100 web vulnerabilities, categorized into various types.pdf
430.2 KB
Simple categorized list of vulnerability types.
CSI-DEPLOYING-AI-SYSTEMS-SECURELY.pdf
494 KB
Best Practices for Deploying Secure and Resilient AI Systems
from Canadian Centre for Cyber Security
from Canadian Centre for Cyber Security
/ flatpak CVE-2024-32462 : Sandbox escape via RequestBackground
https://www.openwall.com/lists/oss-security/2024/04/18/5
https://www.openwall.com/lists/oss-security/2024/04/18/5
/ Blind Spot: how I get from Docker Registry To RCE
https://medium.com/@red.whisperer/blind-spot-from-docker-registry-to-rce-b0d46e043798
https://medium.com/@red.whisperer/blind-spot-from-docker-registry-to-rce-b0d46e043798
Medium
Blind Spot: how I get from Docker Registry To RCE
Introduction
MagicDot
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue:
https://github.com/SafeBreach-Labs/MagicDot
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue:
https://github.com/SafeBreach-Labs/MagicDot
GitHub
GitHub - SafeBreach-Labs/MagicDot: A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT…
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue - SafeBreach-Labs/MagicDot
/ The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to
crash an application or overwrite a neighbouring variable.
https://sourceware.org/pipermail/libc-announce/2024/000040.html
a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications.
CVE-2024-2961
https://security-tracker.debian.org/tracker/CVE-2024-2961
crash an application or overwrite a neighbouring variable.
https://sourceware.org/pipermail/libc-announce/2024/000040.html
a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications.
CVE-2024-2961
https://security-tracker.debian.org/tracker/CVE-2024-2961
MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces
This action is completed by most user-space APIs in Windows. By exploiting this known issue, I was able to uncover:
🔹 One remote code execution (RCE) vulnerability (CVE-2023-36396) in Windows’s new extraction logic for all newly supported archive types that allowed me to craft a malicious archive that would write anywhere I chose on a remote computer once extracted, leading to code execution.
🔹 Two elevation of privilege (EoP) vulnerabilities: one (CVE-2023-32054) that allowed me to write into files without the required privileges by manipulating the restoration process of a previous version from a shadow copy and another that allowed me to delete files without the required privileges.
With Demo..:
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/
This action is completed by most user-space APIs in Windows. By exploiting this known issue, I was able to uncover:
With Demo..:
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/
Please open Telegram to view this post
VIEW IN TELEGRAM
MITRE Response to Cyber Attack in One of Its R&D Networks
MITRE was Hacked?)🤦♂️
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
MITRE was Hacked?)
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
Please open Telegram to view this post
VIEW IN TELEGRAM
MITRE
MITRE Response to Cyber Attack in One of Its R&D Networks
To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here.
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
P.S. Thx for the link dear subscriber ✌️
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
P.S. Thx for the link dear subscriber ✌️
50 penetration testing tools and not only:
1. Nmap 🌐
2. Metasploit 🛠️
3. Burp Suite 🐛
4. Wireshark 🖥️
5. OWASP ZAP (Zed Attack Proxy) 🛡️
6. Nikto 🕵️♂️
7. SQLMap 🗺️
8. Acunetix 🕷️
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️♂️
20. Masscan 🛰️
21. Gitrob 🕵️♂️
22. Gobuster 🔦
23. Joomscan 🕵️♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷️
30. DirSearch 🔍
31. httrack 🏃♂️
32. CMSmap 🗺️
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡️
37. SonarQube 🛡️
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡️
41. AIDE (Advanced Intrusion Detection Environment) 🛡️
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩️
49. BloodHound 🩸
50. Empire 🏰
1. Nmap 🌐
2. Metasploit 🛠️
3. Burp Suite 🐛
4. Wireshark 🖥️
5. OWASP ZAP (Zed Attack Proxy) 🛡️
6. Nikto 🕵️♂️
7. SQLMap 🗺️
8. Acunetix 🕷️
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️♂️
20. Masscan 🛰️
21. Gitrob 🕵️♂️
22. Gobuster 🔦
23. Joomscan 🕵️♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷️
30. DirSearch 🔍
31. httrack 🏃♂️
32. CMSmap 🗺️
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡️
37. SonarQube 🛡️
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡️
41. AIDE (Advanced Intrusion Detection Environment) 🛡️
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩️
49. BloodHound 🩸
50. Empire 🏰
Analyzing Forest Blizzard’s
Custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials... Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information..:
- Read Full Article
Custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials... Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information..:
- Read Full Article
Microsoft News
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analysis of Forrest Blizzard's exploitation of the CVE-2022-38028 vulnerability in Windows Print Spooler that allows elevated permissions.
Cyber_Security_Incident_Response_Planning_1714232954.pdf
2.9 MB
Cyber Security Incident
Response Planning -
Practitioner Guidance
Response Planning -
Practitioner Guidance
Common-System-Hacking.pdf
9.9 MB
System Hacking: Common Windows, Linux & Web Server Hacking Techniques
Playing Possum: What's the Wpeeper Backdoor Up To?
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
奇安信 X 实验室
Playing Possum: What's the Wpeeper Backdoor Up To?
Summary
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
www.elastic.co
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two — Elastic Security Labs
In the previous article in this series on the REMCOS implant, we shared information about execution, persistence, and defense evasion mechanisms. Continuing this series we’ll cover the second half of its execution flow and you’ll learn more about REMCOS recording…
/ DNS traffic can leak outside the VPN tunnel on Android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Mullvad VPN
DNS traffic can leak outside the VPN tunnel on Android | Mullvad VPN
We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps.
/ Android.Click.414.origin
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Dr.Web
Android.Click.414.origin — Как быстро найти вирус в вирусной базе антивируса Dr.Web
Данный троян-кликер является модификацией Android.Click.410.origin, который был выявлен вирусными аналитиками «Доктор Веб» 28 апреля 2023 года. Описываемый троян встраивается в ...
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
The-Sequence
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.