PuTTY vulnerability vuln-p521-bias
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
#lpe #windows
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. ( CVE-2024-21338 )
https://github.com/hakaioffsec/CVE-2024-21338
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. ( CVE-2024-21338 )
https://github.com/hakaioffsec/CVE-2024-21338
GitHub
GitHub - hakaioffsec/CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11…
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. - hakaioffsec/CVE-2024-21338
[ LSA Whisperer ]
Tools for interacting with authentication packages using their individual message protocols
- BLOGPOST
- TOOL
Tools for interacting with authentication packages using their individual message protocols
- BLOGPOST
- TOOL
#obfuscation
[ obfus.h ]
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
🔍 Function Call Obfuscation: Confuse function calls to make your code less readable to unauthorized eyes.
🛡 Anti-Debugging Techniques: Built-in mechanisms to prevent code analysis during runtime.
🔄 Control Flow Code Mutation: Turns code into spaghetti, making it difficult to parse conditions and loops.
🚫 Anti-Decompilation Techniques: Makes many popular decompilers useless visually breaking their output.
https://github.com/DosX-dev/obfus.h
[ obfus.h ]
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
🔍 Function Call Obfuscation: Confuse function calls to make your code less readable to unauthorized eyes.
🛡 Anti-Debugging Techniques: Built-in mechanisms to prevent code analysis during runtime.
🔄 Control Flow Code Mutation: Turns code into spaghetti, making it difficult to parse conditions and loops.
🚫 Anti-Decompilation Techniques: Makes many popular decompilers useless visually breaking their output.
https://github.com/DosX-dev/obfus.h
#windows #lpe
[ KExecDD ]
Admin to Kernel code execution using the KSecDD driver
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
https://github.com/floesen/KExecDD
[ KExecDD ]
Admin to Kernel code execution using the KSecDD driver
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
https://github.com/floesen/KExecDD
Один из скромных участников "бублика", оказывается, имеет свой TG канал аж с 2021 года при этом там всего 15 подписчиков.
Зайдите, почитайте, вдруг вам понравится, а он, увидев "наплыв", начнет писать больше и интереснее.
https://t.me/beaverdreamer
Зайдите, почитайте, вдруг вам понравится, а он, увидев "наплыв", начнет писать больше и интереснее.
https://t.me/beaverdreamer
[ Grafana backend SQL injection ]
Note: all versions!
Also: Grafana official security team does not think this is a vulnerability.
https://fdlucifer.github.io/2024/04/22/grafana-sql-injection
Note: all versions!
Also: Grafana official security team does not think this is a vulnerability.
https://fdlucifer.github.io/2024/04/22/grafana-sql-injection
Про возможность загрузки файлов для дальнейшего фишинга наверное уже все слышали. Гитлаб - такая же проблема
#lpe #windows
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
Decoder's Blog
Hello: I’m your Domain Admin and I want to authenticate against you
TL;DR (really?): Members of Distributed COM Users or Performance Log Users Groups can trigger from remote and relay the authentication of users connected on the target server, including Domain Cont…
#windows #lpe #cve
Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR
https://exploits.forsale/24h2-nt-exploit/
Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR
https://exploits.forsale/24h2-nt-exploit/
GitHub
GitHub - exploits-forsale/24h2-nt-exploit: Exploit targeting NT kernel in 24H2 Windows Insider Preview
Exploit targeting NT kernel in 24H2 Windows Insider Preview - exploits-forsale/24h2-nt-exploit
#windows #ad
[ PingCastle Notify ]
PingCastle Notify is a tool that will monitor your PingCastle reports ! You will be notified every time a change between a scan and a previous scan is made.
https://github.com/LuccaSA/PingCastle-Notify
[ PingCastle Notify ]
PingCastle Notify is a tool that will monitor your PingCastle reports ! You will be notified every time a change between a scan and a previous scan is made.
https://github.com/LuccaSA/PingCastle-Notify
GitHub
GitHub - LuccaSA/PingCastle-Notify: Monitor your PingCastle scans to highlight the rule diff between two scans
Monitor your PingCastle scans to highlight the rule diff between two scans - LuccaSA/PingCastle-Notify
Дорогие друзья!
Сегодня у нас особый день - 5000 подписчиков! Это невероятное достижение, которое мы смогли бы достичь только благодаря вам - нашим преданным подписчикам.
Хочется выразить огромную благодарность каждому из вас за вашу поддержку, вдохновение и активное участие в нашем сообществе. Ваши лайки, комментарии и репосты делают наш контент еще более ценным и интересным.
