GOAD (Game Of Active Directory) - version 2

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:

-- https://github.com/Orange-Cyberdefense/GOAD

/ Windows SmartScreen Security Feature Bypass Vulnerability

Impact: Security Feature Bypass, CVE-2023-24880

— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

/ Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

Impact: Remote Code Execution Max Severity: Critical

— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

P.S. thx for the link for RCE my dear friend ✌️

/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

Impacted Products:
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected:

— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/

Намечается новая кибер-конфа в Алматы - AppSecFest
 
Совпало, что я оказался знаком с организаторами данной конфы - это будет апрель 2023, это будет посвящено Application Security и DevSecOps тематикам в РК.

Организаторы обещают:
• Качественный нетворкинг
• 250+ участников
• 8-ми часовую длительность + афтепати
• Стенды от вендоров
• Проходить будет 21 апреля, ТЦ Forum Алматы

Заявки на доклады - appsecfest@astlab.kz, сайт - https://appsecfest.kz

/ Tick APT group compromise of a DLP software developer in East Asia

https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/

/ Highlights from Git 2.40

Git project just released Git 2.40 with features and bug fixes from over 88 contributors, 30 of them new:

https://github.blog/2023-03-13-highlights-from-git-2-40/

/ Uncovering Windows Events

This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying mechanisms. One can use a similar process when trying to reverse other manifest-based ETW providers. This post isn’t a deep dive into how ETW works… Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s:

https://posts.specterops.io/uncovering-windows-events-b4b9db7eac54

/ OpenSSH 9.3 has just been released

With security and another fixes — https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-March/040641.html

Active Directory Cheatsheet with code examples

- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…

— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory

/ CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/

/ Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

/ How to defences via the Win Registry from OneNote Malware

— https://www.huntress.com/blog/addressing-initial-access

/ KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099

PatchWinREScript_2004plus.ps1 (Recommended)

This noscript is for Windows 10, version 2004 and later versions, including Windows 11:

-- https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589

/ (Ab)using Adobe Acrobat Sign to distribute malware

https://blog.avast.com/adobe-acrobat-sign-malware

Good News and New Changes in Sys-Admin Open BLD ecosystem
 
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:

New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet

Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements

Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service) ⚰

Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛

/ Attackers are starting to target .NET developers with malicious-code NuGet packages

https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/

/ ShellBot Malware Being Distributed to Linux SSH Servers

https://asec.ahnlab.com/en/49769/

/ Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842

/ New guidance for identity and access management (IAM) from CISA and NSA for Administrators

/ “FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension

https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61