Thread Detection Report 2024 (from red canary)

With mitigation recommendations.

Digital Forensics Lab - CYL2002

This repository contains the course material for the digital forensics lab offered at FAST National University of Computer and Emerging Sciences, available for public use and learning.

https://github.com/vonderchild/digital-forensics-lab

“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation

Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.

https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca

Dredge - Dredging up secrets from the depths of a filesystem

Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection:

https://github.com/grahamhelton/dredge

DinodasRAT Linux implant targeting entities worldwide

https://securelist.com/dinodasrat-linux-implant/112284/

Awesome Azure Penetration Testing

A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure:

https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

For offensive / defensive

Command Injection and Backdoor Account in D-Link NAS Devices

The described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter..:

https://github.com/netsecfish/dlink?tab=readme-ov-file

NativeDump

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams).

https://github.com/ricardojoserf/NativeDump

Pingora

Pingora is a Rust framework to build fast, reliable and programmable networked systems from CF

https://github.com/cloudflare/pingora

Ramsomware 2023-2024 review

Cybercriminal ramsom Russia attacks review:

https://www.facct.ru/blog/ransomware-2023-2024/

/ Vulnerabilities Identified in LG WebOS

WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root access on the TV after bypassing the authorization mechanism. Although the vulnerable service is intended for LAN access only, so.. Internet-connected devices, identified over 91,000 devices:

https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

/ Unauthenticated attacker can execute arbitrary code via FortiClientLinux

[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration. Official advisory:

https://www.fortiguard.com/psirt/FG-IR-23-087

/ CVE-2024-3273: D-Link NAS RCE Exploited in the Wild

A remote code execution vulnerability in D-Link NAS devices is actively being exploited and is tracked under CVE-2024-3273. The vulnerability is believed to affect as many as 92,000 devices

https://www.greynoise.io/blog/cve-2024-3273-d-link-nas-rce-exploited-in-the-wild

Branch History Injection and Intra-mode Branch Target Injection / CVE-2022-0001, CVE-2022-0002 / INTEL-SA-00598

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.html

New Technique to Trick Developers Detected in an Open Source Supply Chain Attack

https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/

/ How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding

https://www.404media.co/how-hackers-can-hijack-2fa-calls-with-sneaky-call-forwarding/