Further Evasion in the Forgotten Corners of MS-XLS
https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/
https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/
Yet Another Security Blog
Further Evasion in the Forgotten Corners of MS-XLS
It’s been a few weeks since my last discussion1 of Excel 4.0 macro shenanigans and the space continues to change. LastLine published a great report2 which summarized the progression of weapon…
List of Microsoft-signed files with functionality that would be useful for attacks
https://lolbas-project.github.io
https://lolbas-project.github.io
CVE-2020-1170. Microsoft Windows Defender Elevation of Privilege
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
itm4n’s blog
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
Here is my writeup about CVE-2020-1170, an elevation of privilege bug in Windows Defender. Finding a vulnerability in a security-oriented product is quite satisfying. Though, there was nothing groundbreaking. It’s quite the opposite actually and I’m surprised…
Exploiting Bitdefender Antivirus: RCE from any website
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Almost Secure
Exploiting Bitdefender Antivirus: RCE from any website
A vulnerability in Bitdefender Antivirus allowed any website to run arbitrary code with user's privileges. This was caused by issues very similar to ones found in other antivirus products before.
Securing Active Directory: Performing an Active Directory Security Review
https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
Trimarc Content Hub
Securing Active Directory: Performing an Active Directory Security Review
During the Trimarc Webcast on June 17, 2020, Sean Metcalf covered a number of Active Directory (AD) components and areas that should be reviewed for potential security issues. The presentation included PowerShell code in the presentation and that code is…
Leonidas, a tool for automating the simulation of attacks against cloud environment
https://github.com/FSecureLABS/leonidas
https://github.com/FSecureLABS/leonidas
GitHub
GitHub - WithSecureLabs/leonidas: Automated Attack Simulation in the Cloud, complete with detection use cases.
Automated Attack Simulation in the Cloud, complete with detection use cases. - GitHub - WithSecureLabs/leonidas: Automated Attack Simulation in the Cloud, complete with detection use cases.
Taking over Azure DevOps Accounts with 1 Click
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce/
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-iii-from-remote-read-smbleed-to-rce/
Jamf
Jamf Threat Labs | Blog
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
https://gtfobins.github.io/
https://gtfobins.github.io/
Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
https://medium.com/@kminthein/story-of-stealing-mail-conversation-contacts-in-mail-ru-and-mymail-ios-applications-via-xss-1e49c4ed560
https://medium.com/@kminthein/story-of-stealing-mail-conversation-contacts-in-mail-ru-and-mymail-ios-applications-via-xss-1e49c4ed560
Medium
Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
In June 2020, I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS…
Living Off Windows Land – A New Native File “downldr”
https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/
https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/
SentinelOne
Living Off Windows Land - A New Native File "downldr" - SentinelLabs
A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.