😈 [ decoder_it, ap ]
We did it again with #LocalPotato!
A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM.
Tracked as #CVE-2023-21746 - Windows NTLM EoP
Soon more details --> https://t.co/Skyn0xdxNN
cc @splinter_code
🔗 https://www.localpotato.com
🐥 [ tweet ]
We did it again with #LocalPotato!
A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM.
Tracked as #CVE-2023-21746 - Windows NTLM EoP
Soon more details --> https://t.co/Skyn0xdxNN
cc @splinter_code
🔗 https://www.localpotato.com
🐥 [ tweet ]
🔥3
Offensive Twitter
😈 [ MDSecLabs, MDSec ] We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: https://t.co/xDxGwJfY2e by @domchell 🔗 https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation…
Threadreaderapp
Thread by @domchell on Thread Reader App
@domchell: As auth coercion is blowing up due to #cve-2023-23397, I've put together a quick thread about how we at @MDSecLabs have been leveraging these techniques in our red team engagements for quite some time. It...…
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ bishopfox, Bishop Fox ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
🔗 bfx.social/3YjMxpz
#infosec #Citrix
🐥 [ tweet ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
🔗 bfx.social/3YjMxpz
#infosec #Citrix
🐥 [ tweet ]
🔥4
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12
Forwarded from APT
🔐 FreeIPA Rosting (CVE-2024-3183)
A vulnerability recently discovered by my friend @Im10n in FreeIPA involves a Kerberos TGS-REQ being encrypted using the client’s session key. If a principal’s key is compromised, an attacker could potentially perform offline brute-force attacks to decrypt tickets by exploiting the encrypted key and associated salts.
🔗Source:
https://github.com/Cyxow/CVE-2024-3183-POC
#freeipa #kerberos #hashcat #cve
———
Добавляем доклад Миши в вишлист на Offzone🚶♂️
A vulnerability recently discovered by my friend @Im10n in FreeIPA involves a Kerberos TGS-REQ being encrypted using the client’s session key. If a principal’s key is compromised, an attacker could potentially perform offline brute-force attacks to decrypt tickets by exploiting the encrypted key and associated salts.
🔗Source:
https://github.com/Cyxow/CVE-2024-3183-POC
#freeipa #kerberos #hashcat #cve
———
Добавляем доклад Миши в вишлист на Offzone
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥17