Forwarded from IoT/ICS Security & Malware
Necro Python Botnet
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Juniper Networks
Necro Python Botnet Goes After Vulnerable VisualTools DVR
In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a
#Threat_Research
A Peek into Top-Level Domains and Cybercrime
https://unit42.paloaltonetworks.com/top-level-domains-cybercrime
@BlueRedTeam
A Peek into Top-Level Domains and Cybercrime
https://unit42.paloaltonetworks.com/top-level-domains-cybercrime
@BlueRedTeam
#Red Team
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/megatop1/RedTeam
@BlueRedTeam
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/megatop1/RedTeam
@BlueRedTeam
GitHub
GitHub - megatop1/RedTeam: Red Team Toolkit for CTF's and Learning for Windows Offense
Red Team Toolkit for CTF's and Learning for Windows Offense - GitHub - megatop1/RedTeam: Red Team Toolkit for CTF's and Learning for Windows Offense
#exploit
CVE-2021-34484:
Windows User Profile Service 0day LPE
https://github.com/klinix5/ProfSvcLPE/blob/main/write-up.docx
]-> PoC:
https://github.com/klinix5/ProfSvcLPE/tree/main/DoubleJunctionEoP
@BlueRedTeam
CVE-2021-34484:
Windows User Profile Service 0day LPE
https://github.com/klinix5/ProfSvcLPE/blob/main/write-up.docx
]-> PoC:
https://github.com/klinix5/ProfSvcLPE/tree/main/DoubleJunctionEoP
@BlueRedTeam
#BlueTeam
Program for determining types of files for Windows,
Linux, MacOS
https://github.com/horsicq/Detect-It-Easy
@BlueRedTeam
Program for determining types of files for Windows,
Linux, MacOS
https://github.com/horsicq/Detect-It-Easy
@BlueRedTeam
GitHub
GitHub - horsicq/Detect-It-Easy: Program for determining types of files for Windows, Linux and MacOS.
Program for determining types of files for Windows, Linux and MacOS. - horsicq/Detect-It-Easy
#RedTeam
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/redcanaryco/invoke-atomicredteam
@BlueRedTeam
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/redcanaryco/invoke-atomicredteam
@BlueRedTeam
GitHub
GitHub - redcanaryco/invoke-atomicredteam: Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics…
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Re...
#Threat_Research
+ Android WebView and Its Vulnerabilities
https://blog.securelayer7.net/learn-about-android-webview-and-its-vulnerabilities
+ Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html
@BlueRedTeam
+ Android WebView and Its Vulnerabilities
https://blog.securelayer7.net/learn-about-android-webview-and-its-vulnerabilities
+ Groups Target Alibaba ECS Instances for Cryptojacking
https://www.trendmicro.com/en_us/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html
@BlueRedTeam
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Learn about Android WebView and its Vulnerabilities
What is Android WebView? Android WebView, an android system component, allows android apps to load or display content remotely. Note: It isn’t a full fletched browser: It is just a part of the...
#exploit
CVE-2021-43616:
NPM < 8.1.3 CI Command package-lock.json RCE
https://github.com/npm/cli/issues/2701
]-> https://github.com/icatalina/CVE-2021-43616
@BlueRedTeam
CVE-2021-43616:
NPM < 8.1.3 CI Command package-lock.json RCE
https://github.com/npm/cli/issues/2701
]-> https://github.com/icatalina/CVE-2021-43616
@BlueRedTeam
GitHub
[BUG] `npm ci` succeeds when `package-lock.json` doesn't match `package.json` · Issue #2701 · npm/cli
Current Behavior: npm ci does not fail when package.json doesn't match package-lock.json Expected Behavior: npm ci refuses to install when the lock file is invalid. Steps To Reproduce: Manually...
#RedTeam
Assessment, Analysis, and Hardening of a vulnerable system. This presentation includes playing the role of both (Red Team) pentester and (Blue Team) SOC analyst on a vulnerable WebDAV server.
https://github.com/cltempleton1127/UR-Cybersecurity-Red-Team-Blue-Team
@BlueRedTeam
Assessment, Analysis, and Hardening of a vulnerable system. This presentation includes playing the role of both (Red Team) pentester and (Blue Team) SOC analyst on a vulnerable WebDAV server.
https://github.com/cltempleton1127/UR-Cybersecurity-Red-Team-Blue-Team
@BlueRedTeam
Cybersecurity_Incident_and_Vulnerability_Response.pdf
1.1 MB
#BlueTeam
"Cybersecurity Incident & Vulnerability Response Playbooks
Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems", 2021.
@BlueRedTeam
"Cybersecurity Incident & Vulnerability Response Playbooks
Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems", 2021.
@BlueRedTeam
#RedTeam
1. Detecting a Container Escape with Cilium and eBPF
https://isovalent.com/blog/post/2021-11-container-escape
2. How to bypass reCaptcha V3 with Selenium Python
https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
@BlueRedTeam
1. Detecting a Container Escape with Cilium and eBPF
https://isovalent.com/blog/post/2021-11-container-escape
2. How to bypass reCaptcha V3 with Selenium Python
https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
@BlueRedTeam
Isovalent
Detecting a Container Escape with Tetragon and eBPF
Learn how to use Isovalent Cilium Enterprise observability to detect container escapes
#exploit
CVE-2021-30602:
Google Chrome WebRTC addIceCandidate UaF vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1348
@BlueRedTeam
CVE-2021-30602:
Google Chrome WebRTC addIceCandidate UaF vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1348
@BlueRedTeam
#RedTeam
1. TPM sniffing
https://blog.scrt.ch/2021/11/15/tpm-sniffing
2. Exploit para Apache Struts v2 (RCE)
https://github.com/andre3llo/apachestruts
@BlueRedTeam
1. TPM sniffing
https://blog.scrt.ch/2021/11/15/tpm-sniffing
2. Exploit para Apache Struts v2 (RCE)
https://github.com/andre3llo/apachestruts
@BlueRedTeam
GitHub
GitHub - 4ndreello/apachestruts: Apache Struts v2 exploit (RCE).
Apache Struts v2 exploit (RCE). Contribute to 4ndreello/apachestruts development by creating an account on GitHub.
#Threat_Research
Diving into Open-source LMS Codebases
https://starlabs.sg/blog/2021/11/diving-into-open-source-lms-codebases
@BlueRedTeam
Diving into Open-source LMS Codebases
https://starlabs.sg/blog/2021/11/diving-into-open-source-lms-codebases
@BlueRedTeam
#exploit
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days (Netgear UPNP Stack Based Buffer Overflow)
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
@BlueRedTeam
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days (Netgear UPNP Stack Based Buffer Overflow)
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
@BlueRedTeam
Hello friends
You can download Cybersecurity books here.
And various articles and Write ups
Link:
https://news.1rj.ru/str/joinchat/S7X_g5M43myDbccu
You can download Cybersecurity books here.
And various articles and Write ups
Link:
https://news.1rj.ru/str/joinchat/S7X_g5M43myDbccu
#exploit
1. CVE-2021-43617:
Bypass CRF
https://github.com/kombat1/CVE-2021-43617
2. Linux: UAF read: SO_PEERCRED
and SO_PEERGROUPS race with listen() (and connect())
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
3. CVE-2021-37580:
Apache ShenYu 2.3.0/2.4.0 authentication bypass
https://github.com/0x0021h/expbox/blob/main/cve-2021-37580-poc.py
@BlueRedTeam
1. CVE-2021-43617:
Bypass CRF
https://github.com/kombat1/CVE-2021-43617
2. Linux: UAF read: SO_PEERCRED
and SO_PEERGROUPS race with listen() (and connect())
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
3. CVE-2021-37580:
Apache ShenYu 2.3.0/2.4.0 authentication bypass
https://github.com/0x0021h/expbox/blob/main/cve-2021-37580-poc.py
@BlueRedTeam
GitHub
GitHub - kombat1/CVE-2021-43617: CVE-2021-43617 bypass CRF
CVE-2021-43617 bypass CRF. Contribute to kombat1/CVE-2021-43617 development by creating an account on GitHub.
#RedTeam
1. Google SSRF - URL whitelist bypass
https://feed.bugs.xdavidhu.me/bugs/0008
2. HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099
3. How I was able to revoke your Instagram 2FA
https://dhiyaneshgeek.github.io/web/security/2021/10/23/how-i-was-able-to-revoke-your-instagram-2fa
@BlueRedTeam
1. Google SSRF - URL whitelist bypass
https://feed.bugs.xdavidhu.me/bugs/0008
2. HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099
3. How I was able to revoke your Instagram 2FA
https://dhiyaneshgeek.github.io/web/security/2021/10/23/how-i-was-able-to-revoke-your-instagram-2fa
@BlueRedTeam
feed.bugs.xdavidhu.me
SSRF via URL whitelist bypass in a Google Cloud owned App Engine service
xdavidhu's bug bounty disclosures.