CVE-2022-34689 - CryptoAPI spoofing vulnerability
PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
GitHub
akamai-security-research/PoCs/CVE-2022-34689 at main · akamai/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research
DCOM Hardening Toolkit
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications
https://github.com/otoriocyber/DCOM-HardeningTool
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications
https://github.com/otoriocyber/DCOM-HardeningTool
GitHub
GitHub - otoriocyber/DCOM-HardeningTool: Powershell noscript for Windows to retrieve the authentication hardening status of DCOM…
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications - GitHub - otoriocyber/DCOM-HardeningTool: Powershell noscript for Windows to retrieve the authentic...
Abusing Signal Desktop Client for fun and for Espionage
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
Johnjhacking
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
A flaw in how files are stored in Signal Desktop ≤ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop ≤ 6.2.0 exists, allowing an an attacker to modify conversation attachments…
Lexmark Security Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
Linux System Administrator/DevOps Interview Questions
https://github.com/gracco/sysadmin-interview-questions
https://github.com/gracco/sysadmin-interview-questions
GitHub
GitHub - gracco/sysadmin-interview-questions
Contribute to gracco/sysadmin-interview-questions development by creating an account on GitHub.
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
Medium
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
TinyTurla backdoor Sysmon vs. Windows Event Viewer
The Dangerous Consequences of Threat Actors Abusing Microsoft’s “Verified Publisher” Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
Proofpoint
Abused Microsoft Verified App - Threat Uncovered | Proofpoint US
Threat actors are abusing Microsoft's verified apps to deploy malicious campaigns. Learn about the impersonated publisher verifications and how to remediate risks.
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
Horizon3.ai
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
Technical deep-dive and exploit POC for VMware vRealize Log Insight RCE as reported in VMSA-2023-0001. This series of vulnerabilities leads to remote code execution and full system compromise. CVE-2022-31704, CVE-2022-31706, and CVE-2022-31711.
Detecting_Lateral_Movement_through_Tracking_Event_Logs.pdf
2.2 MB
Detecting Lateral Movement through Tracking Event Logs
certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
GitHub
GitHub - zblurx/certsync: Dump NTDS with golden certificates and UnPAC the hash
Dump NTDS with golden certificates and UnPAC the hash - zblurx/certsync
What l’ve learned about of Open Source from curl developer Daniel Stenberg
https://youtu.be/jVT37EmND8I
https://youtu.be/jVT37EmND8I
YouTube
Uncurled - what I've learned about Open Source! - Daniel Stenberg
Uncurled - everything I know and learned about running and maintaining OpenSource projects for three decades.
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…
Базовый курс системного администрирование Linux (г.Астана/Удаленка)
Авторы курса обещают предоставить навыки, которыми должен обладать Junior Linux System Administrator:
• Базовые знания TCP/IP
• Знание базовых системных команд Linux ("без google")
• Понимание функциональных особенностей ОС (Windows , Linux)
• Опыт работы с системами мониторинга
• Знание почтовых и файловые служб основных ОС
-- Каждое занятие завершается тестированием на знание материала. Фиксируется прогресс обучения.
-- Учебный центр готов вести Вас до момента пока не найдется работа. Длительность курса 20 часов, стоимость 200к тенге.
-- Кодовое слово "sys-admin" даст право на скидку
Детали курса и запись на него на сайте учебного центра
Авторы курса обещают предоставить навыки, которыми должен обладать Junior Linux System Administrator:
• Базовые знания TCP/IP
• Знание базовых системных команд Linux ("без google")
• Понимание функциональных особенностей ОС (Windows , Linux)
• Опыт работы с системами мониторинга
• Знание почтовых и файловые служб основных ОС
-- Каждое занятие завершается тестированием на знание материала. Фиксируется прогресс обучения.
-- Учебный центр готов вести Вас до момента пока не найдется работа. Длительность курса 20 часов, стоимость 200к тенге.
-- Кодовое слово "sys-admin" даст право на скидку
Детали курса и запись на него на сайте учебного центра
NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
— https://github.com/TheD1rkMtr/NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
— https://github.com/TheD1rkMtr/NTDLLReflection
Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks:
https://github.com/cisagov/ESXiArgs-Recover
https://github.com/cisagov/ESXiArgs-Recover
GitHub
GitHub - cisagov/ESXiArgs-Recover: A tool to recover from ESXiArgs ransomware
A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.
Forwarded from Sys-Admin InfoSec
THREAT_ALERT_GootLoader_Large_payload_leading_to_compromise_BLOG.pdf
8.9 MB
/ THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
Full deep dive analyses
Full deep dive analyses