CVE-2024-49112 is a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This critical vulnerability has been assigned a CVSS score of 9.8, indicating a high impact on confidentiality, integrity, and availability (C:H/I:H/A:H).
The vulnerability is related to an integer overflow or wraparound (CWE-190) in the LDAP implementation. This issue could allow remote attackers to execute arbitrary code on vulnerable systems by sending specially crafted LDAP requests.
Attackers can exploit this flaw remotely, requiring no authentication or user interaction.
Exploitation results in the attacker gaining full control of the affected system.
To mitigate CVE-2024-49112:
1. Apply Patches: Ensure all systems are updated with the latest security patches from Microsoft. Refer to their official advisory.
2. Restrict LDAP Access:
Limit access to LDAP services by implementing network-level access controls, such as firewalls.
Use secure LDAP (LDAPS) to encrypt LDAP traffic.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
The vulnerability is related to an integer overflow or wraparound (CWE-190) in the LDAP implementation. This issue could allow remote attackers to execute arbitrary code on vulnerable systems by sending specially crafted LDAP requests.
Attackers can exploit this flaw remotely, requiring no authentication or user interaction.
Exploitation results in the attacker gaining full control of the affected system.
To mitigate CVE-2024-49112:
1. Apply Patches: Ensure all systems are updated with the latest security patches from Microsoft. Refer to their official advisory.
2. Restrict LDAP Access:
Limit access to LDAP services by implementing network-level access controls, such as firewalls.
Use secure LDAP (LDAPS) to encrypt LDAP traffic.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
👍1
سلام وقت بخیر در این قسمت (6) که جمع بندی قسمت گذشته است روش هایی که میشه session admin و کلا session روی کامپیوترهای AD وجود دارد با ابزارها مختلف که همگی در github قابل دسترس هستند enumerate کنیم .
همچنین به توضیح مختصر از مبحث مهم ACL پرداختیم که پیشنهاد میکنم حتما در کتاب James forshaw windows internals فصل ACL بخونید.
یک دمو رفتیم که وقتی میگیم ACL خطرناک یا permission خطرناک چی هست چه کارهایی ممکنه هکر انجام بده.
در ادامه هدف اصلی از ریکان گفتیم که دنبال این هستیم لیست یوزرها کامپیوترها و ... در بیاریم که برسیم به دسترسی یوزر دامین، ادمین لوکال که این ادمین لوکال خیلی مهمه چرا که میتونه کمک کنه ما ابزارها کاربردی مثل mimikatz روی هاست اجرا کنیم و CA, LM انجام بدهیم.
https://youtu.be/L-t4XxUG_bY
جهت دسترسی به کامندها و نوت ها:
https://github.com/soheilsec/Active-Directory-For-Hackers/blob/main/Recon%20AD%20during%20penetration%20testing%20and%20Red%20Teaming.md
همچنین به توضیح مختصر از مبحث مهم ACL پرداختیم که پیشنهاد میکنم حتما در کتاب James forshaw windows internals فصل ACL بخونید.
یک دمو رفتیم که وقتی میگیم ACL خطرناک یا permission خطرناک چی هست چه کارهایی ممکنه هکر انجام بده.
در ادامه هدف اصلی از ریکان گفتیم که دنبال این هستیم لیست یوزرها کامپیوترها و ... در بیاریم که برسیم به دسترسی یوزر دامین، ادمین لوکال که این ادمین لوکال خیلی مهمه چرا که میتونه کمک کنه ما ابزارها کاربردی مثل mimikatz روی هاست اجرا کنیم و CA, LM انجام بدهیم.
https://youtu.be/L-t4XxUG_bY
جهت دسترسی به کامندها و نوت ها:
https://github.com/soheilsec/Active-Directory-For-Hackers/blob/main/Recon%20AD%20during%20penetration%20testing%20and%20Red%20Teaming.md
YouTube
ریکان شبکه اکتیودایرکتوری به عنوان پن تستر و ردتیمر قسمت دوم
در این قسمت که جمع بندی قسمت گذشته است روش هایی که میشه session admin و کلا session روی کامپیوترهای AD وجود دارد با ابزارها مختلف که همگی در github قابل دسترس هستند enumerate کنیم .
