Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
Sonarsource
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.
/ Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomwar…
/ ExecIT - DLL Shellcode self-inyector/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if victim endpoint has access to attacker-controlled SMB share:
https://github.com/florylsk/ExecIT
https://github.com/florylsk/ExecIT
net/ipv6: Revert remove expired routes with a separated list of routes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec
Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-6200
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec
Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-6200
FACTION - Pen Test Report Generation and Assessment Collaboration
https://github.com/factionsecurity/faction
https://github.com/factionsecurity/faction
GitHub
GitHub - factionsecurity/faction: Pen Test Report Generation and Assessment Collaboration
Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction
/ Linux Kernel Exploitation: Getting started & BOF
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
santaclz’s blog
Linux Kernel Exploitation: Getting started & BOF
Motivation
/ runc: CVE-2024-21626: high severity container breakout attack
https://www.openwall.com/lists/oss-security/2024/01/31/6
https://www.openwall.com/lists/oss-security/2024/01/31/6
RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
GitHub
GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/default settings are still active on the compromised machines…
A graphical automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/d...
Buying Spying - Google report about of commercial spyware
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
/ Nodejs - Code injection and privilege escalation through Linux capabilities (CVE-2024-21892) - (High)
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
nodejs.org
Node.js — Wednesday February 14 2024 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and noscripts.
/ CVE-2024-21413 - Expect Script POC
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
/ Exploring AMD Platform Secure Boot
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
Ioactive
Exploring AMD Platform Secure Boot
by Krzysztof Okupski Introduction In our previous post on platform security (see here ) we provided a brief introduction into platform secu...
CrimsonEDR - EDR Attack Sumulator
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
GitHub
GitHub - Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR
/ Python Risk Identification Tool for generative AI (PyRIT)
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI system...
/ A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Huntress
Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress
This blog discusses the Huntress Team's analysis efforts of the two vulnerabilities and software weaknesses in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) and the technical details behind this attack.
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Bitdefender Labs
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance.
/ OpenBLD.net PDP Beta Program Announce
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Telegram
OpenBLD.net
📢 Take Control of Your Privacy! Join the OpenBLD.net PDP Beta! 😡
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…