/ Linux Kernel Exploitation: Getting started & BOF
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
https://santaclz.github.io/2023/11/03/Linux-Kernel-Exploitation-Getting-started-and-BOF.html
santaclz’s blog
Linux Kernel Exploitation: Getting started & BOF
Motivation
/ runc: CVE-2024-21626: high severity container breakout attack
https://www.openwall.com/lists/oss-security/2024/01/31/6
https://www.openwall.com/lists/oss-security/2024/01/31/6
RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
automated tool designed to monitor the persistence of backdoors and default settings on compromised machines over time:
https://github.com/Drakiat/RedTeam-Checker
GitHub
GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/default settings are still active on the compromised machines…
A graphical automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/Checker: A graphical automation to monitor if backdoors/d...
Buying Spying - Google report about of commercial spyware
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
/ Nodejs - Code injection and privilege escalation through Linux capabilities (CVE-2024-21892) - (High)
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
and another 7 fixes for vulnerabilities released for node:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
nodejs.org
Node.js — Wednesday February 14 2024 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and noscripts.
/ CVE-2024-21413 - Expect Script POC
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel) CVSS:3.1 9.8 / 8.5:
https://github.com/duy-31/CVE-2024-21413
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
/ Exploring AMD Platform Secure Boot
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
..dig deeper into the nitty gritty details of PSB, including a first glimpse of how it works under the hood, how it should be configured and, naturally, how various major vendors fail to do so.
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
Ioactive
Exploring AMD Platform Secure Boot
by Krzysztof Okupski Introduction In our previous post on platform security (see here ) we provided a brief introduction into platform secu...
CrimsonEDR - EDR Attack Sumulator
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics:
https://github.com/Helixo32/CrimsonEDR/tree/main
GitHub
GitHub - Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR
/ Python Risk Identification Tool for generative AI (PyRIT)
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications.
https://github.com/Azure/PyRIT
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI system...
/ A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Huntress
Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress
This blog discusses the Huntress Team's analysis efforts of the two vulnerabilities and software weaknesses in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) and the technical details behind this attack.
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Bitdefender Labs
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance.
/ OpenBLD.net PDP Beta Program Announce
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Personal DoH Profiling (PDP), a new service that provides:
- Complete isolation of your DNS requests, ensuring that no one can track your online activity.
- Personalized DNS settings, so you can block ads, malicious websites, and other unwanted content.
- Robust security with DNSSEC, TLSv1.2, and TLSv1.3.
- Self Allow/Block lists controls and more...
Details: https://news.1rj.ru/str/openbld/56
Telegram
OpenBLD.net
📢 Take Control of Your Privacy! Join the OpenBLD.net PDP Beta! 😡
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…
Do you want to protect your online privacy and the privacy of your family? Join the beta for OpenBLD.net Personal DoH Profiling (PDP), a new service that provides:
🔹 Complete isolation of…
New The NIST Cybersecurity Framework (CSF) 2.0
Release date - February 26, 2024:
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
Release date - February 26, 2024:
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
Xeno-Rat available as Open Source on GitHub
written on c#.. the functionality looks evil...
https://github.com/moom825/xeno-rat
written on c#.. the functionality looks evil...
https://github.com/moom825/xeno-rat
GitHub
GitHub - moom825/xeno-rat: Xeno-RAT is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of…
Xeno-RAT is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management. Has features such as HVNC, live microphone, reverse prox...
OWASP launched AI modeling risk mitigation document
Details:
https://owasp.org/www-project-top-10-for-large-language-model-applications/
Details:
https://owasp.org/www-project-top-10-for-large-language-model-applications/
owasp.org
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
Aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs)
Keylogging in the Windows kernel with undocumented data structures
https://eversinc33.com/posts/kernel-mode-keylogging/
https://eversinc33.com/posts/kernel-mode-keylogging/
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...
Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.
How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services
Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Python Risk Identification Tool for generative AI (PyRIT)
open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications from MS
https://github.com/Azure/PyRIT
open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications from MS
https://github.com/Azure/PyRIT
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI system...