POC for scanning ProxyShell (CVE-2021-34523,CVE-2021-34473,CVE-2021-31207) https://github.com/mithridates1313/ProxyShell_POC
GitHub
GitHub - mithridates1313/ProxyShell_POC: POC for scanning ProxyShell(CVE-2021-34523,CVE-2021-34473,CVE-2021-31207)
POC for scanning ProxyShell(CVE-2021-34523,CVE-2021-34473,CVE-2021-31207) - mithridates1313/ProxyShell_POC
New Android Malware Steals Financial Data from 378 Banking and Wallet Apps https://thehackernews.com/2021/09/new-android-malware-steals-financial.html
Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife https://hakin9.org/karkinos-penetration-testing-and-hacking-ctfs-swiss-army-knife/
Hakin9 - IT Security Magazine
Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
Microsoft News
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers…
Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation https://www.darkreading.com/endpoint/notorious-spyware-tool-found-hiding-beneath-four-layers-of-obfuscation
Darkreading
Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation
FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation.
An Intro to Fuzzing (AKA Fuzz Testing) https://labs.bishopfox.com/tech-blog/an-intro-to-fuzzing-aka-fuzz-testing
Bishop Fox
Fuzz Testing for blackbox security analysis
Learn about fuzzing testing, who should fuzz, what types of fuzzers exist, how to write a good harness to perform blackbox analysis on a given program.
Into the art of Binary Exploitation 0x000002 [Sorcery of ROP] https://7h3h4ckv157.medium.com/into-the-art-of-binary-exploitation-0x000002-sorcery-of-rop-b4658238ee62
Medium
Into the art of Binary Exploitation 0x000002 [Sorcery of ROP]
Hey Hackers, ✋✋
Crucial’s MOD Utility LPE – CVE-2021-41285 https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/
VoidSec
Crucial’s MOD Utility LPE - CVE-2021-41285 - VoidSec
Crucial's Ballistix MOD Utility v.<= 2.0.2.5 is affected by multiple Privilege Escalation (LPE) vulnerabilities in the MODAPI.sys driver.
Pwncat - Fancy Reverse And Bind Shell Handler https://www.kitploit.com/2021/10/pwncat-fancy-reverse-and-bind-shell.html
KitPloit - PenTest & Hacking Tools
Pwncat - Fancy Reverse And Bind Shell Handler
Remote Code Execution V1 for iOS 15 (sent through airdrop after the device was connected to a trusted host) https://github.com/jonathandata1/ios_15_rce
GHSL-2021-1012: Poor random number generation in keypair - CVE-2021-41117 https://securitylab.github.com/advisories/GHSL-2021-1012-keypair/
GitHub Security Lab
GHSL-2021-1012: Poor random number generation in keypair - CVE-2021-41117
keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library…
Understanding CVE-2019-9053 https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html
Home
CVE-2019-9053
Background This weekend I was doing some HTB machines to prepare for the OSWE certification. One of the recommended machines was Writeup. This machine is vulnerable to CVE-2019-9053 which has a corresponding exploit on Exploit-DB.
CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Zero Day Initiative
Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…
How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear https://cybergeeks.tech/how-to-defeat-the-russian-dukes-a-step-by-step-analysis-of-miniduke-used-by-apt29-cozy-bear/
Dragonfly: your next generation malware sandbox https://www.certego.net/en/news/dragonfly/
GitOops! Attacking and defending CI/CD pipelines https://tech.ovoenergy.com/gitoops-attacking-and-defending-ci-cd-pipelines/
Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC https://blog.exodusintel.com/2021/10/04/analysis-of-a-heap-buffer-overflow-vulnerability-in-adobe-acrobat-reader-dc-2/
Exodus Intelligence
Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC - Exodus Intelligence
By Sergi Martinez In late June, we published a blog post containing analysis of exploitation of a heap-buffer overflow vulnerability in Adobe Reader, a vulnerability that we thought corresponded to CVE-2021-21017. The starting point for the research was a…
Assessing the security and privacy of Vaccine Passports
https://research.nccgroup.com/2021/10/04/assessing-the-security-and-privacy-of-vaccine-passports/
https://research.nccgroup.com/2021/10/04/assessing-the-security-and-privacy-of-vaccine-passports/
NCC Group Research
Assessing the security and privacy of Vaccine Passports
This post attempts to explore the security and privacy concerns related with vaccine credential systems, by way of threat modelling and exploring the various risks and attacks conceivable against such systems.... Furthermore, we'll look at these concerns…