⭕️ بیش از 199هزار تا روتر آسیب پذیر میکروتیک در ایران وجود داره آپدیت کنید تا به مشکل اساسی برنخوردید.
https://vulncheck.com/blog/mikrotik-foisted-revisited
#exploit #mikrotik
@Engineer_Computer
https://vulncheck.com/blog/mikrotik-foisted-revisited
#exploit #mikrotik
@Engineer_Computer
⭕️شرکت امنیتی سوفِس در گزارشی از کمپین یک #بدافزار اندرویدی علیه مشتریان چهار بانک ایرانی خبر داد. این چهار بانک عبارتند از بانکهای ملت، صادرات، رسالت و بانک مرکزی.
این بدافزار امکان سرقت نام کاربری و پسورد حسابهای بانکی و خواندن پیامک کاربران را دارد. نکته مهم دیگه درباره این بدافرار استفاده از یک گواهی دیجیتالی احتمالا بسرقت رفته از یک شرکت در مالزی است که برای قراردادن بدافرار در گوگل پلی استفاده شده است.
همچنین از اونجاییکه نام تعدادی اَپ کریپتو در سورس کد بدافزار قرار داره، احتمالا سازنده های این بدافزار اهداف بزرگتری در سر داشته اند.
https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/
https://github.com/sophoslabs/IoCs/blob/master/Iranian-banking-malware.csv
#malware #mobile #android
@Engineer_Computer
این بدافزار امکان سرقت نام کاربری و پسورد حسابهای بانکی و خواندن پیامک کاربران را دارد. نکته مهم دیگه درباره این بدافرار استفاده از یک گواهی دیجیتالی احتمالا بسرقت رفته از یک شرکت در مالزی است که برای قراردادن بدافرار در گوگل پلی استفاده شده است.
همچنین از اونجاییکه نام تعدادی اَپ کریپتو در سورس کد بدافزار قرار داره، احتمالا سازنده های این بدافزار اهداف بزرگتری در سر داشته اند.
https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/
https://github.com/sophoslabs/IoCs/blob/master/Iranian-banking-malware.csv
#malware #mobile #android
@Engineer_Computer
🔥4👍2🤯1
Malicious ISO File Leads to Domain Wide Ransomware
Link : https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware
@Engineer_Computer
Link : https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware
@Engineer_Computer
ManageEngine JDBC RCE
Blog : https://xz.aliyun.com/t/12380
Repo : https://github.com/Kyo-w/ManageEngineRce
@Engineer_Computer
Blog : https://xz.aliyun.com/t/12380
Repo : https://github.com/Kyo-w/ManageEngineRce
@Engineer_Computer
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
Link : https://www.mandiant.com/resources/blog/alphv-ransomware-backup
@Engineer_Computer
Link : https://www.mandiant.com/resources/blog/alphv-ransomware-backup
@Engineer_Computer
keepass-password-dumper.zip
182 KB
🔓KeePass 2.X Master Password Dumper (CVE-2023-32784)
KeePass Master Password Dumper is a simple PoC tool used to dump the master password from KeePass's memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then.
@Engineer_Computer
KeePass Master Password Dumper is a simple PoC tool used to dump the master password from KeePass's memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then.
@Engineer_Computer
CVE-2023-27363.pdf
443.4 KB
🔥🔥🔥Foxit PDF Reader exportXFAData Exposed Dangerous Method RCE Vulnerability
(CVE-2023-27363) - PoC here.
PoC is deeply based in the previous work made by Sebastian Apelt aka bitshifter123 and publicly available in this repository. So this exploits a path traversal vuln (four backslashes) + arbitrary file write (HTA)
@Engineer_Computer
(CVE-2023-27363) - PoC here.
PoC is deeply based in the previous work made by Sebastian Apelt aka bitshifter123 and publicly available in this repository. So this exploits a path traversal vuln (four backslashes) + arbitrary file write (HTA)
@Engineer_Computer
foxit_cve_2023-27363_extracted.js
9.4 KB
timeout = app.setTimeOut("event.target.exportXFAData({cPath: \"/c/users/\" + identity.loginName + \"/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/evil.hta\"});
@Engineer_Computer
@Engineer_Computer
Mastering Bug Bounty.zip
895.3 KB
🔴 Mastering Bug Bounty: A Comprehensive Handbook for Ethical Hackers, authored by Aaron Rodriguez
@Engineer_Computer
@Engineer_Computer
The Red Team Guide.pdf
12.1 MB
The Red Team Guide.A practical guide for Red Teams and Offensive Security 241pages
@Engineer_Computer
@Engineer_Computer
Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server
Link : https://research.aurainfosec.io/pentest/pentah0wnage
@Engineer_Computer
Link : https://research.aurainfosec.io/pentest/pentah0wnage
@Engineer_Computer
Remote Code Execution Vulnerability in Azure Pipelines
Link : https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack
@Engineer_Computer
Link : https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack
@Engineer_Computer
Malicious Self-Extracting Archives
Link : https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads
@Engineer_Computer
Link : https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads
@Engineer_Computer