Brute Ratel v0.5.0 (Syndicate) is now available for download and provides a major update towards several features and the user interface of Brute Ratel. Commander comes with a new user interface providing a much more granular information on the metadata of the C4 features which can be seen in the figure below.
New Shellcode and DLL Loader
PowerShell Payload
Windows Remote Management (WinRM) Pivoting
Windows Management Instrumentation Queries and Pivots
LDAP Sentinel Re-Write and Raw Queries
Mimikatz
DCSync
Share Enumeration
AMSI and ETW Patching
Click Scripting and Automation
Commander
https://bruteratel.com/release/2021/07/03/Release-Syndicate/
#PostExploit #BRc4

Disabling spooler on just your DC's is not enough #PrintNightmare
https://threadreaderapp.com/thread/1411364227089117185.html

Reverse Engineers' Hex Editor

Large (1TB+) file support
Decoding of integer/floating point value types
Inline disassembly of machine code
Highlighting and annotation of ranges of bytes
Side by side comparision of selections
Lua scripting support
Virtual address mapping support
https://github.com/solemnwarning/rehex

Free
کورس مجانی زمان محدود
The OWASP top 10 demystified
https://www.udemy.com/course/the-owasp-top-10-demystified/?couponCode=81E0D38A002319EAD0B1
#bugbounty

Here it is ! End of #printnightmare ? Some links are down, but we can hope for something... in next hours?
بالاخره پچ داد !
Microsoft has released updates to protect against CVE-2021-34527. Please see:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
#patch
https://blog.peneter.com/printnightmare-0day/
https://blog.peneter.com/printnightmare-patched/

Sharperner - Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning.
https://github.com/aniqfakhrul/Sharperner
#redteaming

ورژن جدید mimikatz منتشر شد برای بعد از اپدیت جدید🔓
پ.ن :مایکروسافت اپدیت که داده فقط برای rce هست و LPE بعد اپدیت هم کار میکند
https://github.com/gentilkiwi/mimikatz/releases
#printnightmare

https://www.youtube.com/watch?v=kO_um6uWEZ4

https://www.clubhouse.com/join/penetercom/dU4Ss8mT/M43qzGYk
شنبه ۱۹ تیر روی اسیب پذیری صحبت میکنیم و همچنین روش های mitigation
ساعت ۲۳ به وقت ایران
#printnightmare

In May of 2021, Microsoft released a patch to correct CVE-2021-28474, a remote code execution bug in supported versions of Microsoft SharePoint Server.
https://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict

Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

https://research.nccgroup.com/2021/07/06/technical-advisory-arbitrary-file-read-in-dell-wyse-management-suite-cve-2021-21586-cve-2021-21587/amp/?__twitter_impression=true

Benjamin Delpy :
Clarified Guidance for CVE-2021-34527 #printnightmare So I presume all is OK, and:
- you will not change UNC path detection
-RestrictDriverInstallation To Administrators & driver no exploitation? It's not, and you know it
===
As I test it LPE work after Patch deploy it so for apply patch u should follow Microsoft steps and change the registry.
طبق تستی که بعد از نصب پچ انجام دادم اکسپلویت کار میکنه و شما باید حتما تغییرات در رجیستری که مایکروسافت گفته انجام بدید.
https://lnkd.in/eJYGz6P
https://lnkd.in/eW-UWGi
#infosec #0day #microsoft #OOB #printspooler

چرا از ویندوز 11 استفاده نکنیم :) ؟
Previous WhyNotWin11 Releases Vulnerable to DLL Hijacking, Privilege Escalation
https://github.com/rcmaehl/WhyNotWin11/wiki/Vulnerability-Disclosure-07-09-2021
https://github.com/rcmaehl/WhyNotWin11

UDP Technology IP Camera vulnerabilities
آسیب پذیری های روی سری دوربین های UDP technology
سری دوربین ها :

Geutebruck
Ganz
Visualint
Cap
THRIVE Intelligence
Sophus
VCA
TripCorps
Sprinx Technologies
Smartec
Riva

https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
#RCE #IPCAMERA #udptechnology

Microsoft Teams user enumeration :
https://www.immunit.ch/blog/2021/07/05/microsoft-teams-user-enumeration/
https://github.com/immunIT/TeamsUserEnum

all the ways i use to hunt for BAC and IDOR vulnerabilities

https://thexssrat.iss.onedium.com/broken-access-control-beyond-the-basics-6e15078392b7
#bugbounty
Global Phishing Campaign Targets Energy Sector and its Suppliers
شرح کامل سناریو مهندسی اجتماعی از طریق فیشینگ روی شرکت های نفتی
https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers/

