شرح آسیب پذیری Zerologon که با سوء استفاده از NetLogon مهاجم را به دامین کنترلر میرساند
https://www.tenable.com/blog/cve-2020-1472-zerologon-vulnerability-in-netlogon-could-allow-attackers-to-hijack-windows
https://www.secura.com/pathtoimg.php?id=2055
poc:
https://github.com/dirkjanm/CVE-2020-1472
https://github.com/blackarrowsec/redteam-research/blob/master/CVE-2020-1472/CVE-2020-1472.py
https://github.com/bb00/zer0dump
https://github.com/risksense/zerologon
برای انجام این حمله باید در شبکه داخلی قرار بگیرید
#windows
#AD
#privesc
@sec_nerd
https://www.tenable.com/blog/cve-2020-1472-zerologon-vulnerability-in-netlogon-could-allow-attackers-to-hijack-windows
https://www.secura.com/pathtoimg.php?id=2055
poc:
https://github.com/dirkjanm/CVE-2020-1472
https://github.com/blackarrowsec/redteam-research/blob/master/CVE-2020-1472/CVE-2020-1472.py
https://github.com/bb00/zer0dump
https://github.com/risksense/zerologon
برای انجام این حمله باید در شبکه داخلی قرار بگیرید
#windows
#AD
#privesc
@sec_nerd
آسیب پذیری RCE در نسخه ۲ فریمورک yii
https://github.com/advisories/GHSA-699q-wcff-g9mj
#poi
#rce
#php
@sec_nerd
https://github.com/advisories/GHSA-699q-wcff-g9mj
#poi
#rce
#php
@sec_nerd
GitHub
CVE-2020-15148 - GitHub Advisory Database
Unsafe deserialization in Yii 2
امنیت اطلاعات
آسیب پذیری RCE در نسخه ۲ فریمورک yii https://github.com/advisories/GHSA-699q-wcff-g9mj #poi #rce #php @sec_nerd
چند اسکریپت اثبات آسیب پذیری کشف شده در yii
https://github.com/Maskhe/CVE-2020-15148-bypasses
#poi
#rce
#php
@sec_nerd
https://github.com/Maskhe/CVE-2020-15148-bypasses
#poi
#rce
#php
@sec_nerd
GitHub
GitHub - Maskhe/CVE-2020-15148-bypasses: 几条关于CVE-2020-15148(yii2反序列化)的绕过
几条关于CVE-2020-15148(yii2反序列化)的绕过. Contribute to Maskhe/CVE-2020-15148-bypasses development by creating an account on GitHub.
گزارشات خواندنی هفته گذشته:
https://drive.google.com/file/d/1LSsD9gzOejmQ2QipReyMXwr_M0Mg1GMH/view
Rolled-up newspaper
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Rolled-up newspaper
https://soatok.blog/2020/08/27/soatoks-guide-to-side-channel-attacks/
Rolled-up newspaper
https://dozer.nz/posts/aruba-clearpass-rce
#writeup
#pentest
@sec_nerd
https://drive.google.com/file/d/1LSsD9gzOejmQ2QipReyMXwr_M0Mg1GMH/view
Rolled-up newspaper
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Rolled-up newspaper
https://soatok.blog/2020/08/27/soatoks-guide-to-side-channel-attacks/
Rolled-up newspaper
https://dozer.nz/posts/aruba-clearpass-rce
#writeup
#pentest
@sec_nerd
From Zero to Lateral Movement in 36 Minutes
https://www.wilbursecurity.com/2019/12/from-zero-to-lateral-movement-in-36-minutes/
#windows
#pentest
#privesc
@sec_nerd
https://www.wilbursecurity.com/2019/12/from-zero-to-lateral-movement-in-36-minutes/
#windows
#pentest
#privesc
@sec_nerd
Wilbur Security
From Zero to Lateral Movement in 36 Minutes
An attacker logged into my RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. I've been seeing more and more ProcDump and less and less mimikatz. The attacker attempted to run a couple executables to maintain persistence…
کشف باگ RCE در اپلیکیشن اندرویدی فیسبوک به واسطه دانلود فایل
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
#facebook
#rce
#bugbounty
#android
@sec_nerd
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
#rce
#bugbounty
#android
@sec_nerd
ویدیوی حل چالش HTB با نام BlackField
https://www.youtube.com/watch?v=IfCysW0Od8w
نسخه متنی:
https://snowscan.io/htb-writeup-blackfield/
محتویات: حمله به اکتیودایرکتوری
#htb
#AD
#network
#windows
@sec_nerd
https://www.youtube.com/watch?v=IfCysW0Od8w
نسخه متنی:
https://snowscan.io/htb-writeup-blackfield/
محتویات: حمله به اکتیودایرکتوری
#htb
#AD
#network
#windows
@sec_nerd
YouTube
HackTheBox - Blackfield
00:00 - Intro
01:00 - Start of nmap
03:00 - Enumerating fileshares with SMBClient and CrackMapExec, highlighting some picky syntax
06:15 - Mounting the profiles$ directory so we can build a username list
09:00 - Using Kerbrute to enumerate valid usernames…
01:00 - Start of nmap
03:00 - Enumerating fileshares with SMBClient and CrackMapExec, highlighting some picky syntax
06:15 - Mounting the profiles$ directory so we can build a username list
09:00 - Using Kerbrute to enumerate valid usernames…
گامهای اولیه در کشف باگ از سورس کد
https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
#whitebox
#pentest
@sec_nerd
https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
#whitebox
#pentest
@sec_nerd
ماژول متاسپلویت برای آسیب پذیری ssi در sharepoint
CVE-2020-16952
https://github.com/wvu-r7/metasploit-framework/blob/feature/sharepoint/modules/exploits/windows/http/sharepoint_ssi_viewstate.rb
جزییات بیشتر:
https://github.com/rapid7/metasploit-framework/pull/14265
#windows
#sharepoint
#ssi
@sec_nerd
CVE-2020-16952
https://github.com/wvu-r7/metasploit-framework/blob/feature/sharepoint/modules/exploits/windows/http/sharepoint_ssi_viewstate.rb
جزییات بیشتر:
https://github.com/rapid7/metasploit-framework/pull/14265
#windows
#sharepoint
#ssi
@sec_nerd