همچنین به توضیح مختصر از مبحث مهم ACL پرداختیم که پیشنهاد میکنم حتما در…
همچنین به توضیح مختصر از مبحث مهم ACL پرداختیم که پیشنهاد میکنم حتما در…
❤8
D3FEND 1.0 is here and we are excited to see how you put D3FEND into action!
https://d3fend.mitre.org/blog/d3fend-1.0/
https://d3fend.mitre.org/blog/d3fend-1.0/
d3fend.mitre.org
D3FEND 1.0 General Availability
D3FEND 1.0 is here and we are excited to see how you put D3FEND into action!
SoheilSec
CVE-2024-49112 is a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This critical vulnerability has been assigned a CVSS score of 9.8, indicating a high impact on confidentiality, integrity, and availability (C:H/I:H/A:H).…
This media is not supported in your browser
VIEW IN TELEGRAM
PoC:
https://github.com/SafeBreach-Labs/CVE-2024-49113
Blog: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-CVE-2024-49113/
https://github.com/SafeBreach-Labs/CVE-2024-49113
Blog: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-CVE-2024-49113/
👌6❤1👍1
3 takeaways from red teaming 100 generative AI products
https://www.microsoft.com/en-us/security/blog/2025/01/13/3-takeaways-from-red-teaming-100-generative-ai-products/
https://www.microsoft.com/en-us/security/blog/2025/01/13/3-takeaways-from-red-teaming-100-generative-ai-products/
Microsoft News
3 takeaways from red teaming 100 generative AI products
The growing sophistication of AI systems and Microsoft’s increasing investment in AI have made red teaming more important than ever. Learn more.
👍2👌2
Forwarded from Peneter Tools (Soheil Hashemi)
POC exploit for CVE-2024-49138
https://github.com/MrAle98/CVE-2024-49138-POC
https://github.com/MrAle98/CVE-2024-49138-POC
GitHub
GitHub - MrAle98/CVE-2024-49138-POC: POC exploit for CVE-2024-49138
POC exploit for CVE-2024-49138. Contribute to MrAle98/CVE-2024-49138-POC development by creating an account on GitHub.
❤6
NSA Jointly Releases Recommendations for Closing the Software Understanding Gap
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4031718/nsa-jointly-releases-recommendations-for-closing-the-software-understanding-gap/
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4031718/nsa-jointly-releases-recommendations-for-closing-the-software-understanding-gap/
National Security Agency/Central Security Service
NSA Jointly Releases Recommendations for Closing the Software Understa
FORT MEADE, Md. – A report released by the National Security Agency (NSA), the Cybersecurity and Infrastructure Agency (CISA), the Defense Advanced Research Projects Agency (DARPA), and the
❤1
ETW Threat Intelligence and Hardware Breakpoints
https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
https://github.com/rad9800/hwbp4mw
https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
https://github.com/rad9800/hwbp4mw
Praetorian
ETW Threat Intelligence and Hardware Breakpoints
Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples.
به نظر میرسه لیک NightHawkC2 واقعی است و احتمال میره سورس کد آن به سرقت رفته باشه
این c2 جزو نسخههای commercial c2 matrix هست و محصول شرکت mdsec میباشد.
https://x.com/deadvolvo/status/1882455367864770970?t=opQIfMzaGUZ2sybw9qU1pw&s=19
این c2 جزو نسخههای commercial c2 matrix هست و محصول شرکت mdsec میباشد.
https://x.com/deadvolvo/status/1882455367864770970?t=opQIfMzaGUZ2sybw9qU1pw&s=19
👍9
summary of the changes to SMB signing enforcement defaults in Windows Server 2025 and Windows 11 24H2:
https://www.dsinternals.com/en/smb-signing-windows-server-2025-client-11-24h2-defaults/
https://www.dsinternals.com/en/smb-signing-windows-server-2025-client-11-24h2-defaults/
👍3❤1