('VIBs") to install backdoors across ESXi hypervisors.
0-Day RCE on Microsoft Exchange Server
https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
gteltsc.vn
WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure
🔥2
CVE-2022-40140, CVE-2022-41082:
"ProxyNotShell"
https://github.com/L34ked/CVE-2022-41208
proxynotshell_checker.nse
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
"ProxyNotShell"
https://github.com/L34ked/CVE-2022-41208
proxynotshell_checker.nse
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
👍1
CVE-2022-40684:
Critical Authentication Bypass in FortiOS and FortiProxy
https://github.com/dickson0day/CVE-2022-40684
Critical Authentication Bypass in FortiOS and FortiProxy
https://github.com/dickson0day/CVE-2022-40684
👎2
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
https://github.com/Dec0ne/ShadowSpray
GitHub
GitHub - Dec0ne/ShadowSpray: A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten Gen…
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. - Dec0ne/ShadowSpray
Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
tbhaxor's Blog
Pivoting Over TTLS-PAP WPA Enterprise Networks
In this post, you will learn how to obtain wifi credentials for a TTLS-PAP enterprise network, connect to the network, and access LAN resources.
Fortinet RCE (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
Horizon3.ai
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability that gives an attacker the ability to login as an administrator,
👍3
RedEye is a visual analytic tool supporting Red & Blue Team operations
https://github.com/cisagov/RedEye/
https://youtu.be/b_ARIVl4BkQ
https://github.com/cisagov/RedEye/
https://youtu.be/b_ARIVl4BkQ
GitHub
GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations
RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye
Fantastic Rootkits: And Where To Find Them
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Repo: https://github.com/cyberark/malware-research/tree/master/FantasticRootkits
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Repo: https://github.com/cyberark/malware-research/tree/master/FantasticRootkits
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
Reverse Shell using Powershell and Small Library for Post-Exploitation, currently undetected by Windows Defender
https://github.com/ItsCyberAli/PowerMeUp
https://github.com/ItsCyberAli/PowerMeUp
SMBleedingGhost Writeup
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce