Shadow Credentials - Red Teaming Experiments
https://ift.tt/RDpYmhk
Submitted June 16, 2022 at 04:13PM by Kondencuotaspienas
via reddit https://ift.tt/uxF6cfq
https://ift.tt/RDpYmhk
Submitted June 16, 2022 at 04:13PM by Kondencuotaspienas
via reddit https://ift.tt/uxF6cfq
www.ired.team
Shadow Credentials
Persistence, lateral movement
VED (Vault Exploit Defense): Open source implementation
https://ift.tt/xdUOl4X
Submitted June 16, 2022 at 06:58PM by hardenedvault
via reddit https://ift.tt/UbtJ79O
https://ift.tt/xdUOl4X
Submitted June 16, 2022 at 06:58PM by hardenedvault
via reddit https://ift.tt/UbtJ79O
hardenedvault.net
VED (Vault Exploit Defense): Open source implementation
VED - Linux kernel threat detection and prevention system LKM version of VED goes public finally.
Quick Malware Analysis Using Free Tools: Malware infection from Brazil malspam pcap from 2022-04-19
https://ift.tt/lTWXNPy
Submitted June 16, 2022 at 08:17PM by dougburks
via reddit https://ift.tt/Bu2s8Lr
https://ift.tt/lTWXNPy
Submitted June 16, 2022 at 08:17PM by dougburks
via reddit https://ift.tt/Bu2s8Lr
blog.securityonion.net
Quick Malware Analysis: Malware infection from Brazil malspam pcap from 2022-04-19
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/19/index2.html We did a quick analysis of this...
The Android kernel mitigations obstacle race
https://ift.tt/ejsbQRV
Submitted June 16, 2022 at 09:51PM by 0xdea
via reddit https://ift.tt/bqVpsd8
https://ift.tt/ejsbQRV
Submitted June 16, 2022 at 09:51PM by 0xdea
via reddit https://ift.tt/bqVpsd8
The GitHub Blog
The Android kernel mitigations obstacle race | The GitHub Blog
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…
CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://ift.tt/WZVIERw
Submitted June 16, 2022 at 11:23PM by Gallus
via reddit https://ift.tt/tcHCYwe
https://ift.tt/WZVIERw
Submitted June 16, 2022 at 11:23PM by Gallus
via reddit https://ift.tt/tcHCYwe
Zero Day Initiative
Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
https://ift.tt/jycgpPs
Submitted June 17, 2022 at 12:37AM by jat0369
via reddit https://ift.tt/mXbGR1E
https://ift.tt/jycgpPs
Submitted June 17, 2022 at 12:37AM by jat0369
via reddit https://ift.tt/mXbGR1E
Cyberark
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...
Analysing RTF files from SideWinder APT
https://ift.tt/wTNd6AV
Submitted June 17, 2022 at 12:17AM by OwnPreparation3424
via reddit https://ift.tt/xGbAwaj
https://ift.tt/wTNd6AV
Submitted June 17, 2022 at 12:17AM by OwnPreparation3424
via reddit https://ift.tt/xGbAwaj
Medium
404 — File still found
In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…
AWS Lambda Command Injection
https://ift.tt/z5KS7Pk
Submitted June 17, 2022 at 04:28PM by lormayna
via reddit https://ift.tt/XSTqh20
https://ift.tt/z5KS7Pk
Submitted June 17, 2022 at 04:28PM by lormayna
via reddit https://ift.tt/XSTqh20
www.safe.security
AWS Lambda Command Injection
The attack comprises of performing command injection vulnerability in Lambda Functions in order to steal the AWS keys and access AWS resources as the stolen keys of the IAM role.
Securing OT Network Management Systems: Siemens SINEC NMS
https://ift.tt/ibopXqK
Submitted June 17, 2022 at 08:27PM by derp6996
via reddit https://ift.tt/2Bp1eEJ
https://ift.tt/ibopXqK
Submitted June 17, 2022 at 08:27PM by derp6996
via reddit https://ift.tt/2Bp1eEJ
Claroty
Securing Network Management Systems (Part 3): Siemens SINEC NMS
Analyzing the latest version of Matanbuchus
https://ift.tt/adt9cZq
Submitted June 17, 2022 at 11:33PM by OwnPreparation3424
via reddit https://ift.tt/nN8Mj90
https://ift.tt/adt9cZq
Submitted June 17, 2022 at 11:33PM by OwnPreparation3424
via reddit https://ift.tt/nN8Mj90
Medium
A deal with the devil: Analysis of a recent Matanbuchus sample
Technical analysis of the Matanbuchus malware with focus on network traffic and commands
Quick Malware Analysis Using Free Tools: Matanbuchus with Cobalt Strike pcap from 2022-06-16
https://ift.tt/oRTtu1Q
Submitted June 17, 2022 at 10:59PM by dougburks
via reddit https://ift.tt/Bu39dqU
https://ift.tt/oRTtu1Q
Submitted June 17, 2022 at 10:59PM by dougburks
via reddit https://ift.tt/Bu39dqU
blog.securityonion.net
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/16/index.html We did a quick analysis of this ...
BRATA is evolving into an APT | Cleafy Labs
https://ift.tt/RJFrC4v
Submitted June 17, 2022 at 02:16PM by f3d_0x0
via reddit https://ift.tt/ym1ACEI
https://ift.tt/RJFrC4v
Submitted June 17, 2022 at 02:16PM by f3d_0x0
via reddit https://ift.tt/ym1ACEI
Cleafy
BRATA is evolving into an APT | Cleafy Labs
The mobile banking malware BRATA keeps evolving into an APT. Read here the new Technical Report, which explains in detail how it monitors banks' account and how to prevent it.
CSRF leads to account takeover in Yahoo!
https://ift.tt/xc9dsak
Submitted June 18, 2022 at 05:20AM by vinay737
via reddit https://ift.tt/bkzlwf5
https://ift.tt/xc9dsak
Submitted June 18, 2022 at 05:20AM by vinay737
via reddit https://ift.tt/bkzlwf5
A hackers guide to FINDING infosec job
https://ift.tt/cAHJpX9
Submitted June 18, 2022 at 08:11AM by vinay737
via reddit https://ift.tt/dSZ4DTY
https://ift.tt/cAHJpX9
Submitted June 18, 2022 at 08:11AM by vinay737
via reddit https://ift.tt/dSZ4DTY
jhaddix.com
A hackers guide to FINDING cybersecurity jobs
Getting your foot in the door or finding your next gig in cyber security is sometimes a daunting task. Just like hacking, a methodology is needed to succeed. Here's how I see the core components (this methodology will evolve over time): Aquire Skillsets /…
I have created a burp suite extension which allows pentester to keep track of each APIs, write test cases for individual APIs. Lastly the extension allows to map the vulnerable apis to the list of vulnerabilities using a custom checklist.
https://ift.tt/3L2Anp4
Submitted June 18, 2022 at 03:42PM by Ano_F
via reddit https://ift.tt/m0GU6wX
https://ift.tt/3L2Anp4
Submitted June 18, 2022 at 03:42PM by Ano_F
via reddit https://ift.tt/m0GU6wX
portswigger.net
Pentest Mapper
Integrates logging with a custom application testing checklist.
Scheduled Scaling Up & Down Of EC2 Server
https://ift.tt/e6LtKUN
Submitted June 18, 2022 at 04:55PM by ajaidanial
via reddit https://ift.tt/FJIClUu
https://ift.tt/e6LtKUN
Submitted June 18, 2022 at 04:55PM by ajaidanial
via reddit https://ift.tt/FJIClUu
GitHub
GitHub - ajaidanial/gipsy_avenger: A self-hosted scheduler app that will upgrade or downgrade your EC2 servers for you.
A self-hosted scheduler app that will upgrade or downgrade your EC2 servers for you. - GitHub - ajaidanial/gipsy_avenger: A self-hosted scheduler app that will upgrade or downgrade your EC2 servers...
learn ethical hacking and bug bounty with free resources and with proper Guidance...
https://ift.tt/Lb5MzgU
Submitted June 18, 2022 at 06:21PM by rootxd3vil
via reddit https://ift.tt/wXit4I3
https://ift.tt/Lb5MzgU
Submitted June 18, 2022 at 06:21PM by rootxd3vil
via reddit https://ift.tt/wXit4I3
Dangerous Repository of DoS, Red Teaming TTPs, and ICS Exploits
https://ift.tt/z5aTFm2
Submitted June 18, 2022 at 08:26PM by entropydaemon6
via reddit https://ift.tt/z7a8xq3
https://ift.tt/z5aTFm2
Submitted June 18, 2022 at 08:26PM by entropydaemon6
via reddit https://ift.tt/z7a8xq3
GitHub
RoseSecurity - Overview
Cloud Engineer | Hobbyist Hacker. RoseSecurity has 17 repositories available. Follow their code on GitHub.
I made a website can detect over 1000 extensions and shows you the percentage of users that share the same extensions.
https://ift.tt/lERnbqy
Submitted June 19, 2022 at 03:04AM by z0ccc_z0ccc
via reddit https://ift.tt/Xp6u8lk
https://ift.tt/lERnbqy
Submitted June 19, 2022 at 03:04AM by z0ccc_z0ccc
via reddit https://ift.tt/Xp6u8lk
New blog - NMAP and CME 101 stuff
https://ift.tt/X59Azkr
Submitted June 19, 2022 at 04:57PM by Mr-R3b00t
via reddit https://ift.tt/JQIprmb
https://ift.tt/X59Azkr
Submitted June 19, 2022 at 04:57PM by Mr-R3b00t
via reddit https://ift.tt/JQIprmb
Reddit
From the netsec community on Reddit: New blog - NMAP and CME 101 stuff
Posted by Mr-R3b00t - 7 votes and 4 comments
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
https://ift.tt/4nKH5Zz
Submitted June 20, 2022 at 08:03AM by nykzhang
via reddit https://ift.tt/OLZEuSl
https://ift.tt/4nKH5Zz
Submitted June 20, 2022 at 08:03AM by nykzhang
via reddit https://ift.tt/OLZEuSl
Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are…