SMBleedingGhost Writeup
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce
Part 1 - Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/research/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost
Part 2 - Unauthenticated Memory Read - Preparing the Ground for an RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce
Part 3 - From Remote Read (SMBleed) to RCE
https://blog.zecops.com/research/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce
CVE-2022-31678:
Pre-authenticated RCE in VMWare NSX Manager
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticate
Pre-authenticated RCE in VMWare NSX Manager
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticate
The Anatomy of Wiper Malware
Part 1 - Common Techniques:
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1
Part 2 - Third-Party Drivers
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2
Part 3 - Input/Output Controls
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3
Part 4 - Less Common "Helper" Techniques
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-4
Part 1 - Common Techniques:
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1
Part 2 - Third-Party Drivers
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2
Part 3 - Input/Output Controls
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3
Part 4 - Less Common "Helper" Techniques
https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-4
π1
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973
https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973
Qualys
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) | Qualys
The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches forβ¦
Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps) Chromium browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox browsers (db files, cookies, history, bookmarks) IE/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID)
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022
π1
Nginx Security Tools:
1. A tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
2. A tool to discover Nginx alias traversal misconfiguration
https://github.com/shibli2700/Kyubi
1. A tool to look for common Nginx misconfigurations and vulnerabilities
https://github.com/stark0de/nginxpwner
2. A tool to discover Nginx alias traversal misconfiguration
https://github.com/shibli2700/Kyubi
GitHub
GitHub - stark0de/nginxpwner: Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. - stark0de/nginxpwner
Follina Exploit Leads to Domain Compromise
https://thedfirreport.com/2022/10/31/follina-exploit-leads-to-domain-compromise/
https://thedfirreport.com/2022/10/31/follina-exploit-leads-to-domain-compromise/
The DFIR Report
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploiting the CVE-2022-30190 (Follina) vulnerability which triggered a Qbot infection chain.
Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities
CVE-2021-39144:
#VMware Cloud Foundation #RCE vulnerability via XStream
https://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE
#VMware Cloud Foundation #RCE vulnerability via XStream
https://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE
CVE-2022-3236:
#Sophos Firewall User Portal and Web Admin #CodeInjection
https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection
#Sophos Firewall User Portal and Web Admin #CodeInjection
https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection
Zero Day Initiative
Zero Day Initiative β CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improperβ¦
MITRE ATT&CK version 12.0
Updates Techniques, Groups, and Software for Enterprise, Mobile, and ICS
https://attack.mitre.org/versions/v12
https://github.com/mitre/cti/releases/tag/ATT%26CK-v12.0
Updates Techniques, Groups, and Software for Enterprise, Mobile, and ICS
https://attack.mitre.org/versions/v12
https://github.com/mitre/cti/releases/tag/ATT%26CK-v12.0
GitHub
Release ATT&CK version 12.0 Β· mitre/cti
See release notes for the content changes here
See a summary of STIX data model changes here
See a summary of STIX data model changes here
π1
CVE && PoC SearchBot
Bot helps to keep up to date with new CVEs and search new POC's
https://t.me/pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
https://t.me/pocfather_bot
Telegram
π₯π CVE && PoC SearchBot
Bot helps to keep up to date with new CVEs and search new POC's
βοΈ @pocfather_contact
βοΈ @pocfather_contact
π4π₯1
This is a step-by-step guide to implementing a DevSecOps program for any size organization
#devsecops
https://github.com/6mile/DevSecOps-Playbook
#devsecops
https://github.com/6mile/DevSecOps-Playbook
GitHub
GitHub - 6mile/DevSecOps-Playbook: This is a step-by-step guide to implementing a DevSecOps program for any size organization
This is a step-by-step guide to implementing a DevSecOps program for any size organization - 6mile/DevSecOps-Playbook
π1
GCP Penetration Testing Notes
Part 1: https://0xd4y.com/2022/10/01/GCP-Penetration-Testing-Notes
Part 2: https://0xd4y.com/2022/10/24/GCP-Penetration-Testing-Notes-2
Part 1: https://0xd4y.com/2022/10/01/GCP-Penetration-Testing-Notes
Part 2: https://0xd4y.com/2022/10/24/GCP-Penetration-Testing-Notes-2
0Xd4Y
GCP Penetration Testing Notes
Notes I wrote while reading a blog post written about GCP penetration testing techniques and methodologies by Chris Moberly.
π4
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
https://breakdev.org/zip-motw-bug-analysis/
https://breakdev.org/zip-motw-bug-analysis/
BREAKDEV
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
π2
Pentesting AD Mindmap
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
π2
Chrome Browser Exploitation
Part 1 - Introduction to V8 and JavaScript Internals
https://jhalon.github.io/chrome-browser-exploitation-1
Part 2 - Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
https://jhalon.github.io/chrome-browser-exploitation-2
Part 1 - Introduction to V8 and JavaScript Internals
https://jhalon.github.io/chrome-browser-exploitation-1
Part 2 - Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
https://jhalon.github.io/chrome-browser-exploitation-2
Jack Hacks
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software applications are delivered to users via a web browser in the form of web applications. Pretty much everything you mightβ¦
Linux PrivEsc - Linux Kernel Exploits
https://medium.com/@tinopreter/linux-privesc-linux-kernel-exploits-87c61faec696
https://medium.com/@tinopreter/linux-privesc-linux-kernel-exploits-87c61faec696
Medium
Linux PrivEscβββLinux Kernel Exploits
Given that the kernel runs in the privileged kernel space, any vulnerability in the kernel that allows us to run arbitrary code in a β¦
π1π1