Patching Windows Event Tracing in memory to be stealthier (POC)
https://ift.tt/V2sdYwI
Submitted June 08, 2023 at 06:49PM by thehunter699
via reddit https://ift.tt/uOXnTdR
https://ift.tt/V2sdYwI
Submitted June 08, 2023 at 06:49PM by thehunter699
via reddit https://ift.tt/uOXnTdR
GitHub
GitHub - nullsection/SharpETW-Patch
Contribute to nullsection/SharpETW-Patch development by creating an account on GitHub.
Legacy authentication: The curious case of BAV2ROPC
https://ift.tt/oGYUH5N
Submitted June 08, 2023 at 08:26PM by tvjust
via reddit https://ift.tt/F7XJ9xG
https://ift.tt/oGYUH5N
Submitted June 08, 2023 at 08:26PM by tvjust
via reddit https://ift.tt/F7XJ9xG
Red Canary
Legacy authentication: The curious case of BAV2ROPC
A mysterious user agent string in some Microsoft 365 audit logs offers clues for how to detect logins from legacy authentication protocols.
MSSQL linked servers: abusing ADSI for password retrieval - BlackArrow
https://ift.tt/mZJNSK9
Submitted June 08, 2023 at 10:17PM by apanonimo
via reddit https://ift.tt/qKvuGPm
https://ift.tt/mZJNSK9
Submitted June 08, 2023 at 10:17PM by apanonimo
via reddit https://ift.tt/qKvuGPm
Tarlogic Security
MSSQL linked servers: abusing ADSI for password retrieval
New technique to gather passwords from MSSQL by abusing linked servers through the ADSI provider
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
https://ift.tt/SuvZeb7
Submitted June 08, 2023 at 10:03PM by SCI_Rusher
via reddit https://ift.tt/ya29Qkz
https://ift.tt/SuvZeb7
Submitted June 08, 2023 at 10:03PM by SCI_Rusher
via reddit https://ift.tt/ya29Qkz
Microsoft Security Blog
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign | Microsoft Security Blog
A multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targets banking and financial services organizations.
The new version 4.0 of the Common Vulnerability Scoring System (CVSS) has just entered public preview phase. Please have a look and send us your comments by July 31st, see the presentation for details about how to provide feedback.
https://ift.tt/jzi9fkA
Submitted June 09, 2023 at 01:07AM by forgetful_12345
via reddit https://ift.tt/3Em5huY
https://ift.tt/jzi9fkA
Submitted June 09, 2023 at 01:07AM by forgetful_12345
via reddit https://ift.tt/3Em5huY
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System
acme.sh runs arbitrary commands from a remote server
https://ift.tt/DuYmOvf
Submitted June 09, 2023 at 12:59PM by tubularobot
via reddit https://ift.tt/QUGVAte
https://ift.tt/DuYmOvf
Submitted June 09, 2023 at 12:59PM by tubularobot
via reddit https://ift.tt/QUGVAte
GitHub
acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh
Hello, You may already be aware of this, but HiCA is injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine. I am not sure if thi...
BusKill Warrant Canary for 2023 H2 🕵️
https://ift.tt/07weKId
Submitted June 09, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/2ZnKs6T
https://ift.tt/07weKId
Submitted June 09, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/2ZnKs6T
BusKill
BusKill Canary #6 - BusKill
This post contains the cryptographically-signed BusKill warrant canary #006 for June 2023 to January 2024.
Crest CPSA
https://ift.tt/vDnwVYF
Submitted June 09, 2023 at 10:44PM by DogTime3470
via reddit https://ift.tt/zjmTKph
https://ift.tt/vDnwVYF
Submitted June 09, 2023 at 10:44PM by DogTime3470
via reddit https://ift.tt/zjmTKph
CREST
CREST Practitioner Security Analyst (CPSA)
Barracuda Email Security Gateway Appliance (ESG) Vulnerability [CVE-2023-2868]
https://ift.tt/rq1pJk5
Submitted June 10, 2023 at 02:18AM by RamblinWreckGT
via reddit https://ift.tt/cjgNAwH
https://ift.tt/rq1pJk5
Submitted June 10, 2023 at 02:18AM by RamblinWreckGT
via reddit https://ift.tt/cjgNAwH
How to Find AWS IAM Access Keys Not Rotated Within 90 Days
https://ift.tt/IjrepfH
Submitted June 10, 2023 at 01:06PM by Current_Doubt_8584
via reddit https://ift.tt/LJj3rWS
https://ift.tt/IjrepfH
Submitted June 10, 2023 at 01:06PM by Current_Doubt_8584
via reddit https://ift.tt/LJj3rWS
Against HSTS preload
https://ift.tt/TOB3QCb?
Submitted June 10, 2023 at 08:00PM by Hopeful-Total
via reddit https://ift.tt/6u27VgP
https://ift.tt/TOB3QCb?
