CVE-2022-40140, CVE-2022-41082:
"ProxyNotShell"
https://github.com/L34ked/CVE-2022-41208
proxynotshell_checker.nse
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
"ProxyNotShell"
https://github.com/L34ked/CVE-2022-41208
proxynotshell_checker.nse
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
👍1
CVE-2022-40684:
Critical Authentication Bypass in FortiOS and FortiProxy
https://github.com/dickson0day/CVE-2022-40684
Critical Authentication Bypass in FortiOS and FortiProxy
https://github.com/dickson0day/CVE-2022-40684
👎2
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
https://github.com/Dec0ne/ShadowSpray
GitHub
GitHub - Dec0ne/ShadowSpray: A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten Gen…
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. - Dec0ne/ShadowSpray
Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
tbhaxor's Blog
Pivoting Over TTLS-PAP WPA Enterprise Networks
In this post, you will learn how to obtain wifi credentials for a TTLS-PAP enterprise network, connect to the network, and access LAN resources.
Fortinet RCE (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
Horizon3.ai
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability that gives an attacker the ability to login as an administrator,
👍3
RedEye is a visual analytic tool supporting Red & Blue Team operations
https://github.com/cisagov/RedEye/
https://youtu.be/b_ARIVl4BkQ
https://github.com/cisagov/RedEye/
https://youtu.be/b_ARIVl4BkQ
GitHub
GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations
RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye
Fantastic Rootkits: And Where To Find Them
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Repo: https://github.com/cyberark/malware-research/tree/master/FantasticRootkits
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Repo: https://github.com/cyberark/malware-research/tree/master/FantasticRootkits
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
Reverse Shell using Powershell and Small Library for Post-Exploitation, currently undetected by Windows Defender
https://github.com/ItsCyberAli/PowerMeUp
https://github.com/ItsCyberAli/PowerMeUp
SMBleedingGhost Writeup
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce
CVE-2022-31678:
Pre-authenticated RCE in VMWare NSX Manager
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticate
Pre-authenticated RCE in VMWare NSX Manager
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticate
The Anatomy of Wiper Malware
Part 1 - Common Techniques:
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1
Part 2 - Third-Party Drivers
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2
Part 3 - Input/Output Controls
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3
Part 4 - Less Common "Helper" Techniques
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-4
Part 1 - Common Techniques:
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1
Part 2 - Third-Party Drivers
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2
Part 3 - Input/Output Controls
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3
Part 4 - Less Common "Helper" Techniques
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-4
👍1
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973
https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973
Qualys
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) | Qualys
The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for…
Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps) Chromium browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox browsers (db files, cookies, history, bookmarks) IE/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID)
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
👍1
Nginx Security Tools:
1. A tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
2. A tool to discover Nginx alias traversal misconfiguration
https://github.com/shibli2700/Kyubi
1. A tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
2. A tool to discover Nginx alias traversal misconfiguration
https://github.com/shibli2700/Kyubi
GitHub
GitHub - stark0de/nginxpwner: Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. - stark0de/nginxpwner
Follina Exploit Leads to Domain Compromise
https://thedfirreport.com/2022/10/31/follina-exploit-leads-to-domain-compromise/
https://thedfirreport.com/2022/10/31/follina-exploit-leads-to-domain-compromise/
The DFIR Report
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploiting the CVE-2022-30190 (Follina) vulnerability which triggered a Qbot infection chain.
Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities
CVE-2021-39144:
#VMware Cloud Foundation #RCE vulnerability via XStream
https://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE
#VMware Cloud Foundation #RCE vulnerability via XStream
https://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE
CVE-2022-3236:
#Sophos Firewall User Portal and Web Admin #CodeInjection
https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection
#Sophos Firewall User Portal and Web Admin #CodeInjection
https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection
Zero Day Initiative
Zero Day Initiative — CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper…