Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs.
https://github.com/deepinstinct/Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs.
https://github.com/deepinstinct/Dirty-Vanity
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
Routing_security.pdf
3.3 MB
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.
Folina, Shadow Credentials, and WSUS exploitation
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
https://0xdf.gitlab.io/2022/12/10/htb-outdated.html
0xdf hacks stuff
HTB: Outdated
Outdated has three steps that are all really interesting. First, I’ll exploit Folina by sending a link to an email address collected via recon over SMB. Then I’ll exploit shadow credentials to move laterally to the next user. Finally, I’ll exploit the Windows…
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer
OWASP Secure Code Review Guide
https://github.com/OWASP/www-project-code-review-guide
https://github.com/OWASP/www-project-code-review-guide
GitHub
GitHub - OWASP/www-project-code-review-guide: OWASP Code Review Guide Web Repository
OWASP Code Review Guide Web Repository. Contribute to OWASP/www-project-code-review-guide development by creating an account on GitHub.
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Juniper Networks
A Custom Python Backdoor for VMWare ESXi Servers
Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
https://opensourcesecurityindex.io
opensourcesecurityindex.io
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK
https://github.com/ax/apk.sh
https://github.com/ax/apk.sh
GitHub
GitHub - ax/apk.sh: Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding…
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh
BEE·bot - OSINT automation for hackers.
https://github.com/blacklanternsecurity/bbot
https://github.com/blacklanternsecurity/bbot
GitHub
GitHub - blacklanternsecurity/bbot: The recursive internet scanner for hackers. 🧡
The recursive internet scanner for hackers. 🧡. Contribute to blacklanternsecurity/bbot development by creating an account on GitHub.
👍1
Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
GitHub
GitHub - certsocietegenerale/IRM: Incident Response Methodologies 2022
Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
Cisco Talos Blog
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
CVE and PoC SearchBot - 0.5.0
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
🔥3
Evading Detection: A Beginner's Guide to Obfuscation - 2022
https://www.youtube.com/watch?v=wvKwk1wcXvM
https://www.youtube.com/watch?v=wvKwk1wcXvM
YouTube
Evading Detection: A Beginner's Guide to Obfuscation - 2022
Have you wanted to learn some more advanced Windows evasion techniques? Here is your chance to learn from the experts. This 2-hour long webinar will cover the basics of Windows Defenses such as Event and Script Block Logging, Anti-Malware Scan Interface (AMSI)…
#Conferences
TOP-20 Leading Cybersecurity Conferences in 2023:
1. IEEE S&P (July 3-7)
https://www.ieee-security.org/TC/EuroSP2023/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2023
3. USENIX Security (Aug. 9-11)
https://www.usenix.org/conference/usenixsecurity23
4. NDSS (27 Feb. - 03 Mar.)
https://www.internetsociety.org/events/ndss/2023
5. ESORICS (European Symposium on Research in Computer Security, Sept. 25-29)
https://www.esorics2023.org
6. Nullcon Berlin (March 9-10)
https://nullcon.net/berlin-2023
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 30-31)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2023-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2023Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH, Jan. 07-08)
https://conferenceindex.org/event/international-conference-on-cybersecurity-and-hacking-icch-2023-january-tokyo-jp
10. RSA Conference 2023 (Apr. 24-27)
https://www.rsaconference.com/usa
11. JSAC 2023 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2023 Cyber Security Training (Apr. 2-7)
https://www.sans.org/cyber-security-training-events/2023
13. IEEE Symposium on Security and Privacy (May 22-25)
https://sp2023.ieee-security.org
14. National Cyber Summit (Sep. 20-21)
https://www.nationalcybersummit.com
15. ACM WiSec 2023 (May 29 - June 1st)
https://wisec2023.surrey.ac.uk
16. Zer0Con (April, 2023)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 31 (Aug. 10-13)
https://defcon.org/html/defcon-31/dc-31-cfi.html
18. Black Hat
Spring Trainings (Mar. 13-16, 2023):
https://www.blackhat.com/tr-23
USA (Aug. 5-10, 2023): https://www.blackhat.com/upcoming.html#usa
Asia (May 9-12, 2023): https://www.blackhat.com/upcoming.html#asia
19. BSides SF 2023 (Apr.22-23)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, Jun.14-15)
https://www.fvv.um.si/eicc2023
TOP-20 Leading Cybersecurity Conferences in 2023:
1. IEEE S&P (July 3-7)
https://www.ieee-security.org/TC/EuroSP2023/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2023
3. USENIX Security (Aug. 9-11)
https://www.usenix.org/conference/usenixsecurity23
4. NDSS (27 Feb. - 03 Mar.)
https://www.internetsociety.org/events/ndss/2023
5. ESORICS (European Symposium on Research in Computer Security, Sept. 25-29)
https://www.esorics2023.org
6. Nullcon Berlin (March 9-10)
https://nullcon.net/berlin-2023
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 30-31)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2023-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2023Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH, Jan. 07-08)
https://conferenceindex.org/event/international-conference-on-cybersecurity-and-hacking-icch-2023-january-tokyo-jp
10. RSA Conference 2023 (Apr. 24-27)
https://www.rsaconference.com/usa
11. JSAC 2023 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2023 Cyber Security Training (Apr. 2-7)
https://www.sans.org/cyber-security-training-events/2023
13. IEEE Symposium on Security and Privacy (May 22-25)
https://sp2023.ieee-security.org
14. National Cyber Summit (Sep. 20-21)
https://www.nationalcybersummit.com
15. ACM WiSec 2023 (May 29 - June 1st)
https://wisec2023.surrey.ac.uk
16. Zer0Con (April, 2023)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 31 (Aug. 10-13)
https://defcon.org/html/defcon-31/dc-31-cfi.html
18. Black Hat
Spring Trainings (Mar. 13-16, 2023):
https://www.blackhat.com/tr-23
USA (Aug. 5-10, 2023): https://www.blackhat.com/upcoming.html#usa
Asia (May 9-12, 2023): https://www.blackhat.com/upcoming.html#asia
19. BSides SF 2023 (Apr.22-23)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, Jun.14-15)
https://www.fvv.um.si/eicc2023
ENISA
Cybersecurity Standardisation Conference 2023
European Standardisation in support of the EU cybersecurity legislation.
👍1
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
Trustwave
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | Trustwave
After Microsoft announced this year that macros from the Internet will be blocked by default in Office , many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware.
.NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
Gist
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript - DInjectQueuerAPC.cs
Writing Windows Kernel Drivers for Advanced Persistence
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
v3ded.github.io
Red Team Tactics: Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
Introduction This post, as indicated by the title, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...