اخرین نسخه کتاب مرجع OSINT من فصل 28 کتاب توصیه میکنم "Data Breach & Leaks" که در واقع شامل تکنیک های ارزیابی دارایی های سازمان هست بخشی از ASM که چند وقت پیش یک پست روی بلاگ گذاشتم.از همین تکنیک ها برای هک، تست نفوذ و باگ بانتی و ... استفاده میشه!
کتاب :
https://t.iss.one/Peneter_Media/389
ASM :
https://t.iss.one/learnpentest/451

آسیب پذیری RCE روی spring cloud (SPEL) از نسخه 3 تا 3.2.2 برای کاهش مخاطره باید به نسخه 3.2.3 آپدیت شود.
https://www.cyberkendra.com/2022/03/rce-0-day-exploit-found-in-spring-cloud.html
Exploit:
https://t.iss.one/Peneter_Tools/272
اسیب پذیری دیگر روی هسته jdk می باشد اگر jdk شما ۸ یا پایین تر باشد اسیب پذیر نیستید در غیر این صورت اسیب پذیر هستید و باید به صورت دستی پچ کنید.اکسپلویت ها در دسترس هستند!
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html?m=1
https://t.iss.one/Peneter_Tools/274

چه کسی پشت سایت هست؟

https://twitter.com/soheilhashemi_/status/1510230861794394114?s=21&t=TVkCeqtL91kkS9rY8aNl2g

گوگل داک:
https://bit.ly/36Qt3mb
اوسینت چیست:
https://bit.ly/3u1NsNQ
https://t.iss.one/learnpentest/395

اخبار امنیت سایبری هفته گذشته:
https://blog.peneter.com/cybersecurity-news-1401-01-20/
این اخبار هر شنبه شب به وقت ایران در کلاب هاوس تحت کلاب پنتر برگزار می شود.
آرشیو اخبار هفتگی امنیت:
https://www.youtube.com/channel/UCewDE8winhc8DSPFnpSksTA
https://hearthis.at/peneter-com/
و همچنین رو بلاگ پنتر می توانید بشنوید :
https://blog.peneter.com
لینک منابع می تونید از روی صفحه توییتر مشاهده کنید:
https://twitter.com/soheilhashemi_
https://twitter.com/5tuxnet

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Vul Details:
https://t.iss.one/Peneter_Tools/288

#nginx 0-day on latest nginx-1.21.6

Github: https://github.com/gamozolabs/nginx_shitpost

by https://twitter.com/gamozolabs

windows #spooler service #LPE which was patched on #patchtuesday

https://github.com/grigoritchy/pocs/tree/main/windows/spooler-splenumforms-iov

bypass EDR( crowdstrike and microsoft defender) 2022
— Abuse situations where the sensor is not configured and not updated
—The researcher has used the following 12 techniques:

1.Shellcode encryption
2.Reducing entropy
3.Escaping the (local) AV sandbox
4.Import table obfuscation
5.Disabling Event Tracing for Windows (ETW)
6.Evading common malicious API call patterns
7.Direct system calls and evading “mark of the syscall”
8.Removing hooks in ntdll.dll
9.Spoofing the thread call stack
10.In-memory encryption of beacon
11.A custom reflective loader
12.OpSec configurations in your Malleable profile

https://vanmieghem.io/blueprint-for-evading-edr-in-2022/

#EDR #crowdstrike #endpoint

Inspired by 7-Zip CVE-2022-29072 this vulnerability also exist in XVI32
by: will dormann

https://twitter.com/wdormann/status/1516217431437500419?s=21&t=f9YqLUEf65ykpDUdF5MCYw

7zip: https://t.iss.one/Peneter_Tools/305

Security Researcher Maddie stone from google’s Project Zero has published a blog to review in-the-wild 0-days exploits discovered in 2021:

I added Pocs or available exploits for easier access

Blog :

https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html


Exploits:


