Restricting SMB-based lateral movement in a Windows environment
https://medium.com/palantir/restricting-smb-based-lateral-movement-in-a-windows-environment-ed033b888721
https://medium.com/palantir/restricting-smb-based-lateral-movement-in-a-windows-environment-ed033b888721
Medium
Restricting SMB-based lateral movement in a Windows environment
Palantir’s recommendations for defending your network
CreateFile based rootkit. NtCreateFile can create and access directories using names like " ." but CreateFile can't do it.
https://github.com/dalvarezperez/CreateFile_based_rootkit
https://github.com/dalvarezperez/CreateFile_based_rootkit
GitHub
GitHub - dalvarezperez/CreateFile_based_rootkit
Contribute to dalvarezperez/CreateFile_based_rootkit development by creating an account on GitHub.
An exploitation case study of CVE-2020-1062, a use-after-free vulnerability in IE11
https://www.accenture.com/us-en/blogs/cyber-defense/exploitation-case-study-cve-2020-1062-vulnerability-in-ie11
https://www.accenture.com/us-en/blogs/cyber-defense/exploitation-case-study-cve-2020-1062-vulnerability-in-ie11
Accenture
Accenture | Security Solutions
Make every part of your business more resilient.
Audio Unit Plug-ins. Legitimate Un-signed Code Execution
https://posts.specterops.io/audio-unit-plug-ins-896d3434a882
https://posts.specterops.io/audio-unit-plug-ins-896d3434a882
Medium
Audio Unit Plug-ins
Legitimate Un-signed Code Execution
Introducing Winbindex - the Windows Binaries Index
https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/
https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/
M417Z
Introducing Winbindex - the Windows Binaries Index
I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently…
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Check Point Research
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…
BYPASSING SYMANTEC ENDPOINT PROTECTION FOR FUN & PROFIT (DEFENSE EVASION)
https://cognosec.com/bypassing-symantec-endpoint-protection-for-fun-profit-defense-evasion/
https://cognosec.com/bypassing-symantec-endpoint-protection-for-fun-profit-defense-evasion/
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet (CVE-2020-1147)
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Hunting for bugs in VirtualBox
https://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
https://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html
Applied Purple Teaming Threat Optics Lab - Azure Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
https://github.com/DefensiveOrigins/APT-Lab-Terraform
GitHub
GitHub - DefensiveOrigins/APT-Lab-Terraform: Purple Teaming Attack & Hunt Lab - Terraform
Purple Teaming Attack & Hunt Lab - Terraform. Contribute to DefensiveOrigins/APT-Lab-Terraform development by creating an account on GitHub.
CVE-2020-11518 Unauthenticated RCE in ADSelfService Plus
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/
Noctilucent, tool for Domain Fronting using TLS 1.3
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
https://github.com/SixGenInc/Noctilucent
DEF CON Safe Mode Talk:
https://youtu.be/TDg092qe50g
GitHub
GitHub - SixGenInc/Noctilucent: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise - SixGenInc/Noctilucent
CVE-2020-1048, CVE-2020-1337. Bugs in Windows Print Spooler
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
https://github.com/SafeBreach-Labs/Spooler
DEF CON Safe Mode Talk by SafeBreach Labs:
https://youtu.be/RvABLQpiZks
GitHub
SafeBreach-Labs/Spooler
Contribute to SafeBreach-Labs/Spooler development by creating an account on GitHub.
Windows Print Spooler patch bypass re-enables persistent backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
Zero Day Initiative
Zero Day Initiative — Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor
In May 2020, Microsoft patched CVE-2020-1048 , a critical privilege escalation bug in Windows. Through this vulnerability, an attacker with the ability to execute low-privileged code on a Windows machine can easily establish a persistent backdoor, allowing…
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
Medium
Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins
This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities…