CVE-2023-49070/51467 - Attacking & Defending Apache OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2023-36003 (Windows LPE XAML diagnostics API)
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
🔥4
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
Horizon3.ai
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this…
🔥2
CVE-2023-7028: Gitlab Account Takeover via Password Reset
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
GitHub
GitHub - RandomRobbieBF/CVE-2023-7028: CVE-2023-7028
CVE-2023-7028. Contribute to RandomRobbieBF/CVE-2023-7028 development by creating an account on GitHub.
👍3🔥1
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
Medium
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
In this write-up, I want to discuss my research on tRPC. Initially, we will review the concepts of tRPC before proceeding to analyse the…
🔥1
How to retrive all information about Windows Extended Rights via LDAP
https://github.com/YuryStrozhevsky/extendedRights
https://github.com/YuryStrozhevsky/extendedRights
GitHub
GitHub - YuryStrozhevsky/extendedRights: How to retrive all information about Windows Extended Rights via LDAP
How to retrive all information about Windows Extended Rights via LDAP - YuryStrozhevsky/extendedRights
🔥2
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Varonis
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.
🔥4
CVE-2024-0517: Google Chrome V8 Out-of-Bounds Write Code Execution
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
Exodus Intelligence
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in a Chrome update on 16 January 2024 and assigned CVE-2024…
🔥1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing - Mobile Hacker
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
🔥3
An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
🔥2
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
GitHub
GitHub - horizon3ai/CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Authentication Bypass in GoAnywhere MFT. Contribute to horizon3ai/CVE-2024-0204 development by creating an account on GitHub.
🔥2
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)
https://github.com/Nassim-Asrir/ZDI-24-020/
https://github.com/Nassim-Asrir/ZDI-24-020/
GitHub
GitHub - zerozenxlabs/ZDI-24-020
Contribute to zerozenxlabs/ZDI-24-020 development by creating an account on GitHub.
🔥2
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
https://blog.stmcyber.com/pax-pos-cves-2023/
https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
Windows CLFS Driver Privilege Escalation
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research: https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit: https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research: https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit: https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
Coresecurity
Analysis of CVE-2023-28252 CLFS Vulnerability | Core Security
The CVE-2023-28252 vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. This blog will provide a detailed analysis and proof of concept for…
👍1
How to detect android malware using Random Forest Classifier and explain it use linearsvc
https://github.com/liansecurityOS/android-malware-detection
https://github.com/liansecurityOS/android-malware-detection
GitHub
GitHub - liansecurityOS/android-malware-detection: This is a opensource repo about how to detect android malware using Random Forest…
This is a opensource repo about how to detect android malware using Random Forest Classifier and explain it use linearsvc. - liansecurityOS/android-malware-detection
🔥3
How to protect Evilginx using Cloudflare and HTML Obfuscation
https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
Jack Button
How to protect Evilginx using Cloudflare and HTML Obfuscation
Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social…
🔥2
ThievingFox - Remotely retrieving credentials from password managers and Windows utilities
https://blog.slowerzs.net/posts/thievingfox/
https://github.com/Slowerzs/ThievingFox/
https://blog.slowerzs.net/posts/thievingfox/
https://github.com/Slowerzs/ThievingFox/
Slowerzs' blog
ThievingFox - Remotely retrieving credentials from password managers and Windows utilities
🔥3
Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)
https://github.com/EvilGreys/Disable-Windows-Defender-
https://github.com/EvilGreys/Disable-Windows-Defender-
🔥4❤🔥1👎1