MagicDot
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue:
https://github.com/SafeBreach-Labs/MagicDot
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue:
https://github.com/SafeBreach-Labs/MagicDot
GitHub
GitHub - SafeBreach-Labs/MagicDot: A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT…
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue - SafeBreach-Labs/MagicDot
/ The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to
crash an application or overwrite a neighbouring variable.
https://sourceware.org/pipermail/libc-announce/2024/000040.html
a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications.
CVE-2024-2961
https://security-tracker.debian.org/tracker/CVE-2024-2961
crash an application or overwrite a neighbouring variable.
https://sourceware.org/pipermail/libc-announce/2024/000040.html
a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications.
CVE-2024-2961
https://security-tracker.debian.org/tracker/CVE-2024-2961
MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces
This action is completed by most user-space APIs in Windows. By exploiting this known issue, I was able to uncover:
🔹 One remote code execution (RCE) vulnerability (CVE-2023-36396) in Windows’s new extraction logic for all newly supported archive types that allowed me to craft a malicious archive that would write anywhere I chose on a remote computer once extracted, leading to code execution.
🔹 Two elevation of privilege (EoP) vulnerabilities: one (CVE-2023-32054) that allowed me to write into files without the required privileges by manipulating the restoration process of a previous version from a shadow copy and another that allowed me to delete files without the required privileges.
With Demo..:
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/
This action is completed by most user-space APIs in Windows. By exploiting this known issue, I was able to uncover:
With Demo..:
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/
Please open Telegram to view this post
VIEW IN TELEGRAM
MITRE Response to Cyber Attack in One of Its R&D Networks
MITRE was Hacked?)🤦♂️
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
MITRE was Hacked?)
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
Please open Telegram to view this post
VIEW IN TELEGRAM
MITRE
MITRE Response to Cyber Attack in One of Its R&D Networks
To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here.
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
P.S. Thx for the link dear subscriber ✌️
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
P.S. Thx for the link dear subscriber ✌️
50 penetration testing tools and not only:
1. Nmap 🌐
2. Metasploit 🛠️
3. Burp Suite 🐛
4. Wireshark 🖥️
5. OWASP ZAP (Zed Attack Proxy) 🛡️
6. Nikto 🕵️♂️
7. SQLMap 🗺️
8. Acunetix 🕷️
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️♂️
20. Masscan 🛰️
21. Gitrob 🕵️♂️
22. Gobuster 🔦
23. Joomscan 🕵️♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷️
30. DirSearch 🔍
31. httrack 🏃♂️
32. CMSmap 🗺️
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡️
37. SonarQube 🛡️
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡️
41. AIDE (Advanced Intrusion Detection Environment) 🛡️
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩️
49. BloodHound 🩸
50. Empire 🏰
1. Nmap 🌐
2. Metasploit 🛠️
3. Burp Suite 🐛
4. Wireshark 🖥️
5. OWASP ZAP (Zed Attack Proxy) 🛡️
6. Nikto 🕵️♂️
7. SQLMap 🗺️
8. Acunetix 🕷️
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️♂️
20. Masscan 🛰️
21. Gitrob 🕵️♂️
22. Gobuster 🔦
23. Joomscan 🕵️♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷️
30. DirSearch 🔍
31. httrack 🏃♂️
32. CMSmap 🗺️
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡️
37. SonarQube 🛡️
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡️
41. AIDE (Advanced Intrusion Detection Environment) 🛡️
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩️
49. BloodHound 🩸
50. Empire 🏰
Analyzing Forest Blizzard’s
Custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials... Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information..:
- Read Full Article
Custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials... Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information..:
- Read Full Article
Microsoft News
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analysis of Forrest Blizzard's exploitation of the CVE-2022-38028 vulnerability in Windows Print Spooler that allows elevated permissions.
Cyber_Security_Incident_Response_Planning_1714232954.pdf
2.9 MB
Cyber Security Incident
Response Planning -
Practitioner Guidance
Response Planning -
Practitioner Guidance
Common-System-Hacking.pdf
9.9 MB
System Hacking: Common Windows, Linux & Web Server Hacking Techniques
Playing Possum: What's the Wpeeper Backdoor Up To?
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
奇安信 X 实验室
Playing Possum: What's the Wpeeper Backdoor Up To?
Summary
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
Introduction about the REMCOS threat and dive into the first half of its execution flow, from loading its configuration to cleaning the infected machine web browsers:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two
www.elastic.co
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two — Elastic Security Labs
In the previous article in this series on the REMCOS implant, we shared information about execution, persistence, and defense evasion mechanisms. Continuing this series we’ll cover the second half of its execution flow and you’ll learn more about REMCOS recording…
/ DNS traffic can leak outside the VPN tunnel on Android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Mullvad VPN
DNS traffic can leak outside the VPN tunnel on Android | Mullvad VPN
We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps.
/ Android.Click.414.origin
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Среди инфицированных приложений в магазине Google Play встречаются Love Spouse (для управления товарами для взрослых) и QRunning (трекер физической активности). Суммарное количество устройств, на которые установлены приложения, составляет 1,5 миллиона.:
https://vms.drweb.ru/virus/?i=28241868
Dr.Web
Android.Click.414.origin — Как быстро найти вирус в вирусной базе антивируса Dr.Web
Данный троян-кликер является модификацией Android.Click.410.origin, который был выявлен вирусными аналитиками «Доктор Веб» 28 апреля 2023 года. Описываемый троян встраивается в ...
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
..that can run on Intel or ARM-based Mac computers.
Technical analysys:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
The-Sequence
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.
Detecting_Brute_Force_Attacks_1715178386.pdf
1.6 MB
Detecting Brute Force
Attacks
Attacks
CCTV - Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration.
https://github.com/IvanGlinkin/CCTV?tab=readme-ov-file
https://github.com/IvanGlinkin/CCTV?tab=readme-ov-file
GitHub
GitHub - IvanGlinkin/CCTV: Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram…
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in ...
VULNERABILITIES IN NEXT-GEN BIG-IP
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Eclypsium | Supply Chain Security for the Modern Enterprise
Big Vulnerabilities in Next-Gen BIG-IP
Eclypsium Research discovered and reported severe remotely exploitable vulnerabilities in F5’s Next Central Manager that could grant attackers full administrative control, allowing them to create hidden accounts on any F5 assets it manages.
Using MITM to bypass FIDO2 phishing-resistant protection
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
Silverfort
Using MITM to bypass FIDO2 phishing-resistant protection
In this article, Senior Security Researcher Dor Segal will take you through his research uncovering how to use MITM attacks to bypass FIDO2.
Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Proofpoint
Tycoon 2FA: Phishing Kit Being Used to Bypass MFA | Proofpoint US
Explore Tycoon 2FA, a sophisticated phishing kit used to bypass MFA. Learn how it works, what an attack looks like, detection techniques and more.