همان طور که می دونید تو دنیای امنیت اطلاع از یک آسیب پذیری جهت PATCH یا Mitigation شما را می تونه از یک فاجعه مثل باج افزار یا افشای اطلاعات نجات بده . SECMON این کمک می کنه تمامی CVE که کشف شده اند در یک جا جمع کرده قابلیت سرچ بر اساس Vendor رو نیز فراهم کرده.
SECMON: web-based tool for the automation of infosec watching and vulnerability management
Mail alerting when a new CVE is published and which concerns your product list
Mail alerting when “cyber-security” news is published: new threats, recent attacks, events, etc.
Visualize the high-security risk products present on your IT infrastructure
Download CVE Excel report by date range
Display top cybersecurity subject (Light cyber landscape)
Logs easy to integrate into a SIEM (verified on Splunk and Graylog)
View the latest CVE and latest news related to cybersecurity are published
Assign a buffer of management status of a CVE
Search all the details of a CVE
Check if there is an exploit on Github or Exploit-DB concerning a CVE
Search for vulnerabilities for a specified product
Manage your product list: search/add/delete a product, display your referenced product list
Monitor the sources used by pollers
https://github.com/Guezone/SECMON/blob/master/DOCS.md
#Secmon
#CVE
#vulnerablity
#blueteam
SECMON: web-based tool for the automation of infosec watching and vulnerability management
Mail alerting when a new CVE is published and which concerns your product list
Mail alerting when “cyber-security” news is published: new threats, recent attacks, events, etc.
Visualize the high-security risk products present on your IT infrastructure
Download CVE Excel report by date range
Display top cybersecurity subject (Light cyber landscape)
Logs easy to integrate into a SIEM (verified on Splunk and Graylog)
View the latest CVE and latest news related to cybersecurity are published
Assign a buffer of management status of a CVE
Search all the details of a CVE
Check if there is an exploit on Github or Exploit-DB concerning a CVE
Search for vulnerabilities for a specified product
Manage your product list: search/add/delete a product, display your referenced product list
Monitor the sources used by pollers
https://github.com/Guezone/SECMON/blob/master/DOCS.md
#Secmon
#CVE
#vulnerablity
#blueteam
GitHub
SECMON/DOCS.md at master · Guezone/SECMON
SECMON is a web-based tool for the automation of infosec watching and vulnerability management with a web interface. - SECMON/DOCS.md at master · Guezone/SECMON
SoheilSec
Revil Ransomware New Model RAAS Ransomware As A Service TTP & mitigation with MITRE ATT&CK #ransomware #Revil #RAAS #TTP #mitigation #MITRE
Seems #Kaseya VSA as a cloud-based patch management solution has become a #victim of another #SupplyChain attack (almost a year after the discovery of #SolarWinds hack) via #REvil #ransomware that targeted #MSPs with thousands of customers. #Russia
کاسیا که یک پلتفورم ابری Patch management می باشد نیز قربانی Supply chain Attack شده است بعد از گذشت یک سال از هک solarwinds یکی از بزرگترین حمله بوده است.
همچنین توسط Revil کلیه اطلاعات بیش از هزاران مشتری رمز شده است .
رد پای هکرهای روسی پشت REVIL است.
https://www.zdnet.com/article/kaseya-urges-customers-to-immediately-shut-down-vsa-servers-after-ransomware-attack/
کاسیا که یک پلتفورم ابری Patch management می باشد نیز قربانی Supply chain Attack شده است بعد از گذشت یک سال از هک solarwinds یکی از بزرگترین حمله بوده است.
همچنین توسط Revil کلیه اطلاعات بیش از هزاران مشتری رمز شده است .
رد پای هکرهای روسی پشت REVIL است.
https://www.zdnet.com/article/kaseya-urges-customers-to-immediately-shut-down-vsa-servers-after-ransomware-attack/
ZDNet
Kaseya urges customers to immediately shut down VSA servers after ransomware attack
Victims are already seeing ransom demands ranging from $45,000 to $5 million.
2FA Bypass Techniques.xmind
368.3 KB
2FA Bypass Techniques
تکنیک های بایپس احراز هویت دو مرحله ای
Credit : https://www.xmind.net/m/8Hkymg/#
#2FA
#bypasstechniques
#mind
تکنیک های بایپس احراز هویت دو مرحله ای
Credit : https://www.xmind.net/m/8Hkymg/#
#2FA
#bypasstechniques
#mind
نشت اطلاعات بیش از 1.6 میلیون رکورد مرسدس بنز از طریق بستر کلاد
https://www.cybersecurity-insiders.com/mercedes-benz-data-breach-details/
#Mercedes
#Leak
#DataBreach
https://www.cybersecurity-insiders.com/mercedes-benz-data-breach-details/
#Mercedes
#Leak
#DataBreach
Cybersecurity Insiders
Mercedes Benz Data Breach details - Cybersecurity Insiders
An independent security researcher reported on June 11th,2021 that a data breach on a cloud platform has leaked over 1.6 million records belonging to customers of Mercedes Benz USA. And as soon as the luxury carmaker learned about the incident it launched…
SoheilSec
2FA Bypass Techniques.xmind
Taking over Uber accounts through voicemail
https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/
https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/
This is a list of victim organizations that #REvil ransomware gang has posted on its leaked blog on the #DarkWeb.
A total of 273 victims they claim are posted on their darkweb leak blog site. REvil ransomware gang's Tor Network Infrastructure on Darkweb. They run 1 leak blog site and 22 data hosting sites on the DarkWeb.
لیست قربانیان Revil و لیست بلاگهای دارک وب
هکرا درخواست 70 میلیون دلار بیت کوین برای تحویل Decryptor کردند!
Credit : https://darktracer.com/
A total of 273 victims they claim are posted on their darkweb leak blog site. REvil ransomware gang's Tor Network Infrastructure on Darkweb. They run 1 leak blog site and 22 data hosting sites on the DarkWeb.
لیست قربانیان Revil و لیست بلاگهای دارک وب
هکرا درخواست 70 میلیون دلار بیت کوین برای تحویل Decryptor کردند!
Credit : https://darktracer.com/
Scour - AWS Exploitation Framework
https://github.com/grines/scour
onaws is a simple tool to check if an IP/hostname belongs to the AWS IP space or not. It uses the AWS IP address ranges data published by AWS to perform the search.
https://github.com/amalmurali47/onaws
Lightspin AWS IAM Vulnerability Scanner
https://github.com/lightspin-tech/red-shadow
#AWS #Explotation #Framework
https://github.com/grines/scour
onaws is a simple tool to check if an IP/hostname belongs to the AWS IP space or not. It uses the AWS IP address ranges data published by AWS to perform the search.
https://github.com/amalmurali47/onaws
Lightspin AWS IAM Vulnerability Scanner
https://github.com/lightspin-tech/red-shadow
#AWS #Explotation #Framework
GitHub
GitHub - grines/scour
Contribute to grines/scour development by creating an account on GitHub.
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator.
https://github.com/JoelGMSec/Invoke-DNSteal
Exfiltrator یا Covert channel
روش هایی جهت انتقال اطلاعات به بیرون از شبکه می باشند و برای دور زدن فایروال DLP استفاده می شوند.
اطلاعات بیشتر:
https://en.wikipedia.org/wiki/Covert_channel
https://attack.mitre.org/tactics/TA0010/
#Exfiltration #Covertchannel #DNS
https://github.com/JoelGMSec/Invoke-DNSteal
Exfiltrator یا Covert channel
روش هایی جهت انتقال اطلاعات به بیرون از شبکه می باشند و برای دور زدن فایروال DLP استفاده می شوند.
اطلاعات بیشتر:
https://en.wikipedia.org/wiki/Covert_channel
https://attack.mitre.org/tactics/TA0010/
#Exfiltration #Covertchannel #DNS
GitHub
GitHub - JoelGMSec/Invoke-DNSteal: Simple & Customizable DNS Data Exfiltrator
Simple & Customizable DNS Data Exfiltrator. Contribute to JoelGMSec/Invoke-DNSteal development by creating an account on GitHub.
SoheilSec
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. https://github.com/JoelGMSec/Invoke-DNSteal Exfiltrator یا Covert channel روش هایی جهت انتقال اطلاعات به بیرون از شبکه می باشند و برای دور زدن فایروال DLP استفاده می شوند. اطلاعات بیشتر: http…
Post Exploit :
mimikatz new version Workgroup and Domain now .... !
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20210704
Rubeus is a C# toolset for raw Kerberos interaction and abuses.
Source :
https://github.com/GhostPack/Rubeus
Binary :
https://github.com/r3motecontrol/Ghostpack-CompiledBinaries
PS1 :
https://github.com/LuemmelSec/Pentest-Tools-Collection/tree/main/tools
Post Exploit Collection :
https://github.com/LuemmelSec/Pentest-Tools-Collection
Awesome Post Exploit include #printnightmare :
https://github.com/S3cur3Th1sSh1t/WinPwn
For Convert exe to PS1
https://github.com/cfalta/PowerShellArmoury
#postexploit #kerberos #mimikatz
mimikatz new version Workgroup and Domain now .... !
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20210704
Rubeus is a C# toolset for raw Kerberos interaction and abuses.
Source :
https://github.com/GhostPack/Rubeus
Binary :
https://github.com/r3motecontrol/Ghostpack-CompiledBinaries
PS1 :
https://github.com/LuemmelSec/Pentest-Tools-Collection/tree/main/tools
Post Exploit Collection :
https://github.com/LuemmelSec/Pentest-Tools-Collection
Awesome Post Exploit include #printnightmare :
https://github.com/S3cur3Th1sSh1t/WinPwn
For Convert exe to PS1
https://github.com/cfalta/PowerShellArmoury
#postexploit #kerberos #mimikatz
👍1
SoheilSec
This is a list of victim organizations that #REvil ransomware gang has posted on its leaked blog on the #DarkWeb. A total of 273 victims they claim are posted on their darkweb leak blog site. REvil ransomware gang's Tor Network Infrastructure on Darkweb. They…
Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
#DFIR #Revil
https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/
#DFIR #Revil
https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/
GitHub
GitHub - cado-security/DFIR_Resources_REvil_Kaseya: Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya…
Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack - cado-security/DFIR_Resources_REvil_Kaseya
Brute Ratel v0.5.0 (Syndicate) is now available for download and provides a major update towards several features and the user interface of Brute Ratel. Commander comes with a new user interface providing a much more granular information on the metadata of the C4 features which can be seen in the figure below.
New Shellcode and DLL Loader
PowerShell Payload
Windows Remote Management (WinRM) Pivoting
Windows Management Instrumentation Queries and Pivots
LDAP Sentinel Re-Write and Raw Queries
Mimikatz
DCSync
Share Enumeration
AMSI and ETW Patching
Click Scripting and Automation
Commander
https://bruteratel.com/release/2021/07/03/Release-Syndicate/
#PostExploit #BRc4
New Shellcode and DLL Loader
PowerShell Payload
Windows Remote Management (WinRM) Pivoting
Windows Management Instrumentation Queries and Pivots
LDAP Sentinel Re-Write and Raw Queries
Mimikatz
DCSync
Share Enumeration
AMSI and ETW Patching
Click Scripting and Automation
Commander
https://bruteratel.com/release/2021/07/03/Release-Syndicate/
#PostExploit #BRc4
Brute Ratel C4
Release v0.5 - Syndicate
Brute Ratel v0.5.0 (Syndicate) is now available for download and provides a major update towards several features and the user interface of Brute Ratel. Commander comes with a new user interface providing a much more granular information on the metadata of…
Disabling spooler on just your DC's is not enough #PrintNightmare
https://threadreaderapp.com/thread/1411364227089117185.html
https://threadreaderapp.com/thread/1411364227089117185.html
Threadreaderapp
Thread by @cube0x0 on Thread Reader App
Thread by @cube0x0: Disabling spooler on just your DC's is not enough #PrintNightmare Quick testing from me and @filip_dragovic * NoWarningNoElevationOnInstall can be set to 0 * Authenticated users do not need to be...…
Reverse Engineers' Hex Editor
Large (1TB+) file support
Decoding of integer/floating point value types
Inline disassembly of machine code
Highlighting and annotation of ranges of bytes
Side by side comparision of selections
Lua scripting support
Virtual address mapping support
https://github.com/solemnwarning/rehex
Large (1TB+) file support
Decoding of integer/floating point value types
Inline disassembly of machine code
Highlighting and annotation of ranges of bytes
Side by side comparision of selections
Lua scripting support
Virtual address mapping support
https://github.com/solemnwarning/rehex
GitHub
GitHub - solemnwarning/rehex: Reverse Engineers' Hex Editor
Reverse Engineers' Hex Editor. Contribute to solemnwarning/rehex development by creating an account on GitHub.