Мы ценим каждого из вас и обещаем продолжать радовать вас увлекательным контентом, интересными материалами и полезными советами. Без вас ничего из этого не было бы возможно!
Спасибо за вашу веру в нас и вашу активность! Давайте продолжать двигаться вперед и достигать новых высот вместе!
С любовью и благодарностью, ChatGPT
Сегодня у нас особый день - 5000 подписчиков! Это невероятное достижение, которое мы смогли бы достичь только благодаря вам - нашим преданным подписчикам.
Хочется выразить огромную благодарность каждому из вас за вашу поддержку, вдохновение и активное участие в нашем сообществе. Ваши лайки, комментарии и репосты делают наш контент еще более ценным и интересным.
Мы ценим каждого из вас и обещаем продолжать радовать вас увлекательным контентом, интересными материалами и полезными советами. Без вас ничего из этого не было бы возможно!
Спасибо за вашу веру в нас и вашу активность! Давайте продолжать двигаться вперед и достигать новых высот вместе!
С любовью и благодарностью, ChatGPT
#adcs #bloodhound #ad
[ ADCS Attack Paths in BloodHound ]
This blog post(s) details the domain escalation requirements and explains how BloodHound incorporates the relevant components. SpectrOps team will demonstrate how to effectively use BloodHound to identify attack paths that involve ESC abuse.
Part 1
Part 2
[ ADCS Attack Paths in BloodHound ]
This blog post(s) details the domain escalation requirements and explains how BloodHound incorporates the relevant components. SpectrOps team will demonstrate how to effectively use BloodHound to identify attack paths that involve ESC abuse.
Part 1
Part 2
Удобная замена SimpleHTTPServer. Умеет в аутентификацию и FileUpload
https://github.com/sc0tfree/updog
UPD: Подписчик подсказывает еще один вариант: https://github.com/sigoden/dufs
Из плюшек сразу вижу: Download folder as zip file
https://github.com/sc0tfree/updog
UPD: Подписчик подсказывает еще один вариант: https://github.com/sigoden/dufs
Из плюшек сразу вижу: Download folder as zip file
GitHub
GitHub - sc0tfree/updog: Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S,…
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. - sc0tfree/updog
Есть такой очень уязвимый Windows драйвер как HEVD
Создан для тренировки навыков эксплуатации ядерных багов в Windows. старая штука, иногда обновляется.
А вот вам статья с примерами.
Создан для тренировки навыков эксплуатации ядерных багов в Windows. старая штука, иногда обновляется.
А вот вам статья с примерами.
GitHub
GitHub - hacksysteam/HackSysExtremeVulnerableDriver: HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux - hacksysteam/HackSysExtremeVulnerableDriver
Новый тулкит от участника нашего чата:
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices.
It works by executing templated exploits one by one and verifying appropriate properties based on the template logic. The toolkit is extensible and allows new research to be added to the centralized testing toolkit. There are 43 Bluetooth exploits available in the toolkit, from known public exploits and tools to custom-developed ones.
The framework works in a Black-box fashion, but it is also possible to operate the toolkit in a Gray-box fashion. For that one needs to extend the framework and connect it to the Operating System of the target so that it would be possible to observe Bluetooth logs and guarantee no false positives.
Also, we have already used our framework and were able to find 64 new vulnerabilities in 22 products.
https://github.com/sgxgsx/BlueToolkit
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices.
It works by executing templated exploits one by one and verifying appropriate properties based on the template logic. The toolkit is extensible and allows new research to be added to the centralized testing toolkit. There are 43 Bluetooth exploits available in the toolkit, from known public exploits and tools to custom-developed ones.
The framework works in a Black-box fashion, but it is also possible to operate the toolkit in a Gray-box fashion. For that one needs to extend the framework and connect it to the Operating System of the target so that it would be possible to observe Bluetooth logs and guarantee no false positives.
Also, we have already used our framework and were able to find 64 new vulnerabilities in 22 products.
https://github.com/sgxgsx/BlueToolkit
https://www.zabbix.com/security_advisories
[ Time Based SQL Injection in Zabbix Server Audit Log ]
CVE-2024-22120
⛔️ CRITICAL ⛔️
This vulnerability could lead to privilege escalation from user to admin. In some cases, SQL injection leads to RCE.
PoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py
[ Time Based SQL Injection in Zabbix Server Audit Log ]
CVE-2024-22120
⛔️ CRITICAL ⛔️
This vulnerability could lead to privilege escalation from user to admin. In some cases, SQL injection leads to RCE.
Affected version/s:
6.0.0-6.0.27
6.4.0-6.4.12
7.0.0alpha1-7.0.0beta1
PoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py