rConfig 3.9.6 - Magic Hash Auth Bypass to RCE https://posts.slayerlabs.com/rconfig-vulns/
Slayer Labs – Cyber Range Platform
rConfig 3.9.6 - Magic Hash Auth Bypass to RCE
rConfig 3.9.6 chained exploits
Intigriti’s Flask Challenge Breakdown https://securitygoat.medium.com/intigritis-flask-challenge-breakdown-2c7053764b81
Medium
Intigriti’s Flask Challenge Breakdown
Let’s see what the dev’s have cooked up at Intigriti today! A damn vulnerable & broken Flask application. Let’s hack it for Fun & Learning!
Assembly.Lie – Using Transactional NTFS and API Hooking to Trick the CLR into Loading Your Code “From Disk” https://blog.redxorblue.com/2021/05/assemblylie-using-transactional-ntfs.html
Redxorblue
Assembly.Lie – Using Transactional NTFS and API Hooking to Trick the CLR into Loading Your Code “From Disk”
Introduction: Assembly.Load, a method that has been one of the primary reasons for the meteoric rise in offensive tooling written in C# ov...
A quick primer on Frida and Android Instrumentation https://paulsec.github.io/posts/frida-android-primer/
PaulSec's Blog
A quick primer on Frida and Android Instrumentation
Hi everyone!
Here is a pretty quick blog post on some Frida/Objection things I’ve been tinkering with.
I had this Android application which had premium features and wanted to understand how that mechanism worked and if it was robust enough. Let’s see what…
Here is a pretty quick blog post on some Frida/Objection things I’ve been tinkering with.
I had this Android application which had premium features and wanted to understand how that mechanism worked and if it was robust enough. Let’s see what…
CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities https://sick.codes/sick-2021-015/
Sick.Codes
CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results…
Title CVE-2021-29922 rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities. CVE ID CVE-2021-29922 CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H…
A collection of links related to VMware escape exploits https://github.com/xairy/vmware-exploitation
GitHub
GitHub - xairy/vmware-exploitation: A collection of links related to VMware escape exploits
A collection of links related to VMware escape exploits - xairy/vmware-exploitation
Windows’ PsSetLoadImageNotifyRoutine Callbacks – The Good, The Bad, and The Unclear (Part 1) https://www.fortinet.com/blog/threat-research/windows-pssetloadimagenotifyroutine-callbacks-the-good-the-bad
Fortinet Blog
Windows’ PsSetLoadImageNotifyRoutine Callbacks – The Good, The Bad, and The Unclear (Part 1)
Learn about an issue in the Windows kernel that could prevent you from identifying which modules have been loaded at runtime in part I of this blog series.…
BUG HUNTING METHODOLOGY FOR BEGINNERS https://infosecwriteups.com/bug-hunting-methodology-for-beginners-20b56f5e7d19
Medium
BUG HUNTING METHODOLOGY FOR BEGINNERS
In this write up I am going to describe the path I walked through the bug hunting from the beginner level. This write-up is purely for new…
How to secure a Windows RPC Server, and how not to https://www.tiraniddo.dev/2021/08/how-to-secure-windows-rpc-server-and.html
www.tiraniddo.dev
How to secure a Windows RPC Server, and how not to.
The PetitPotam technique is still fresh in people's minds. While it's not directly an exploit it's a useful step to get unauthenticated NTL...
Learning Linux Kernel Exploitation (1/3, check others in the post) https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
My cool site
Learning Linux Kernel Exploitation - Part 1
The first part of the series about learning Linux kernel exploitation through hxpCTF2020 kernel-rop: Setting up the environment and the simplest technique of ret2usr
A Bug's Life: CVE-2021-21225 https://tiszka.com/blog/CVE_2021_21225.html
Exploiting CVE-2021-21225 and disabling W^X https://tiszka.com/blog/CVE_2021_21225_exploit.html
Disabling Office Macros to Reduce Malware Infections https://research.nccgroup.com/2021/08/16/disabling-office-macros-to-reduce-malware-infections/
NCC Group Research Blog
Disabling Office Macros to Reduce Malware Infections
Category: Reduction/Prevention Overview Document macros have gone in and out of style since 1995 as a deployment method for malware. Netskope’s latest ‘Cloud and Threat Report: July 2021 Edit…
Check CopyOnDeletePE feature of SysMon, if enabled, it keeps a copy of any PE file being deleted https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#usage
Docs
Sysmon - Sysinternals
Monitors and reports key system activity via the Windows event log.
North Korean APT InkySquid Infects Victims Using Browser Exploits https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits
Volexity
North Korean APT InkySquid Infects Victims Using Browser Exploits
Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious […]
From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Zero Day Initiative
Zero Day Initiative — From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell!
In April 2021, Orange Tsai from DEVCORE Research Team demonstrated a remote code execution vulnerability in Microsoft Exchange during the Pwn2Own Vancouver 2021 contest. In doing so, he earned himself $200,000. Since then, he has disclosed several other…
Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082) https://medium.com/tenable-techblog/integer-overflow-to-rce-manageengine-asset-explorer-agent-cve-2021-20082-7e54cb2caad5
Medium
Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)
A couple months back, Chris Lyne and I had a look at ManageEngine ServiceDesk Plus. This product consists of a server / agent model in…
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2 https://research.nccgroup.com/2021/08/17/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-2/
CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains https://sick.codes/sick-2021-109/
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
CVE-2021-22929 - Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware…
Title CVE-2021-22929 Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log CVE ID CVE-2021-22929 CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N…
Accellion Kiteworks Vulnerabilities https://insomniasec.com/blog/accellion-kiteworks
Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223 https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
Atredis Partners
Sophos UTM Preauth RCE: A Deep Dive into CVE-2020-25223 — Atredis Partners
Note: Sophos fixed this issue in September 2020. Information about patch availability is in their security advisory .