Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Few month ago I stared develop from scratch zDNS service, now it's can:
- Restrict DNS queries by type like as A, AAAA, HTTPS, CNAME, MX, PTR..
- Balancing DNS traffic between upstream servers
- Providing Prometheus metrics
- DNS responses caching by custom TTL
- Has few working modes - Zero Trust, Allow/Blocking
- Has separated "Permanent" mode with additional custom upstream DNS servers
- Can load allow/block lists from local and remote through HTTP(S)
- Create/Delete custom users with different configs and hosts files
- and more...
New opportunities, features, looking forward, and info about of new OpenBLD.net Personal Usage Testing pre-relase see here:
https://openbld.net/blog/zdns-big-updates-and-features/
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sys-Admin InfoSec
/ Phishing Microsoft Teams for initial access
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/
Push Security
Phishing Microsoft Teams for initial access
In this article, we will cover a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams.
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
Sonarsource
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.
/ Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomwar…
/ ExecIT - DLL Shellcode self-inyector/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if victim endpoint has access to attacker-controlled SMB share:
https://github.com/florylsk/ExecIT
https://github.com/florylsk/ExecIT
net/ipv6: Revert remove expired routes with a separated list of routes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec
Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-6200
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec
Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-6200
FACTION - Pen Test Report Generation and Assessment Collaboration
https://github.com/factionsecurity/faction
https://github.com/factionsecurity/faction
GitHub
GitHub - factionsecurity/faction: Pen Test Report Generation and Assessment Collaboration
Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction
/ Linux Kernel Exploitation: Getting started & BOF
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
santaclz’s blog
Linux Kernel Exploitation: Getting started & BOF
Motivation
/ runc: CVE-2024-21626: high severity container breakout attack
https://www.openwall.com/lists/oss-security/2024/01/31/6
https://www.openwall.com/lists/oss-security/2024/01/31/6
RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
GitHub
GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/default settings are still active on the compromised machines…
A graphical automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/d...
Buying Spying - Google report about of commercial spyware
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
/ Nodejs - Code injection and privilege escalation through Linux capabilities (CVE-2024-21892) - (High)
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
nodejs.org
Node.js — Wednesday February 14 2024 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and noscripts.
/ CVE-2024-21413 - Expect Script POC
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
/ Exploring AMD Platform Secure Boot
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
Ioactive
Exploring AMD Platform Secure Boot
by Krzysztof Okupski Introduction In our previous post on platform security (see here ) we provided a brief introduction into platform secu...
CrimsonEDR - EDR Attack Sumulator
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
GitHub
GitHub - Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR
/ Python Risk Identification Tool for generative AI (PyRIT)
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI system...
/ A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Huntress
Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress
This blog discusses the Huntress Team's analysis efforts of the two vulnerabilities and software weaknesses in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) and the technical details behind this attack.