Active Directory Control Paths

Control paths in Active Directory are an aggregation of "control relations" between entities of the domain (users, computers, groups, GPO, containers, etc.) which can be visualized as graphs (such as above) and whose purpose is to answer questions like "Who can get 'Domain Admins' privileges ?" or "What resources can a user control ?" and even "Who can read the CEO's emails ?".

https://github.com/ANSSI-FR/AD-control-paths

Hacker Group Exposes Iranian APT Operations and Members

Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.

https://www.bleepingcomputer.com/news/security/hacker-group-exposes-iranian-apt-operations-and-members/

Enlaces a Herramientas OSINT

https://ciberpatrulla.com/links/

How to extract forensic artifacts from pagefile.sys?

https://www.andreafortuna.org/2019/04/17/how-to-extract-forensic-artifacts-from-pagefile-sys/

@hackplayers

Exploring, Exploiting Active Directory Pen Test

http://blog.securelayer7.net/exploring-exploiting-active-directory-pen-test/

PartyLoud: un sencillo script en bash para generar "ruido" en la red

PartyLoud es una herramienta para crear tráfico de Internet falso con el fin de impedir o mitigar el seguimiento en redes locales. Está basada en noisy.py y su objetivo es hacer mucho ruido en la red (en forma de peticiones http) para que sea más difícil rastrear tu navegación real.

https://www.hackplayers.com/2019/04/partyloud-script-genera-ruido-en-lan.html

Apache Tomcat CGI Servlet Remote Code Execution (CVE-2019-0232)


A remote code execution vulnerability exists in Apache Tomcat CGI Servlet. Successful exploitation of this vulnerability could lead to remote code execution on the target server.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0531.html

Source Code for CARBANAK Banking Malware Found On VirusTotal

https://thehackernews.com/2019/04/carbanak-malware-source-code.html

January 2019 OpenSSH Vulnerabilities in NetApp Products

Multiple NetApp products incorporate OpenSSH software libraries. OpenSSH versions through 7.9 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or the addition or modification of data.

https://security.netapp.com/advisory/ntap-20190213-0001/

El Gobierno francés lanzó una alternativa a WhatsApp de uso interno con una importante brecha de seguridad

https://www.genbeta.com/seguridad/gobierno-frances-lanzo-alternativa-a-whatsapp-uso-interno-importante-brecha-seguridad

TALOS-2018-0693

Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability

CVE-2018-18366

An exploitable kernel memory disclosure vulnerability exists in the 0x224844 IOCTL handler function of Symantec Endpoint Protection Small Business Edition ccSetx86.sys, version 16.0.0.77. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0693

DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims

Besides the DNSpionage malware, the hacking group behind the campaign also uses the Mimikatz credential dumper, various off-the-shelf administration tools, the Bitvise WinSSH SSH server, a number of open source hacking tools, and the Putty program for SSH tunneling within the same network, as detailed by the French security researchers from CERT-OPMD which also provide a ATT&CK Matrix mapping for DNSpionage attacks.

https://www.bleepingcomputer.com/news/security/dnspionage-drops-new-karkoff-malware-cherry-picks-its-victims/

Múltiples vulnerabilidades en productos de TIBCO

Fecha de publicación: 25/04/2019
Importancia: 5 - Crítica

Descripción: 
TIBCO ha publicado 6 vulnerabilidades que afectan a varios de sus productos, en las que un atacante podría realizar ataques XSS, CSRF, ejecución remota de código, descarga de información confidencial sin autenticación, escalada de privilegios o redirección abierta.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-0

Múltiples vulnerabilidades en BIND

Fecha de publicación: 25/04/2019
Importancia: 4 - Alta

Descripción: 
Se han publicado múltiples vulnerabilidades en BIND que afectan a varios de sus productos, 1 de severidad alta y 2 de severidad media.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-1

PHP es cada vez más vulnerable

El lenguaje de programación utilizado en el desarrollo de la mayoría de los sitios web es cada vez más vulnerable, concluye un nuevo análisis de F5 Labs. En 2018, el 81% del tráfico malicioso controlado estuvo relacionado con PHP.

https://diarioti.com/php-es-cada-vez-mas-vulnerable/109278

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

https://thehackernews.com/2019/04/wordpress-woocommerce-security.html

Getting in the Zone: dumping Active Directory DNS using adidnsdump

https://blog.fox-it.com/2019/04/25/getting-in-the-zone-dumping-active-directory-dns-using-adidnsdump/

Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens

Docker Hub lost keys and tokens for around 190,000 accounts, which could have downstream effects if hackers used them to access source code at big companies.

https://motherboard.vice.com/en_us/article/7xgbzb/docker-hub-breach-hackers-stole-private-keys-tokens

Parrot Security OS 4.6 Released with New Updates for Hacking Tools & Important Vulnerability Fixes

https://gbhackers.com/parrot-4-6-released/

‘Plane hacker’ says “I got bored, so I hacked NASA”

http://www.ehackingnews.com/2019/04/plane-hacker-says-i-got-bored-so-i.html

A Vulnerability in Oracle WebLogic Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER: 2019-048

DATE(S) ISSUED 04/26/2019

OVERVIEW:
A vulnerability has been discovered in the Oracle WebLogic that could allow for remote code execution. 

https://www.cisecurity.org/advisory/a-vulnerability-in-oracle-weblogic-could-allow-for-remote-code-execution_2019-048/