Submitted June 10, 2023 at 08:00PM by Hopeful-Total
via reddit https://ift.tt/6u27VgP
Web3 Security Distilled - An Article
https://ift.tt/7CAKh2Q
Submitted June 12, 2023 at 12:13AM by Silent-Homework7613
via reddit https://ift.tt/CEt0wr4
https://ift.tt/7CAKh2Q
Submitted June 12, 2023 at 12:13AM by Silent-Homework7613
via reddit https://ift.tt/CEt0wr4
Medium
Web3 Security Distilled
We will try to understand what a bug bounty is, why it’s important, and why it can complement auditing rather than replace it in order to…
Android Reverse Engineering: Visualizing Executed Code in Ghidra
https://ift.tt/tRjNr2D
Submitted June 12, 2023 at 02:29AM by theappanalyst
via reddit https://ift.tt/I29vdJw
https://ift.tt/tRjNr2D
Submitted June 12, 2023 at 02:29AM by theappanalyst
via reddit https://ift.tt/I29vdJw
/data/local/tmp
Visualizing Android Code Coverage Pt.1
Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to investigate.
Critical RCE flaw in Fortigate SSL-VPN devices CVE-2023-27997
https://ift.tt/DWxlBf8
Submitted June 12, 2023 at 06:24AM by Doodlebug2100
via reddit https://ift.tt/F39iNyS
https://ift.tt/DWxlBf8
Submitted June 12, 2023 at 06:24AM by Doodlebug2100
via reddit https://ift.tt/F39iNyS
BleepingComputer
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.
Multi-hop proxy tool for pentesters XD
https://ift.tt/PmWYioc
Submitted June 12, 2023 at 02:54PM by CryptographerWeak578
via reddit https://ift.tt/75GDLgj
https://ift.tt/PmWYioc
Submitted June 12, 2023 at 02:54PM by CryptographerWeak578
via reddit https://ift.tt/75GDLgj
GitHub
Stowaway/README_EN.md at master · ph4ntonn/Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.
MOVEit Transfer CVE-2023-34362 Deep Dive, Indicators of Compromise, and Exploit POC
https://ift.tt/4l0Q3O9
Submitted June 12, 2023 at 05:08PM by scopedsecurity
via reddit https://ift.tt/APQyNVl
https://ift.tt/4l0Q3O9
Submitted June 12, 2023 at 05:08PM by scopedsecurity
via reddit https://ift.tt/APQyNVl
Horizon3.ai
MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise
Technical Deep-Dive and Indicators of Compromise for MOVEit Transfer CVE-2023-34362 SQL Injection to Remote Code Execution Vulnerability
A Truly Graceful Wipe Out
https://ift.tt/cOxuioy
Submitted June 12, 2023 at 04:59PM by TheDFIRReport
via reddit https://ift.tt/IfMCqLD
https://ift.tt/cOxuioy
Submitted June 12, 2023 at 04:59PM by TheDFIRReport
via reddit https://ift.tt/IfMCqLD
The DFIR Report
A Truly Graceful Wipe Out
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment of …
Circumventing inotify Watchdogs
https://ift.tt/ZgRAUD4
Submitted June 12, 2023 at 04:54PM by DLLCoolJ
via reddit https://ift.tt/1OqrtzX
https://ift.tt/ZgRAUD4
Submitted June 12, 2023 at 04:54PM by DLLCoolJ
via reddit https://ift.tt/1OqrtzX
Archcloudlabs
Circumventing inotify Watchdogs
About The Project Recently I’ve been building rudimentary file monitoring tools to get better at Golang, and build faux-watchdog programs for research at Arch Cloud Labs. Through this experimentation, I’ve identified some interesting gaps in the inotify subsystem…
Pre-Authenticated RCE in VMware vRealize Network Insight
https://ift.tt/qXeR9V2
Submitted June 14, 2023 at 07:52PM by scopedsecurity
via reddit https://ift.tt/lagRd5J
https://ift.tt/qXeR9V2
Submitted June 14, 2023 at 07:52PM by scopedsecurity
via reddit https://ift.tt/lagRd5J
Summoning Team
Pre-authenticated RCE in VMware vRealize Network Insight
An interesting case of Pre-authenticated RCE in VMware vRealize Network Insight (CVE-2023-20887)
Google Ads: An effective phishing delivery mechanism for over a decade.
https://ift.tt/6USGtl0
Submitted June 14, 2023 at 09:39PM by Seaerkin2
via reddit https://ift.tt/wJQKYmC
https://ift.tt/6USGtl0
Submitted June 14, 2023 at 09:39PM by Seaerkin2
via reddit https://ift.tt/wJQKYmC
Guardyourdomain
DomainGuard | Threat Visibility Platform
We guard your domain, so you have peace of mind. Threat Visibility Platform.
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Threat Intelligence
https://ift.tt/Bmi0k2r
Submitted June 14, 2023 at 10:14PM by SCI_Rusher
via reddit https://ift.tt/eV0x4nB
https://ift.tt/Bmi0k2r
Submitted June 14, 2023 at 10:14PM by SCI_Rusher
via reddit https://ift.tt/eV0x4nB
Microsoft News
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard.