Microsoft Exchange vulnerabilities exploited once again
for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html?m=1
#Malware
#exchange
#microsoft
@NetPentesters
for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html?m=1
#Malware
#exchange
#microsoft
@NetPentesters
AD Enum - pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos
https://github.com/SecuProject/ADenum
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
@NetPentesters
https://github.com/SecuProject/ADenum
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
@NetPentesters
GitHub
GitHub - SecuProject/ADenum: AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and…
AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos. - SecuProject/ADenum
Practical HTTP Header Smuggling:
Sneaking Past Reverse Proxies to Attack AWS
https://www.intruder.io/research/practical-http-header-smuggling
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough
#Cloud
#azure
#Vulnerability
@NetPentesters
Sneaking Past Reverse Proxies to Attack AWS
https://www.intruder.io/research/practical-http-header-smuggling
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough
#Cloud
#azure
#Vulnerability
@NetPentesters
www.intruder.io
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...
Thick Client Penetration Testing Methodology
https://www.cyberark.com/resources/threat-research-blog/thick-client-penetration-testing-methodology
#RedTeam
#pentest
@NetPentesters
https://www.cyberark.com/resources/threat-research-blog/thick-client-penetration-testing-methodology
#RedTeam
#pentest
@NetPentesters
Active Directory penetration test mind map collection by Orange CyberDefense
GitHub
https://github.com/Orange-Cyberdefense/arsenal
All MindMap
https://github.com/Orange-Cyberdefense/arsenal/tree/master/mindmap
Additional
https://www.xmind.net/m/5dypm8/
#pentest
#windows
#ad
@NetPentesters
GitHub
https://github.com/Orange-Cyberdefense/arsenal
All MindMap
https://github.com/Orange-Cyberdefense/arsenal/tree/master/mindmap
Additional
https://www.xmind.net/m/5dypm8/
#pentest
#windows
#ad
@NetPentesters
GitHub
GitHub - Orange-Cyberdefense/arsenal: Arsenal is just a quick inventory and launcher for hacking programs
Arsenal is just a quick inventory and launcher for hacking programs - Orange-Cyberdefense/arsenal
BloodyAD is an Active Directory Privilege Escalation Framework
https://github.com/CravateRouge/bloodyAD
#AD
#privilege
@NetPentesters
https://github.com/CravateRouge/bloodyAD
#AD
#privilege
@NetPentesters
GitHub
GitHub - CravateRouge/bloodyAD: BloodyAD is an Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework - CravateRouge/bloodyAD
#5G_Network_Security
Exploit the Fuzz -
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
@NetPentesters
Exploit the Fuzz -
Exploiting Vulnerabilities in 5G Core Networks
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks
@NetPentesters
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
CVE-2021-42306 CredManifest:
App Registration Certificates Stored in Azure AD
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest
#azure
#Ad
#Cloud
#Pentest
@NetPentesters
App Registration Certificates Stored in Azure AD
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest
#azure
#Ad
#Cloud
#Pentest
@NetPentesters
NetSPI
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
The vulnerability, found by NetSPI’s cloud pentesting practice director, Karl Fosaaen, affects any organization that uses Automation Account "Run as" accounts in Azure.
New_Attack_Surfaces_WiFi_Mesh.pdf
3.2 MB
#WLAN_Security
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
WSUS Attacks:
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Observing Attacks Against Hundreds
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
Unit 42
Observing Attacks Against Hundreds of Exposed Services in Public Clouds
Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them.
1. How to Detect Azure AD Backdoors:
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Inversecos
How to Detect Azure Active Directory Backdoors: Identity Federation
CVE-2021-21972:
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
GitHub
GitHub - NS-Sp4ce/CVE-2021-21972: CVE-2021-21972 Exploit
CVE-2021-21972 Exploit. Contribute to NS-Sp4ce/CVE-2021-21972 development by creating an account on GitHub.
1. 0-day vulnerability in TP-Link Wi-Fi 6 devices
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
Security Affairs
Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters