PoisonHandler
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
GitHub
GitHub - Mr-Un1k0d3r/PoisonHandler: lateral movement techniques that can be used during red team exercises
lateral movement techniques that can be used during red team exercises - Mr-Un1k0d3r/PoisonHandler
HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
[PHP] Exposing DB Credentials / HttpOnly Bypass / FPD
https://hackking.net/threads/php-exposing-db-credentials-httponly-bypass-fpd.29/
https://hackking.net/threads/php-exposing-db-credentials-httponly-bypass-fpd.29/
The NSA found a dangerous Windows 10 flaw and alerted Microsoft - rather than weaponise it
Washington: The National Security Agency recently discovered a major flaw in Microsoft's Windows operating system - one that could potentially expose computer users to significant breaches or surveillance, and alerted the firm to the problem rather than turn it into a hacking weapon, according to people familiar with the matter.
The disclosure represents a major shift in the NSA's approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries' networks, according to the people familiar with the matter who spoke on condition of anonymity because of the sensitivity of the matter.
https://www.smh.com.au/technology/the-nsa-found-a-dangerous-windows-10-flaw-and-alerted-microsoft-rather-than-weaponise-it-20200115-p53rip.html
Washington: The National Security Agency recently discovered a major flaw in Microsoft's Windows operating system - one that could potentially expose computer users to significant breaches or surveillance, and alerted the firm to the problem rather than turn it into a hacking weapon, according to people familiar with the matter.
The disclosure represents a major shift in the NSA's approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries' networks, according to the people familiar with the matter who spoke on condition of anonymity because of the sensitivity of the matter.
https://www.smh.com.au/technology/the-nsa-found-a-dangerous-windows-10-flaw-and-alerted-microsoft-rather-than-weaponise-it-20200115-p53rip.html
The Sydney Morning Herald
The NSA found a dangerous Windows 10 flaw and alerted Microsoft - rather than weaponise it
The major flaw in the Windows 10 operating system could potentially expose computer users to significant breaches or surveillance.
Applying a Stuxnet Type Attack to a Schneider Modicon M340 PLC
In summary:
- how we can backdoor PLC using a "stuxnet-like" attack based on
DLL-Reflective.
- a deep dive from Grafcet/Ladder processing to asm assembly
- injection of C payload into PLC to perform funny things like TCP port
scanner, modification of legitimate automation program ...
https://airbus-cyber-security.com/applying-a-stuxnet-type-attack-to-a-schneider-modicon-plc-airbus-cybersecurity/
In summary:
- how we can backdoor PLC using a "stuxnet-like" attack based on
DLL-Reflective.
- a deep dive from Grafcet/Ladder processing to asm assembly
- injection of C payload into PLC to perform funny things like TCP port
scanner, modification of legitimate automation program ...
https://airbus-cyber-security.com/applying-a-stuxnet-type-attack-to-a-schneider-modicon-plc-airbus-cybersecurity/
Lacher Lizard Project:
Fast Web Site Crawler and Vulnerability Analyzer
Denoscription:
https://youtu.be/yYpAaOyJ2K0
GitHub:
https://github.com/alifrd/Lacher-Lizard
Fast Web Site Crawler and Vulnerability Analyzer
Denoscription:
https://youtu.be/yYpAaOyJ2K0
GitHub:
https://github.com/alifrd/Lacher-Lizard
YouTube
Lacher Lizard
( Security Crawler)
https://github.com/alifrd
https://github.com/alifrd
https://www.peerlyst.com/posts/how-to-perform-ssd-forensics-or-part-i-sudhendu?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
How to perform SSD Forensics | Part - I 👌
Recently I went to a Conference on cyber forensics . There I saw people demonstrating various acquisition methods, evidence collection, storage and analysis . One thing is peculiarly noticed that people when say “Evidence acquisition” or “ Data recovery ” from computers they generally mean to acquire it from magnetic storage media, like Hard Disks (HDD). They were going on about disk forensics, slack space and all those related stuff. After listening to their orthodox speech, I raised some queries:
Do the methods of disk forensics, like block level analysis, apply on Solid state drives ,flash drives?
Flash drives totally remove the concept of block or any rotating part, so what now?
Do your delete, erase, wipe and format concept still work in a similar way? etc. etc.
I asked around 10 questions and all I got was blithering. That made me ponder about the different individuals who are dealing forensics and how many do not follow the dernier cri in the industry.
I decided I need to write something on forensics involving flash drives. My focus on this article is about Solid State Drives (SSDs) .
#article #forensic #ssd
How to perform SSD Forensics | Part - I 👌
Recently I went to a Conference on cyber forensics . There I saw people demonstrating various acquisition methods, evidence collection, storage and analysis . One thing is peculiarly noticed that people when say “Evidence acquisition” or “ Data recovery ” from computers they generally mean to acquire it from magnetic storage media, like Hard Disks (HDD). They were going on about disk forensics, slack space and all those related stuff. After listening to their orthodox speech, I raised some queries:
Do the methods of disk forensics, like block level analysis, apply on Solid state drives ,flash drives?
Flash drives totally remove the concept of block or any rotating part, so what now?
Do your delete, erase, wipe and format concept still work in a similar way? etc. etc.
I asked around 10 questions and all I got was blithering. That made me ponder about the different individuals who are dealing forensics and how many do not follow the dernier cri in the industry.
I decided I need to write something on forensics involving flash drives. My focus on this article is about Solid State Drives (SSDs) .
#article #forensic #ssd
Saudi Dismisses Link to Hack of Amazon Owner Bezos
http://feedproxy.google.com/~r/Securityweek/~3/bJTp5wvRaXc/saudi-dismisses-link-hack-amazon-owner-bezos
The Saudi embassy in Washington on Tuesday dismissed suggestions the kingdom hacked the phone of Washington Post owner Jeff Bezos (https://www.securityweek.com/investigator-says-amazon-chiefs-phone-hacked-saudis), as media reports linked the security breach to a WhatsApp message from an account of Crown Prince Mohammed bin Salman.
read more (https://www.securityweek.com/saudi-dismisses-link-hack-amazon-owner-bezos)
http://feedproxy.google.com/~r/Securityweek/~3/bJTp5wvRaXc/saudi-dismisses-link-hack-amazon-owner-bezos
The Saudi embassy in Washington on Tuesday dismissed suggestions the kingdom hacked the phone of Washington Post owner Jeff Bezos (https://www.securityweek.com/investigator-says-amazon-chiefs-phone-hacked-saudis), as media reports linked the security breach to a WhatsApp message from an account of Crown Prince Mohammed bin Salman.
read more (https://www.securityweek.com/saudi-dismisses-link-hack-amazon-owner-bezos)
Securityweek
Saudi Dismisses Link to Hack of Amazon Owner Bezos | SecurityWeek.Com
The Saudi embassy in Washington dismissed suggestions the kingdom hacked the phone of Washington Post owner Jeff Bezos, as media reports linked the security breach to a WhatsApp message from an account of Crown Prince Mohammed bin Salman.
Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
https://ift.tt/2GcrOgj
https://ift.tt/2GcrOgj
Securityweek
Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day | SecurityWeek.Com
0patch has released a micropatch for the recently disclosed Internet Explorer zero-day vulnerability. The micropatch is free for consumers