Forwarded from H1gh l4nd3r
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
🔥3👍2❤1👎1💩1😴1
Forwarded from OnHex
🔴 ارائه های زیر از کنفرانس Nahamcon2024 در یوتیوب منتشر شد.
به پست مربوطه هم اضافه شد.
- js Files Are Your Friends
- Practical AI for Bounty Hunters
- Sluicing Scripts
#کنفرانس #امنیت_وب #باگ_بانتی
🆔 @onhex_ir
➡️ ALL Link
ONHEXGROUP
به پست مربوطه هم اضافه شد.
- js Files Are Your Friends
- Practical AI for Bounty Hunters
- Sluicing Scripts
#کنفرانس #امنیت_وب #باگ_بانتی
🆔 @onhex_ir
➡️ ALL Link
ONHEXGROUP
👏2👍1
Forwarded from Exploit Service
This media is not supported in your browser
VIEW IN TELEGRAM
Progressive Web Apps (PWAs) Phishing
More fake URL bars :)
POC: https://github.com/mrd0x/PWA-Phishing
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://news.1rj.ru/str/+p2mOn-eGo4UzMTEx
Support: @angelsupport
More fake URL bars :)
POC: https://github.com/mrd0x/PWA-Phishing
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://news.1rj.ru/str/+p2mOn-eGo4UzMTEx
Support: @angelsupport
👍4👎1🥱1
👾2👍1
DLHell
https://github.com/synacktiv/DLHell
#malware_dev
DLHell is a tool for performing local and remote DCOM Windows DLL proxying. It can intercept DLLs on remote objects to execute arbitrary commands. The tool supports various authentication methods and provides capabilities for local and remote DLL proxying, as well as DCOM DLL proxying.
https://github.com/synacktiv/DLHell
#malware_dev
❤4👍1
UK's largest nuclear site denies being hacked but pleads guilty over cybersecurity failures
https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity
https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity
🤣4👍2
From secret images to encryption keys.
credit : HOSEIN. YAVARZADEH
https://thecyberwire.com/podcasts/research-saturday/330/notes
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API
credit : HOSEIN. YAVARZADEH
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs).
https://thecyberwire.com/podcasts/research-saturday/330/notes
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API
👍5
Source Byte
From secret images to encryption keys. credit : HOSEIN. YAVARZADEH This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional…
This media is not supported in your browser
VIEW IN TELEGRAM
👾Lets Create An EDR… And Bypass It!
Part 1
Part 2
--------------------------------------------------------------
Related stuff:
[+] An Introduction to Bypassing User Mode EDR Hooks
[+] Blinding EDR On Windows
[+] How your EDR actually works
#EDR
Part 1
Part 2
--------------------------------------------------------------
Related stuff:
∆ Simple EDR In Nim
∆ EDR IS BY NO MEANS THE FINAL SOLUTION [ Blog ]
∆ A brief analysis of EDR architecture - taking Windows platform as an example [ Blog ]
∆ Summary of all EDR bypass methods found so far [ blog ]
[+] An Introduction to Bypassing User Mode EDR Hooks
[+] Blinding EDR On Windows
[+] How your EDR actually works
#EDR
👾4❤1🤨1
⎙ Windows internals
≣ Notes 1
≣ Notes 2
≣ Windows Internals Research Tips
≣ 9 Days: Learn windows internals
#internals #windows
⎗ Notes On Process in windows
≣ Notes 1
≣ Notes 2
≣ Windows Internals Research Tips
≣ 9 Days: Learn windows internals
#internals #windows
👾6👍3
Forwarded from Order of Six Angles
Свежак! Каждый найдет для себя что-то интересное
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
👍7🍾2
PHP7 Internals - Become a Wizard
credit : faulty *ptrrr
Welcome to the PHP Internals Hub - If you ever wondered about how PHP works internally and how you can exploit it: this is where you should start.
In this repo, I show basic and advanced exploitation in PHP (some of the bugs reported by me). In every "chapter", you'll learn a little bit more about PHP Internals from an infosec perspective.
https://github.com/0xbigshaq/php7-internals
———
#CVE-2020-7066 , #CVE-2020-7067 , #CVE-2020-10872 , #CVE-2020-10873 , #CVE-2018-12882 , #CVE-2018-12882
credit : faulty *ptrrr
Welcome to the PHP Internals Hub - If you ever wondered about how PHP works internally and how you can exploit it: this is where you should start.
In this repo, I show basic and advanced exploitation in PHP (some of the bugs reported by me). In every "chapter", you'll learn a little bit more about PHP Internals from an infosec perspective.
https://github.com/0xbigshaq/php7-internals
———
#CVE-2020-7066 , #CVE-2020-7067 , #CVE-2020-10872 , #CVE-2020-10873 , #CVE-2018-12882 , #CVE-2018-12882
👍6❤2
Best Active Directory Resources ^ ⌃
⍰ Just open it
⍰ I think it's enough!
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
⍰ Just open it
Twitter : @zer1t0
⊞ Attacking Active Directory: 0 to 0.9
⍰ I think it's enough!
LinkedIn: Sean Metcalf
His Blog:
⊞ https://adsecurity.org/
His Compony:
⊞ https://www.trimarcsecurity.com/research
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
👾7🔥4❤1