CVE-2024-4040-SSTI-LFI-PoC: CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support #GitHub #CVE-2024-4040 #SSTI #LFI #PoC https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
GitHub
GitHub - Stuub/CVE-2024-4040-SSTI-LFI-PoC: CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support - Stuub/CVE-2024-4040-SSTI-LFI-PoC
system32 important files #OffensiveSecurity #SystemIntegrity #MalwareDetection #FileAbuse https://redteamrecipe.com/system32-important-files
ExpiredDomains.com
redteamrecipe.com is for sale! Check it out on ExpiredDomains.com
Buy redteamrecipe.com for 100 on GoDaddy via ExpiredDomains.com. This premium expired .com domain is ideal for establishing a strong online identity.
🥱1
Leveraging DNS Tunneling for Tracking and Scanning #DNSTunneling #Tracking #Scanning #Security #ThreatResearch https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/
Unit 42
Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited.
CFG in Windows 11 24H2 #CFG #Windows11 #Hotpatching #SCPCFG #Reversing https://ynwarcs.github.io/Win11-24H2-CFG
###
CFG in Windows 11 24H2
Hotpatching has been looming over Windows 11 for a while now, having already been shipped on the server & cloud deployments. It first came out in March that the first major version to include it will be 24H2, which can now be confirmed in a few minutes of…
🔥1
HiddenArt – A Russian-linked SS7 Threat Actor #HiddenArt #RussianSS7Threat #EneaSolutions #NetworkSecurity #CyberSecurity https://www.enea.com/insights/the-hunt-for-hiddenart/
Enea
HiddenArt - A Russian-linked SS7 Threat Actor
From research on how SS7 network attacks could be used in hybrid warfare we reveal the Russian-connected HiddenArt mobile threat actor
Hunting for Unauthenticated n-days in Asus Routers #Shielder #AsusRouters #Exploit #Vulnerability #IoTSecurity https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
Shielder
Shielder - Hunting for ~~Un~~authenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive #Fortinet #CVE-2023-34992 #CommandInjection #Horizon3ai #NodeZero https://www.horizon3.ai/attack-research/disclosures/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Horizon3.ai
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323) #LinguisticLumberjack #CloudServices #FluentBit #CVE20244323 #TenableBlog https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Tenable®
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
New SamsStealer Malware Targets Passwords in Windows Systems #SamsStealer #Malware #WindowsSystems #CYFIRMA #DataBreaches https://cyberinsider.com/new-samsstealer-malware-targets-passwords-in-windows-systems/
CyberInsider
New SamsStealer Malware Targets Passwords in Windows Systems
CYFIRMA researchers have identified a new information-stealing malware named "SamsStealer" that targets Windows systems.
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule #RFDoS #WebsiteShutdown #WAFRule #ResponseFilter #DenialofService https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…
CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js #JavaScript #CVE-2024-4367 #ArbitraryExecution https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
codeanlabs
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (
Abusing url handling in iTerm2 and Hyper for code execution #TerminalEscapeSequences #iTerm2 #Hyper #Vulnerabilities #CodeExecution https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
Vin01’s Blog
Abusing url handling in iTerm2 and Hyper for code execution
What are escape sequences
Heap overflow in WebRtcAudioSink #Chromium https://issues.chromium.org/issues/41485743
Remote Desktop Protocol: The Series #RDP #IncidentResponse #RemoteDesktopProtocol #Cybersecurity #SophosNews https://news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-the-series/
Sophos News
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report
Foxit PDF “Flawed Design” Exploitation #FoxitPDFexploitation #CheckPointResearch #PDFsecurity #maliciousPDF #threatintelligence https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/
Check Point Research
Foxit PDF “Flawed Design” Exploitation - Check Point Research
Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands. Check Point…
Random thoughts on physical security measures #PhysicalSecurity #AlarmBypass #Reconnaissance #CableVulnerabilities #SeeThroughWalls https://diablohorn.com/2024/05/21/random-thoughts-on-physical-security-measures/
DiabloHorn
Random thoughts on physical security measures
Lately, I’ve been drawn to do some desk research and limited hands-on testing of physical security measures. I’ve written about this subject before, you can find the article here. Howev…
Persistence Techniques That Persist #CyberArk #IdentitySecurity #RegistryPersistence #ThreatResearch #PersistenceTechniques https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
Cyberark
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy #Malware https://blog-en.itochuci.co.jp/entry/2024/05/23/090000
Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction Malware group History Analysis of BloodAlchemy Initial infection vector and infection flow Analysis of malicious DLL Analysis of shellcode Analysis…
Analysis of CVE-2023-39143 – PaperCut RCE #PaperCutRCE #PenetrationTesting #WebDav #PathTraversal #SecurityVulnerabilities https://blog.securelayer7.net/analysis-of-papercut-rce/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2023-39143 – PaperCut RCE
Overview CVE-2023-39143 is a path traversal vulnerability found in Papercut MF/NG, a print management solution. This particular CVE only affects Windows installations prior to version 22.1.3. With...
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations #ElasticSecurityLabs #GHOSTENGINE #cryptoMining #Malware #MITREATTACK https://www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine
www.elastic.co
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars #ThreatIntelligence #APTTracking #MalwareAnalysis #CyberSecurity #DomainDetection https://www.embeeresearch.io/advanced-guide-to-infrastructure-analysis-tracking-apt-sidewinder-domains/
Embee Research
Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars
Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars