آرشیو سمپل APT ها
https://vx-underground.org/APTs/Yearly%20Archives
https://vx-underground.org/APTs/Yearly%20Archives
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-20674
The authentication feature could be bypassed as this vulnerability allows impersonation.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
https://nvd.nist.gov/vuln/detail/CVE-2024-20674
سیستم عامل های آسیب پذیر:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2024-20674
The authentication feature could be bypassed as this vulnerability allows impersonation.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
https://nvd.nist.gov/vuln/detail/CVE-2024-20674
سیستم عامل های آسیب پذیر:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356).
One of these could allow account takeover without user interaction.
https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html?m=1
One of these could allow account takeover without user interaction.
https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html?m=1
Forwarded from Peneter Tools
https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
poc:
https://github.com/Wh04m1001/CVE-2024-20656
poc:
https://github.com/Wh04m1001/CVE-2024-20656
MDSec
CVE-2024-20656 - Local Privilege Escalation in the VSStandardCollectorService150 Service - MDSec
Overview Visual Studio is a complex and powerful IDE developed by Microsoft and comes with a lot of features that can be interesting from a red team perspective. During this...
Juniper warns of critical RCE bug in its firewalls and switches
https://www.bleepingcomputer.com/news/security/juniper-warns-of-critical-rce-bug-in-its-firewalls-and-switches/
https://www.bleepingcomputer.com/news/security/juniper-warns-of-critical-rce-bug-in-its-firewalls-and-switches/
Gitlab account takeover
https://news.1rj.ru/str/learnpentest/766
https://news.1rj.ru/str/learnpentest/766
Telegram
SoheilSec
GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356).
One of these could allow account takeover without user interaction.
https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html?m=1
One of these could allow account takeover without user interaction.
https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html?m=1
Atlassian warns of critical RCE flaw in older Confluence versions
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/
لیست تاپ 10 c2 هایی که به صورت دیفالت استفاده میشوند مشخص نیست TA یا Red teamer
https://blog.shodan.io/deep-dive-malware-hunter/
اگر میخوایند دید بگیرید c2 ها چطوری میشه شناسایی کرد
https://howto.thec2matrix.com/detection/ja3-ja3s-hashes
https://howto.thec2matrix.com/detection/jarm
https://blog.shodan.io/deep-dive-malware-hunter/
اگر میخوایند دید بگیرید c2 ها چطوری میشه شناسایی کرد
https://howto.thec2matrix.com/detection/ja3-ja3s-hashes
https://howto.thec2matrix.com/detection/jarm
وبسایت tweetfeed.live دوباره قابل دسترس شد و کلیه IOC که در تویتتر به اشتراک گذاشته میشود از طریق این سایت قابل دسترس همچنین با opencti سازگار است.
https://tweetfeed.live/
https://tweetfeed.live/
لیست ابزارهای امنیت تهاجمی و تدافعی لینوکسی
پ.ن : تو مصاحبه ها از این ابزارها خیلی سوال میشه
پ.ن : تو مصاحبه ها از این ابزارها خیلی سوال میشه
مایکروسافت دوباره مورد نفوذ قرار گرفت 6 ماه پیش توسط APT چینی و اکنون APT روسی
نفوذ در نوامبر 2023 صورت گرفته
شناسایی در 12 ژانویه 2024
نحوه نفوذ بروت فورس روی اکانتهای قدیمی که به ایمیلها دسترسی داشت
پ.ن: سازمانهای تو ایران همینن کارمند میره ولی اکانت و دسترسیش هست
https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html?m=1
نفوذ در نوامبر 2023 صورت گرفته
شناسایی در 12 ژانویه 2024
نحوه نفوذ بروت فورس روی اکانتهای قدیمی که به ایمیلها دسترسی داشت
پ.ن: سازمانهای تو ایران همینن کارمند میره ولی اکانت و دسترسیش هست
https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html?m=1
گروه های APT چینی حداقل از ۲۰۲۱ به vcenterها کل دنیا دسترسی داشتند🤔
https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-vmware-bug-as-zero-day-for-two-years/
https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-vmware-bug-as-zero-day-for-two-years/
BleepingComputer
Chinese hackers exploit VMware bug as zero-day for two years
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.
Analysis_of_2023_Global_CTI_Reports.pdf
6.6 MB
ThreatScape: Analysis of 2023 Global CTI reports by ctm360