A series of free interactive AWS security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS hosted cloud applications.
سری اموزش رایگان امنیت AWS
https://application.security/free/kontra-aws-clould-top-10

WATCH OUT!
روش های ران شدن ماکرو حتی بدون اینکه فعال باشد! نتیجه ارسال رزومه به شرکت ها و سازمان و دسترسی گرفتن از اونهاست
Hackers have been found to use a new technique to completely disable macro security warnings in Office files—without requiring user interaction—and infect victims' computers with #malware.

https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html
آسیب پذیری روی دستگاه های IoT پزشکی
Multiple vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal ( aka Vue PACS medical imaging systems), some of which could be exploited by an attacker to take control of an affected system.

https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html

Biden cancels $10billion cloud-computing contract awarded to Microsoft.
https://www.cybersecurity-insiders.com/biden-cancels-10billion-cloud-computing-contract-awarded-to-microsoft/
#microsoft

#mimikatz update new function for #printnightmare
https://video.twimg.com/tweet_video/E5451-oWQAYrXZr.mp4

Remote Desktop Vulnerabilities: What You Need to Know
1- Encryption Issues in Earlier Versions
2- Weak Password Practices
3- Unsecured Port Access
4- Clipboard Exploits
5- Buffer Overflow
https://www.cybersecurity-insiders.com/remote-desktop-vulnerabilities-what-you-need-to-know/
#RDP #EXPLOIT #SECURE #HARDENING

The malware is capable of replacing the victim’s wallet address with one provided by its author(s).
hiveos ?
https://hiveos.farm/features/
https://www.hackread.com/hive-os-cryptomining-malware-steal-wallet-funds/
#MINEROS #WAllet #Crypto

Flaw in preprocessor language Less.js causes website to leak AWS secret keys
https://portswigger.net/daily-swig/flaw-in-preprocessor-language-less-js-causes-website-to-leak-aws-secret-keys
#AWS #vulnerablity #XSS #RCE

How to protect your site against lethal unauthorized code injections
https://cybersecurity.att.com/blogs/security-essentials/how-to-protect-your-site-against-lethal-unauthorized-code-injections
#infosec #cybersecurity

How To Use the MITRE ATT&CK Framework
https://www.chaossearch.io/blog/how-to-use-mitre-attck-framework
#MITREGUIDE

Surveilling the Gamers: Privacy Impacts of the Video Game Industry
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3881279
#paper #Gamming #privacy

Windows Feature Hunter (WFH) is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist in potentially identifying common “vulnerabilities” or “features” within Windows executables. WFH currently has the capability to automatically identify potential Dynamic Linked Library (DLL) sideloading and Component Object Model (COM) hijacking opportunities at scale.
https://github.com/ConsciousHacker/WFH
#pentesttool #windows #dllhijacking #WFH

Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing.
https://github.com/aktsk/ipa-medit
#forensic #ipa #ios #memory #ipamedit

Modular brute force tool written in Python, for very fast password spraying SSH, and in the near future other network services.
https://github.com/Cerbrutus-BruteForcer/cerbrutus
#bruteforce #python

Account Takeovers — Believe the Unbelievable
https://blog.niksthehacker.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4
#writeup #bugbountytips

Behind the Scene : HTTP Parameter Pollution
https://infosecwriteups.com/behind-the-scene-http-parameter-pollution-534b4fa2449c
#writeup #bugbountytips

Peneter =>
https://blog.peneter.com
@learnpentest
@Peneter_News
@Peneter_Media
@Peneter_Tools
@peneter_com Q&A
https://discord.gg/h7VqYzfuje Q&A | present
https://bit.ly/3xLwfaT کلاب هاوس شنبه ها به وقت ایران 19:30 تا 20:30
https://www.instagram.com/peneter_admin/
Youtube video : https://www.youtube.com/channel/UCewDE8winhc8DSPFnpSksTA/featured

Iran’s railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country.
#raja
https://securityaffairs.co/wordpress/119942/hacking/irans-railroad-system-cyberattack.html?utm_source=feedly&utm_medium=rss&utm_campaign=irans-railroad-system-cyberattack

Report: Unskilled hackers can breach about 3 out of 4 companies
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
https://www.techrepublic.com/article/report-unskilled-hackers-can-breach-3-out-of-4-of-companies/

