Improving software supply chain security
https://github.com/slsa-framework/slsa-github-generator-go
https://github.com/sigstore/sigstore
https://github.com/ossf/scorecard
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
https://github.com/slsa-framework/slsa-github-generator-go
https://github.com/sigstore/sigstore
https://github.com/ossf/scorecard
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
GitHub
GitHub - slsa-framework/slsa-github-generator-go
Contribute to slsa-framework/slsa-github-generator-go development by creating an account on GitHub.
Borat Rat Source Code:
https://github.com/vxunderground/MalwareSourceCode/blob/main/Leaks/Win32/Win32.Borat.7z
https://github.com/vxunderground/MalwareSourceCode/blob/main/Leaks/Win32/Win32.Borat.7z
#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI
https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
GitHub
VMware-CVE-2022-22954/CVE-2022-22954.yaml at main · sherlocksecurity/VMware-CVE-2022-22954
POC for VMWARE CVE-2022-22954. Contribute to sherlocksecurity/VMware-CVE-2022-22954 development by creating an account on GitHub.
Peneter Tools
#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
nuclei Template for Detect:
https://github.com/projectdiscovery/nuclei-templates/pull/4113
https://github.com/projectdiscovery/nuclei-templates/pull/4113
GitHub
Added VMware Workspace ONE Access - Freemarker SSTI by ehsandeep · Pull Request #4113 · projectdiscovery/nuclei-templates
Co-Authored-By: Sherlock Secure 52328067+sherlocksecurity@users.noreply.github.com
https://github.com/sherlocksecurity/VMware-CVE-2022-22954
Template Validation
I've validated this template loc...
https://github.com/sherlocksecurity/VMware-CVE-2022-22954
Template Validation
I've validated this template loc...
Privilege Escalation vulnerability in Amazon Web Service (AWS) VPN Client (CVE-2022-25165).
blog: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
POC : https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25166
blog: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
POC : https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25166
#nginx 0-day on latest nginx-1.21.6
Github: https://github.com/gamozolabs/nginx_shitpost
by https://twitter.com/gamozolabs
Github: https://github.com/gamozolabs/nginx_shitpost
by https://twitter.com/gamozolabs
CVE-2022-22954 #VMware Workspace ONE Access freemarker #SSTI
https://github.com/bewhale/CVE-2022-22954
https://github.com/bewhale/CVE-2022-22954
GitHub
GitHub - bewhale/CVE-2022-22954: CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本、文件写入
CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本、文件写入 - bewhale/CVE-2022-22954
Exploiting Struts RCE on 2.5.26
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html
Blogspot
Exploiting Struts RCE on 2.5.26
Exploiting Struts RCE on 2.5.26 Abstract Late last year, 2020, a fix for a remote code execution (RCE) vulnerability discovered by Alvaro Mu...
APT Cyber Tools Targeting ICS/SCADA Devices:
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368
Now reFlutter not only allows you to monitor traffic, but also shows absolute offsets of the functions in the target Android or iOS application. Root is not required.
https://github.com/Impact-I/reFlutter
https://github.com/Impact-I/reFlutter
GitHub
GitHub - Impact-I/reFlutter: Flutter Reverse Engineering Framework
Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.
This media is not supported in your browser
VIEW IN TELEGRAM
Microsoft Sharepoint RCE (CVE-2022-22005)
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/
#sharepoint #rce
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/
#sharepoint #rce
A proof-of-concept WordPress plugin fuzzer
https://github.com/kazet/wpgarlic#usage-cheatsheet
#wordpress #redteam #BugBounty
https://github.com/kazet/wpgarlic#usage-cheatsheet
#wordpress #redteam #BugBounty
GitHub
GitHub - kazet/wpgarlic: A proof-of-concept WordPress plugin fuzzer
A proof-of-concept WordPress plugin fuzzer. Contribute to kazet/wpgarlic development by creating an account on GitHub.
WatchGuard Pre-Auth RCE - CVE-2022-26318
https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce
https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce
cve-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe
GitHub
GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file…
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. - kagancapar/CVE-2022-29072