Forwarded from Deleted Account
Attacking_Network_Protocols.epub
28.5 MB
Attacking Network Protocols
A Hacker's Guide to Capture, Analysis, and Exploitation
by James Forshaw
@HackerOne
A Hacker's Guide to Capture, Analysis, and Exploitation
by James Forshaw
@HackerOne
I wrote about how to upgrade or install a latest current release Linux Kernel version manually in Ubuntu?
https://goo.gl/Jh6paz
https://goo.gl/Jh6paz
[+] Linux kernel: net: double-free and memory corruption in get_net_ns_by_id()
A use-after-free vulnerability was found in a network namespaces code affecting the Linux
kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check
for the net::count value after it has found a peer network in netns_ids idr which could
lead to double free and memory corruption. This vulnerability could allow an unprivileged
local user to induce kernel memory corruption on the system, leading to a crash. Due to
the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe
it is unlikely.
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
A use-after-free vulnerability was found in a network namespaces code affecting the Linux
kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check
for the net::count value after it has found a peer network in netns_ids idr which could
lead to double free and memory corruption. This vulnerability could allow an unprivileged
local user to induce kernel memory corruption on the system, leading to a crash. Due to
the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe
it is unlikely.
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
Command and Control – Images [Powershell]
https://pentestlab.blog/2018/01/02/command-and-control-images/
https://pentestlab.blog/2018/01/02/command-and-control-images/
Penetration Testing Lab
Command and Control – Images
Images traditionally have been used as a method of hiding a message. It is possibly for forensic investigators the oldest trick in the book to search for evidence inside that type of files. However…
Command and Control – JavaScript [Rundll32]
https://pentestlab.blog/2018/01/08/command-and-control-javanoscript/
https://pentestlab.blog/2018/01/08/command-and-control-javanoscript/
Penetration Testing Lab
Command and Control – JavaScript
There are a number command and controls tools that can use a variety fof methods in order to hide malicious traffic or execute implants in various formats. Casey Smith originally developed a protot…
[dos] Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
https://www.exploit-db.com/exploits/43470/?rss
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
https://www.exploit-db.com/exploits/43470/?rss
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
Microsoft Patches Zero-Day Vulnerability in Office
http://feedproxy.google.com/~r/Securityweek/~3/fy_7rlOZl8Q/microsoft-patches-zero-day-vulnerability-office
Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.
read more (http://www.securityweek.com/microsoft-patches-zero-day-vulnerability-office)
http://feedproxy.google.com/~r/Securityweek/~3/fy_7rlOZl8Q/microsoft-patches-zero-day-vulnerability-office
Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.
read more (http://www.securityweek.com/microsoft-patches-zero-day-vulnerability-office)
Securityweek
Microsoft Patches Zero-Day Vulnerability in Office | SecurityWeek.Com
Microsoft patches over 50 vulnerabilities, including an Office zero-day similar to the Equation Editor flaw that has been exploited by several threat groups
Highly Targeted Attacks Hit North Korean Defectors
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
Securityweek
Highly Targeted Attacks Hit North Korean Defectors | SecurityWeek.Com
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by unknown threat actor.
Mac Malware Creator Indicted in U.S.
http://feedproxy.google.com/~r/Securityweek/~3/RWtsCJGpEiQ/mac-malware-creator-indicted-us
“FruitFly” Mac Malware Creator Allegedly Spied On Victims for 13 Years
read more (http://www.securityweek.com/mac-malware-creator-indicted-us)
http://feedproxy.google.com/~r/Securityweek/~3/RWtsCJGpEiQ/mac-malware-creator-indicted-us
“FruitFly” Mac Malware Creator Allegedly Spied On Victims for 13 Years
read more (http://www.securityweek.com/mac-malware-creator-indicted-us)
Securityweek
Mac Malware Creator Indicted in U.S. | SecurityWeek.Com
Phillip R. Durachinsky has been charged with using the FruitFly malware for more than 13 years to watch, listen to, and obtain personal data from unknowing victims, as well as to produce child pornography.
Highly Targeted Attacks Hit North Korean Defectors
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
Securityweek
Highly Targeted Attacks Hit North Korean Defectors | SecurityWeek.Com
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by unknown threat actor.