RCE in #Apache HTTP CVE-2021-41773

https://github.com/thehackersbrain/CVE-2021-41773


14 in Google #Chrome

6 JavaScript Engine - v8 (CVE-2021-21148, CVE-2021-30551, CVE-2021-30563, CVE-2021-30632, CVE-2021-37975, CVE-2021-38003)

https://github.com/xmzyshypnc/CVE-2021-30551

https://github.com/Phuong39/PoC-CVE-2021-30632

https://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/v8/CVE-2021-37975

2 DOM Engine - Blink (CVE-2021-21193 & CVE-2021-21206)

1 WebGL (CVE-2021-30554)

1 IndexedDB (CVE-2021-30633)

1 webaudio (CVE-2021-21166)

1 Portals (CVE-2021-37973)

1 Android Intents (CVE-2021-38000)

1 Core (CVE-2021-37976)



7 in Webkit #safari

4 Javascript Engine - JavaScript Core (CVE-2021-1870, CVE-2021-1871, CVE-2021-30663, CVE-2021-30665)

1 IndexedDB (CVE-2021-30858)

1 Storage (CVE-2021-30661)

1 Plugins (CVE-2021-1879)



4 in #IE

MSHTML browser engine (CVE-2021-26411, CVE-2021-33742, CVE-2021-40444)

Javascript Engine - JScript9 (CVE-2021-34448)


10 in #Windows

2 Enhanced crypto provider (CVE-2021-31199, CVE-2021-31201)

2 NTOS kernel (CVE-2021-33771, CVE-2021-31979)

2 Win32k (CVE-2021-1732, CVE-2021-40449)

https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732

https://github.com/Kristal-g/CVE-2021-40449_poc

1 Windows update medic (CVE-2021-36948)

1 SuperFetch (CVE-2021-31955)

https://github.com/freeide/CVE-2021-31955-POC

1 dwmcore.dll (CVE-2021-28310)

https://github.com/Rafael-Svechinskaya/IOC_for_CVE-2021-28310/blob/main/Malicious%20Payloads

1 ntfs.sys (CVE-2021-31956)

https://github.com/aazhuliang/CVE-2021-31956-EXP



5 in #iOS and #macOS

IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)

https://github.com/jsherman212/iomfb-exploit

XNU Kernel (CVE-2021-1782 & CVE-2021-30869)

https://github.com/synacktiv/CVE-2021-1782

CoreGraphics (CVE-2021-30860)

https://github.com/jeffssh/CVE-2021-30860

CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)



7 in #Android

Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)

ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)

Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)



5 in Microsoft #Exchange Server

(CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)

https://github.com/0xAbdullah/CVE-2021-26855

https://github.com/sirpedrotavares/Proxylogon-exploit

https://github.com/hictf/CVE-2021-26855-CVE-2021-27065

(CVE-2021-42321)

https://github.com/DarkSprings/CVE-2021-42321

PoC for an NTLM relay attack dubbed DFSCoerce.
The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
https://github.com/Wh04m1001/DFSCoerce

It's a Docker Environment for pentesting which having all the required tool for VAPT.
https://github.com/RAJANAGORI/Nightingale
Tools List:
https://owasp.org/www-project-nightingale/

Penetration Testing Sample Report
There are bunch of pentest reports can be found on https://pentestreports.com/reports/

Node.js security releases announced - high severity vulnerabilities in all active versions

https://groups.google.com/g/nodejs-sec/c/TXKhlMr55UA/m/Sqak2IJnBAAJ

Amsi-Bypass-Powershell

This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.

Most of the scripts are detected by AMSI itself. So you have to find the trigger(https://github.com/RythmStick/AMSITrigger) and change the signature at the part via variable/function renaming, string replacement or encoding and decoding at runtime. Alternatively obfuscate them via ISESteroids and or Invoke-Obfuscation to get them working. You can also take a look at blog(https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/) post about manually changing the signature to get a valid bypass again.


https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

Source:
https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf

For more and Reference :

https://twitter.com/ShitSecure

CVE-2022-32250 (CVE-2022-1966) - A 6 year old bug in the Linux kernel exploited by NCCGroup
https://www.openwall.com/lists/oss-security/2022/05/31/1
Get those patches :
https://access.redhat.com/security/cve/CVE-2022-1966
https://ubuntu.com/security/CVE-2022-1966
https://www.debian.org/security/2022/dsa-5161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-32250

Security firm SpectreOps has open-sourced a new tool called Koh that can be used to capture Windows account authentication tokens for new logon sessions and reuse them for future attacks
https://github.com/GhostPack/Koh
https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6