Pentester

Fortinet RCE (CVE-2022-40684)

Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.

Shodan Dork:
product:"Fortinet FortiGate"

Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/

PoC:
https://github.com/horizon3ai/CVE-2022-40684

Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/

Horizon3.ai

FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)

Fortinet recently patched a critical authentication bypass vulnerability that gives an attacker the ability to login as an administrator,

👍3

696 views19:56

Pentester

Cobaltstrike client android
https://github.com/linshaoSec/csdroid

GitHub

GitHub - linshaoSec/csdroid: cs手机版的源码，此处不放源jar包，自行添加编译

cs手机版的源码，此处不放源jar包，自行添加编译. Contribute to linshaoSec/csdroid development by creating an account on GitHub.

618 views15:22

Pentester

RedEye is a visual analytic tool supporting Red & Blue Team operations
https://github.com/cisagov/RedEye/

https://youtu.be/b_ARIVl4BkQ

GitHub

GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations

RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye

711 views15:24

Pentester

Chopper payload smuggling
https://ired.dev/discussion/13/chopper-payload-smuggling

https://github.com/0xsp-SRD/0xsp.com/tree/main/chopper

732 views06:37

Pentester

Fantastic Rootkits: And Where To Find Them
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Repo: https://github.com/cyberark/malware-research/tree/master/FantasticRootkits

Cyberark

Fantastic Rootkits: And Where to Find Them (Part 1)

Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...

663 views14:55

Pentester

Reverse Shell using Powershell and Small Library for Post-Exploitation, currently undetected by Windows Defender

https://github.com/ItsCyberAli/PowerMeUp

651 views12:36

Pentester

SMBleedingGhost Writeup
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce

616 viewsedited 03:35

Pentester

CVE-2022-31678:
Pre-authenticated RCE in VMWare NSX Manager
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticate

566 views05:28

Pentester

The Anatomy of Wiper Malware
Part 1 - Common Techniques:
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1
Part 2 - Third-Party Drivers
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2
Part 3 - Input/Output Controls
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3
Part 4 - Less Common "Helper" Techniques
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-4

👍1

633 views05:29

Pentester

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973

Qualys

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) | Qualys

The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for…

630 views20:18

Pentester

Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps) Chromium browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox browsers (db files, cookies, history, bookmarks) IE/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID)
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022

👍1

566 views04:26

Pentester

Nginx Security Tools:
1. A tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
2. A tool to discover Nginx alias traversal misconfiguration
https://github.com/shibli2700/Kyubi

GitHub

GitHub - stark0de/nginxpwner: Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. - stark0de/nginxpwner

624 views04:27

Pentester

Follina Exploit Leads to Domain Compromise
https://thedfirreport.com/2022/10/31/follina-exploit-leads-to-domain-compromise/

The DFIR Report

Follina Exploit Leads to Domain Compromise

In early June 2022, we observed an intrusion where a threat actor gained initial access by exploiting the CVE-2022-30190 (Follina) vulnerability which triggered a Qbot infection chain.

577 views04:47

Pentester

Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities