Quick note of vCenter RCE (CVE-2021–22005) https://testbnull.medium.com/quick-note-of-vcenter-rce-cve-2021-22005-4337d5a817ee
Medium
Quick note of vCenter RCE (CVE-2021–22005)
Mấy nay đầu óc đang rối ren, bộn bề trong biển việc, ngồi nghĩ mãi mà ko ra cái tên nào hợp lý cho cái blog này cả, không có tên thì lại…
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Quick Malware Analysis: Cobalt Strike and Hancitor pcap from 2021-09-14 https://blog.securityonion.net/2021/09/quick-malware-analysis-cobalt-strike_15.html
blog.securityonion.net
Quick Malware Analysis: Cobalt Strike and Hancitor pcap from 2021-09-14
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2021/09/14/index.html We did a quick analysis of this ...
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor https://gist.github.com/zznop/0117c24164ee715e750150633c7c1782
Gist
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.gith…
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/) - mem-loader.asm
Remote Command Execution in Visual Studio Code Remote Development Extension https://www.shielder.it/advisories/remote-command-execution-in-visual-studio-code-remote-development-extension/
Shielder
Shielder - Remote Command Execution in Visual Studio Code Remote Development Extension 1.50
Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit https://github.com/klezVirus/CVE-2021-40444
GitHub
GitHub - klezVirus/CVE-2021-40444: CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit - klezVirus/CVE-2021-40444
fail2ban – Remote Code Execution https://research.securitum.com/fail2ban-remote-code-execution/
research.securitum.com
fail2ban - Remote Code Execution - research.securitum.com
This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.
Stealing weapons from the Armoury (CVE-2021-40981 analysis) https://aptw.tf/2021/09/24/armoury-crate-privesc.html
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
Microsoft News
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today. We are sharing these findings so the broader community can build…
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Trend Micro
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.
A new APT is targeting hotels across the world https://therecord.media/a-new-apt-is-targeting-hotels-across-the-world/
Getting started in macOS security https://theevilbit.github.io/posts/getting_started_in_macos_security/
theevilbit blog
Getting started in macOS security
Many people used to ask me where to start learning about macOS security or exploitation, what are the trainings or books out there that can help with this topic. Nowadays there are a few trainings, which can get you started. Other great resources for macOS…
Examining the Cring Ransomware Techniques https://www.trendmicro.com/en_us/research/21/i/examining-the-cring-ransomware-techniques.html
Trend Micro
Examining the Cring Ransomware Techniques
In this entry, we look at the techniques typically employed by the Cring ransomware, as well as the most affected regions and industries.
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) https://github.com/ollypwn/PrintNightmare
GitHub
GitHub - ly4k/PrintNightmare: Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) - GitHub - ly4k/PrintNightmare: Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
Costly mistakes made by developers when managing secrets and how to avoid them https://boemo1mmopelwa.medium.com/costly-mistakes-made-by-developers-when-managing-secrets-and-how-to-avoid-them-a7b622d27a17
Medium
Costly mistakes made by developers when managing secrets and how to avoid them
There’s now more money and information stored digitally than physically. Secrets unlock the infrastructure holding millions of dollars and…
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild https://blog.s1r1us.ninja/research/PP
blog.s1r1us.ninja
s1r1us - Prototype Pollution
Introduction
Zloader Campaigns at a Glance https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance
Trendmicro
Zloader Campaigns at a Glance
Our infographic provides a quick and comprehensive overview of Zloader, which has been involved in numerous campaigns over the past few years.
TrustedInstaller, parando Windows Defender https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/
Security Art Work
TrustedInstaller, parando Windows Defender - Security Art Work
A menudo, durante un proceso de intrusión puede sernos de utilidad disponer de la capacidad de deshabilitar las medidas de defensa del equipo objetivo. Para aquellos pentesters que ya hayan probado las mieles de la solución de seguridad embarcada por defecto…
Chrome in-the-wild bug analysis: CVE-2021-30632 https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) https://spaceraccoon.dev/all-your-d-base-are-belong-to-us-part-1-code-execution-in-apache-openoffice?pk_campaign=rss-feed
spaceraccoon.dev
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) — spaceraccoon.dev
Note: This is a mirror of the Medium blogpost. Introduction Venturing out into the wilderness of vulnerability research can be a daunti...