Free
کورس مجانی زمان محدود
The OWASP top 10 demystified
https://www.udemy.com/course/the-owasp-top-10-demystified/?couponCode=81E0D38A002319EAD0B1
#bugbounty
کورس مجانی زمان محدود
The OWASP top 10 demystified
https://www.udemy.com/course/the-owasp-top-10-demystified/?couponCode=81E0D38A002319EAD0B1
#bugbounty
Udemy
Online Courses - Learn Anything, On Your Schedule | Udemy
Udemy is an online learning and teaching marketplace with over 250,000 courses and 80 million students. Learn programming, marketing, data science and more.
Here it is ! End of #printnightmare ? Some links are down, but we can hope for something... in next hours?
بالاخره پچ داد !
Microsoft has released updates to protect against CVE-2021-34527. Please see:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
#patch
https://blog.peneter.com/printnightmare-0day/
https://blog.peneter.com/printnightmare-patched/
بالاخره پچ داد !
Microsoft has released updates to protect against CVE-2021-34527. Please see:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
#patch
https://blog.peneter.com/printnightmare-0day/
https://blog.peneter.com/printnightmare-patched/
Peneter.com
آسیب پذیری Printnightmare و وصله امنیتی (Patch) - Peneter.com
داستان از جایی شروع شد که آقای zhiniang peng به اشتباه توییتی مبنی بر POC این آسیبپذیری ارسال کرد، در صورتی که طبق گفتهاش میخواسته...
Sharperner - Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning.
https://github.com/aniqfakhrul/Sharperner
#redteaming
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning.
https://github.com/aniqfakhrul/Sharperner
#redteaming
GitHub
GitHub - aniqfakhrul/Sharperner: Simple executable generator with encrypted shellcode.
Simple executable generator with encrypted shellcode. - aniqfakhrul/Sharperner
ورژن جدید mimikatz منتشر شد برای بعد از اپدیت جدید🔓
پ.ن :مایکروسافت اپدیت که داده فقط برای rce هست و LPE بعد اپدیت هم کار میکند
https://github.com/gentilkiwi/mimikatz/releases
#printnightmare
پ.ن :مایکروسافت اپدیت که داده فقط برای rce هست و LPE بعد اپدیت هم کار میکند
https://github.com/gentilkiwi/mimikatz/releases
#printnightmare
GitHub
Releases · gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Media is too big
VIEW IN TELEGRAM
https://www.youtube.com/watch?v=kO_um6uWEZ4
https://www.clubhouse.com/join/penetercom/dU4Ss8mT/M43qzGYk
شنبه ۱۹ تیر روی اسیب پذیری صحبت میکنیم و همچنین روش های mitigation
ساعت ۲۳ به وقت ایران
#printnightmare
https://www.clubhouse.com/join/penetercom/dU4Ss8mT/M43qzGYk
شنبه ۱۹ تیر روی اسیب پذیری صحبت میکنیم و همچنین روش های mitigation
ساعت ۲۳ به وقت ایران
#printnightmare