CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
https://github.com/0vercl0k/CVE-2021-31166
https://github.com/0vercl0k/CVE-2021-31166
GitHub
GitHub - 0vercl0k/CVE-2021-31166: Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166
Credential Dumping cheatsheet
https://dl.packetstormsecurity.net/papers/general/credential_dumping.pdf
https://dl.packetstormsecurity.net/papers/general/credential_dumping.pdf
Dumping Plaintext RDP credentials from svchost.exe
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
https://www.n00py.io/2021/05/dumping-plaintext-rdp-credentials-from-svchost-exe/
www.n00py.io
Dumping Plaintext RDP credentials from svchost.exe
Recently I was browsing Twitter and came across a very interesting tweet: A simple string search within the process memory for svchost.exe revealed the plaintext password that was used to connect to the system via RDP. After some testing, I was also able…
An exploration of JSON interoperability vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Bishop Fox
An Exploration & Remediation of JSON Interoperability Vulnerabilities
Learn more about how the same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks.
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Fuzzing exotic arch with AFL using ghidra emulator
https://airbus-cyber-security.com/fuzzing-exotic-arch-with-afl-using-ghidra-emulator/
https://airbus-cyber-security.com/fuzzing-exotic-arch-with-afl-using-ghidra-emulator/
Know Your Enemy: Exploiting the Dell BIOS Driver Vulnerability to Defend Against It
https://www.crowdstrike.com/blog/cve-2021-21551-learning-through-exploitation/
https://www.crowdstrike.com/blog/cve-2021-21551-learning-through-exploitation/
CrowdStrike.com
CVE-2021-21551: Learning Through Exploitation | CrowdStrike
Using CVE-2021-21551 as an example, learn how adversaries approach weaponizing vulnerabilities, and the technologies that work best to mitigate their tactics.
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (CVE-2021-3560)
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
d0zer
Elf binary infector written in Golang. It can be used for infecting executables of type ET_DYN and ET_EXEC with a payload of your creation. Utilizing the classic elf text segment padding algorithm by Silvio Cesar, your payload (parasite) will run before native functionality of the binary effectively backooring the binary.
https://github.com/sad0p/d0zer
Elf binary infector written in Golang. It can be used for infecting executables of type ET_DYN and ET_EXEC with a payload of your creation. Utilizing the classic elf text segment padding algorithm by Silvio Cesar, your payload (parasite) will run before native functionality of the binary effectively backooring the binary.
https://github.com/sad0p/d0zer
GitHub
GitHub - sad0p/d0zer: Elf binary infector written in Go.
Elf binary infector written in Go. Contribute to sad0p/d0zer development by creating an account on GitHub.
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
https://github.com/optiv/Dent
https://github.com/optiv/Dent
GitHub
GitHub - optiv/Dent: A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors. - GitHub - optiv/Dent: A framework for creating COM-based bypasses utilizing vulnerabil...
DarkLoadLibrary (Bypassing Image Load Kernel Callbacks)
https://github.com/bats3c/DarkLoadLibrary
LoadLibrary for offensive operations.https://github.com/bats3c/DarkLoadLibrary
GitHub
GitHub - bats3c/DarkLoadLibrary: LoadLibrary for offensive operations
LoadLibrary for offensive operations. Contribute to bats3c/DarkLoadLibrary development by creating an account on GitHub.
AutoHarness is a tool that automatically generates fuzzing harnesses for you
https://github.com/parikhakshat/autoharness
https://github.com/parikhakshat/autoharness
GitHub
GitHub - parikhakshat/autoharness: A tool that automatically creates fuzzing harnesses based on a library
A tool that automatically creates fuzzing harnesses based on a library - parikhakshat/autoharness
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.
https://github.com/0vercl0k/wtf
https://github.com/0vercl0k/wtf
GitHub
GitHub - 0vercl0k/wtf: wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed…
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m...
Details about four in-the-wild 0-day campaigns targeting four separate vulnerabilities we’ve discovered so far this year:
• CVE-2021-21166 and CVE-2021-30551 in Chrome,
• CVE-2021-33742 in Internet Explorer, and
• CVE-2021-1879 in WebKit (Safari).
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
• CVE-2021-21166 and CVE-2021-30551 in Chrome,
• CVE-2021-33742 in Internet Explorer, and
• CVE-2021-1879 in WebKit (Safari).
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
cve.mitre.org
CVE -
CVE-2021-21166
CVE-2021-21166
CVE® is a list of records — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. The mission of the CVE Program is to identify, define, and catalog publicly disclosed…
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/amp/#click=https://t.co/zfXvokBcHW
https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/amp/#click=https://t.co/zfXvokBcHW
NCC Group Research
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
NCC Group’s Exploit Development Group look at exploiting CVE-2021-31956 – the Windows Kernel (NTFS with WNF)
OpenSecurityTraining2 public betas of refreshed classes on x86-64 assembly, x86-64 OS internals, and coreboot are now open - https://ost2.fyi
1-s2.0-S0140366421000426-main.pdf
1.3 MB
Deep Learning for Network Traffic Monitoring and Analysis (NTMA): A Survey