Scheduled Task Tampering
https://ipurple.team/2024/01/03/scheduled-task-tampering/
https://github.com/netero1010/GhostTask
https://ipurple.team/2024/01/03/scheduled-task-tampering/
https://github.com/netero1010/GhostTask
Purple Team
Scheduled Task Tampering
The HAFNIUM threat actor is using an unconventional method to tamper scheduled tasks in order to establish persistence via modification of registry keys in their malware called Tarrask. The benefit…
From Google Dorking to Unauthorized AWS Account Access and Account Takeover
https://medium.com/@ar_hawk/from-google-dorking-to-unauthorized-aws-account-access-and-account-takeover-89eb2b9d284f
https://medium.com/@ar_hawk/from-google-dorking-to-unauthorized-aws-account-access-and-account-takeover-89eb2b9d284f
Medium
From Google Dorking to Unauthorized AWS Account Access and Account Takeover
Ending 2023 with good note, I came up with another misconfiguration due to a parameter that leads to exposure of AWS credentials and access…
Bot helps to keep up to date with new CVEs and search new POC's
@pocfather_bot
@pocfather_bot
🔥3
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
https://github.com/MegaManSec/SSH-Snake
https://github.com/MegaManSec/SSH-Snake
GitHub
GitHub - MegaManSec/SSH-Snake: SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation…
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery. - MegaManSec/SSH-Snake
CVE-2023-49070/51467 - Attacking & Defending Apache OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2023-36003 (Windows LPE XAML diagnostics API)
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
🔥4
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
Horizon3.ai
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this…
🔥2
CVE-2023-7028: Gitlab Account Takeover via Password Reset
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
GitHub
GitHub - RandomRobbieBF/CVE-2023-7028: CVE-2023-7028
CVE-2023-7028. Contribute to RandomRobbieBF/CVE-2023-7028 development by creating an account on GitHub.
👍3🔥1
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
Medium
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
In this write-up, I want to discuss my research on tRPC. Initially, we will review the concepts of tRPC before proceeding to analyse the…
🔥1
How to retrive all information about Windows Extended Rights via LDAP
https://github.com/YuryStrozhevsky/extendedRights
https://github.com/YuryStrozhevsky/extendedRights
GitHub
GitHub - YuryStrozhevsky/extendedRights: How to retrive all information about Windows Extended Rights via LDAP
How to retrive all information about Windows Extended Rights via LDAP - YuryStrozhevsky/extendedRights
🔥2
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Varonis
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.
🔥4
CVE-2024-0517: Google Chrome V8 Out-of-Bounds Write Code Execution
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
Exodus Intelligence
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in a Chrome update on 16 January 2024 and assigned CVE-2024…
🔥1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing - Mobile Hacker
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
🔥3
An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
🔥2
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
GitHub
GitHub - horizon3ai/CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Authentication Bypass in GoAnywhere MFT. Contribute to horizon3ai/CVE-2024-0204 development by creating an account on GitHub.
🔥2
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)
https://github.com/Nassim-Asrir/ZDI-24-020/
https://github.com/Nassim-Asrir/ZDI-24-020/
GitHub
GitHub - zerozenxlabs/ZDI-24-020
Contribute to zerozenxlabs/ZDI-24-020 development by creating an account on GitHub.
🔥2