CVE-2023-5178: Linux NVMe-oF/TCP Driver - UAF in `nvmet_tcp_free_crypto`
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel, a malicious actor, with the ability to send messages to the NVMe-oF/TCP server (either LAN or WAN), can cause a UAF and a double free, which may lead to remote kernel code execution:
- https://www.openwall.com/lists/oss-security/2023/10/15/1
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
🔹 Зачем нужен ДНС и как работает
🔹 Как он может аффектить security
🔹 Как он может аффектить пользователей
🔹 DNS и Tread Intelligence
🔹 Откуда ноги у OpenBLD.net DNS 😡
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч✌️ ))
В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу.
Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде, но мало кто уделяет роль этой службе с точки зрения киберсека.
Доку еще пишу, но думаю будет:
Примерно так. Вход свободный. Линка к сожалению не моя и только в LinkrdIn, там же агенда встречи.
Кто будет - до встреч
Please open Telegram to view this post
VIEW IN TELEGRAM
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses
https://asec.ahnlab.com/en/57635/
https://asec.ahnlab.com/en/57635/
ASEC
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses - ASEC
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses ASEC
iso-27001-audit-check-list.pdf
1.9 MB
ISO 271001:2022 Audit Checklist
Forwarded from OpenBLD.net
OpenBLD.net - Update HTTPS certificates will progress tonight
🔹 ADA - Issue and Update certsificates
🔹 RIC - Issue and Update certsificates
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
This action will not affect your connectivity. This message is to let you know that this is a legitimate, planned procedure.
Please open Telegram to view this post
VIEW IN TELEGRAM
Lord Of The Ring0 - Part 1 | Introduction
Windows Kernel root jit development from is a multi-functional rootkit for red teams project author Nidhogg
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Windows Kernel root jit development from is a multi-functional rootkit for red teams project author Nidhogg
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
GitHub
GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.
Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg
EvilSln: Don't open .sln files
A New Exploitation Technique for Visual Studio Projects..:
https://github.com/cjm00n/EvilSln
A New Exploitation Technique for Visual Studio Projects..:
https://github.com/cjm00n/EvilSln
Forwarded from OpenBLD.net
Today I investigated new Keepass faked malware campaign based on Google Adv service:
https://news.1rj.ru/str/sysadm_in_channel/4907
And now this campaign with extrimely speed added to OpenBLD.net🎉
Take care of yourself✌️
https://news.1rj.ru/str/sysadm_in_channel/4907
And now this campaign with extrimely speed added to OpenBLD.net
Take care of yourself
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Sys-Admin InfoSec
/ Google-hosted malvertising leads to fake Keepass site that looks genuine
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/amp/
Listing remote named pipes
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
BlackCat Climbs the Summit With a New Tactic
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
Unit 42
BlackCat Climbs the Summit With a New Tactic
BlackCat ransomware gang has released a utility called Munchkin, allowing attackers to propagate their payload to remote machines. We analyze this new tool.
Another InfoStealer Enters the Field, ExelaStealer
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
Fortinet Blog
Another InfoStealer Enters the Field, ExelaStealer
FortiGuard Labs analyzes ExelaStealer, a relatively new, open-source InfoStealer. Written in Python, and capable of stealing sensitive information from users.…
Sys-Admin Up
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу. Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде…
Telegram
OpenBLD.net
Презентация InfoSec / DNS или Интернет в DNS промилях с этой встречи , а небольшое фото ревью c коротким комментом в LinkedIn
План: Категоризации моделей угроз, Внедрения смягчающих мер и культуры ИБ для компании <Company name>
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Web Application Firewall (WAF) Comparison Project
Repository contains testing datasets and tools to compare WAF efficacy in the two most important categories:
• Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests:
- https://github.com/openappsec/waf-comparison-project
Repository contains testing datasets and tools to compare WAF efficacy in the two most important categories:
• Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests:
- https://github.com/openappsec/waf-comparison-project
GitHub
GitHub - openappsec/waf-comparison-project: Testing datasets and tools to compare WAF efficacy
Testing datasets and tools to compare WAF efficacy - openappsec/waf-comparison-project
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials..:
https://github.com/AlbusSec/Penetration-List
https://github.com/AlbusSec/Penetration-List
GitHub
GitHub - AlbusSec/Penetration-List: Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities…
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-d...
CyberSec_For_Kids.pdf
1.5 MB
Cyber Security for Kids
- This document was made for parents, teachers, teenagers and children with basic computer skills or who want to learn more about cybersecurity
- Intended for children from 10 years of age
- This document was made for parents, teachers, teenagers and children with basic computer skills or who want to learn more about cybersecurity
- Intended for children from 10 years of age
Communicative Agents for Software Development
Goodby programmers, hello ChatDev?
https://arxiv.org/pdf/2307.07924v3.pdf
Goodby programmers, hello ChatDev?
https://arxiv.org/pdf/2307.07924v3.pdf
EventLogSilencer
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging:
https://github.com/AmirHoseinTangsiriNET/EventLogSilencer
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging:
https://github.com/AmirHoseinTangsiriNET/EventLogSilencer
GitHub
GitHub - AmirHoseinTangsiriNET/EventLogSilencer: EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging - AmirHoseinTangsiriNET/EventLogSilencer
Sonatype User Group Agenda.pdf
1.6 MB
План встречи Sonatype User Group в Алматы
Организаторы планируют встречу, где можно познакомиться с ключевыми лицами и экспертами Sonatype, других экспертов рынка Казахстана по AppSec & DevSecOps
• 2 ноября, 15:00-19:00
• г Алматы, SmArt.Point, зал Amphitheater
Форма регистрации: https://forms.gle/UVVAYhzup3hMTYH57
Организаторы планируют встречу, где можно познакомиться с ключевыми лицами и экспертами Sonatype, других экспертов рынка Казахстана по AppSec & DevSecOps
• 2 ноября, 15:00-19:00
• г Алматы, SmArt.Point, зал Amphitheater
Форма регистрации: https://forms.gle/UVVAYhzup3hMTYH57
LatLoader is a PoC module to demonstrate automated lateral movement with the Havoc C2 framework; Elastic EDR Rule Evasions.
https://github.com/icyguider/LatLoader
https://github.com/icyguider/LatLoader
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
🚀 Exciting October'23 Upgrades at OpenBLD.net!
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
🔹 New Filtering Routine Server
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
🔹 Enhanced Performance
Boosted RAM and CPU power on select servers for even smoother operation.
🔹 German Server Addition
Testing out a new server in Germany for ada.openbld.net frontend scoping.
🔹 Rule Tweaks
Updated blocking rules to better combat abused IPs and CIDRs.
🔹 Improved Resource Handling
Optimized performance for web resources like
🔹 New site: With GitHub collaboration opportunities: https://openbld.net
🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
📢 Stay Connected:
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
Boosted RAM and CPU power on select servers for even smoother operation.
Testing out a new server in Germany for ada.openbld.net frontend scoping.
Updated blocking rules to better combat abused IPs and CIDRs.
Optimized performance for web resources like
Krisha, IvI, and Yandex Maps.🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
Please open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
OpenBLD.net - fast, free DNS that blocks ads, trackers, malware — with DoH, DoT, GeoDNS | OpenBLD.net DNS - Block advertising,…
OpenBLD.net — ultra-fast DNS with ad blocking and proactive cybersecurity. Be yourself, be focused.