How to enable Controlled folder access to protect data from ransomware on Windows 10
Windows 10 can protect your files from ransomware and other malicious programs, and this guide outlines the different ways to enable the security feature.
https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update?amp&__twitter_impression=true
#ransomware #mitigation

Restricting SMB-based lateral movement in a Windows environment
Lateral movement via Windows Server Message Block (SMB) is consistently one of the most effective techniques used by adversaries. In our engagements with the SpecterOps team, this mechanism is consistently targeted for abuse.
https://blog.palantir.com/restricting-smb-based-lateral-movement-in-a-windows-environment-ed033b888721
#SMB #Leteralmovement


Fault Injection :
#hardware #FI #Glitching
https://research.nccgroup.com/2021/07/07/an-introduction-to-fault-injection-part-1-3/
https://research.nccgroup.com/2021/07/08/software-based-fault-injection-countermeasures-part-2-3/
https://research.nccgroup.com/2021/07/09/alternative-approaches-for-fault-injection-countermeasures-part-3-3/


FUD concept :
Exploiting (Almost) Every Antivirus Software
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#FUD
Top 16 Active Directory Vulnerabilities
https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/
#activedirectoy #AD
Analysing an O.MG cable
Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.
https://www.techanarchy.net/analysing-an-o-mg-cable/
#firmware #analysis
AWS Incident Response Playbooks
https://github.com/aws-samples/aws-incident-response-playbooks/releases/tag/v1.1
#AWS #IR

Splunk and using to set up a detection lab
https://krishnasaimarella9.medium.com/splunk-and-using-to-set-up-a-detection-lab-d483636d08d8
#splunk #SOC

DELL EMC vulnerability privilege Escalation CVE-2021-21589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21589
#DELL #EMC
Dell EMC plain-text password storage vulnerability CVE-2021-21590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21591

Apache Tomcat
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037
#DOS
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639
#RCE #tomcat
tomcat 7, 8, 9 and 10 released before April 2020. This most certainly means you have to update your instance of tomcat in order not to be vulnerable
https://www.redtimmy.com/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/

#sharepoint #rce
خیلی جاها شیرپوینت دارند فاکتور از دیگر اسیب پذیری ها RCE خیلی خطرناکه
https://t.iss.one/learnpentest/312

#openvpn #MITM
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3547


SolarWinds patches critical Serv-U vulnerability exploited in the wild
https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/
#solarwinds #supplychainattack

FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26089
#forticlient



Malicious Macros for Script Kiddies
https://www.trustedsec.com/blog/malicious-macros-for-script-kiddies/?hss_channel=tw-403811306
#VBA #MACRO #socialengineering


Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites
#APT41 #BIOPASS #RAT
BIOPASS RAT :
file system assessment!
remote desktop access
file exfiltration
shell command execution
C2 protocol was RTMP Real-Time Messaging Protocol & socket.io
خود رت در قالب یک برنامه قانونی نصب و اپدیت میشده روی سایت معروفی که قبلا هکر ها ازش دسترسی گرفتند! این شیوه هک کردن خیلی فراگیرتر شده نسبت به قبل
https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
https://malpedia.caad.fkie.fraunhofer.de/actor/axiom


Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack Upgrade or Workaround CVE-2021-35464
Access Management, a commercial access-management platform, is based on the OpenAM open-source access-management platform for web applications. The platform front-ends web apps and remote-access setups in many enterprises.
https://github.com/frohoff/ysoserial
#RCE #FORGEROCK #OPENAM


Google checks rise of DOM XSS with Trusted Types
https://portswigger.net/daily-swig/google-checks-rise-of-dom-xss-with-trusted-types
#DOMXSS #GOOGLE
https://brutelogic.com.br/blog/xss-via-http-headers/
If you know how #XSS works via HTTP headers, don’t waste your time reading this!
#bugbountytips

🚨 🚨 🚨 🚨 🚨 🚨 🚨
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
پچ کنید قبل از ....
Patch it before ...
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb
Patch :
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3n-release-notes.html
https://technet24.ir/full-patch-for-vmware-vcenter-server-appliance-6-7-14552

Mitigation for ::::
https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/

=»»»>
Microsoft discovers SolarWinds zero-day exploited in the wild

-CVE-2021-35211: RCE in Serv-U file transfer technology
-disabling SSH on affected products prevents exploitation
-affected products include: Serv-U Managed File Transfer and Serv-U Secure FTP
https://therecord.media/microsoft-discovers-a-solarwinds-zero-day-exploited-in-the-wild/