OWASP Top 10 – 2017 released

by admin

Monday, November 20th, 2017 at 10:37 pm


You can get it from here: github.com/OWASP/Top10/tree/master/2017

Spookflare

by admin

Monday, November 20th, 2017 at 9:56 pm


SpookFlare gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass the countermeasures of the target systems like a boss until they “learn” the technique and behavior of SpookFlare payloads.
More info: https://artofpwn.com/spookflare.html
Project: https://github.com/hlldz/SpookFlare

Bypassing UAC with access tokens

by admin

Monday, November 20th, 2017 at 9:38 pm

@tiraniddo released slides, demo videos, and some source code from his Zero Nights 2017 talk: Abusing Access Tokens for UAC Bypasses. Get it on his Github.
Summary:
“UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista. Most of the research of bypassing UAC has focused on abusing bad elevated application behavior, auto elevation or shared registry and file resources. However, UAC was fundamentally broken from day one due to the way Microsoft implemented the security around elevated processes, especially their access tokens. This presentation will go into depth on why this technique works, allowing you to silently gain administrator privileges if a single elevated application is running. It will describe how Microsoft tried to fix it in Windows 10, and how you can circumvent their defences. It will also go into detail on a previously undocumented technique to abuse the assumed, more secure, Over-The-Shoulder elevation on Windows 10.”

Backdooring PE Files

by admin

Monday, November 20th, 2017 at 8:43 pm

Haider Mahmood has a nice write-up on his blog using a few different techniques to backdoor PE files, making them (hopefully) fully undetectable by anti-viruses. Some restrictions he used in the process were: not changing the functionality of the program itself , or increasing the file size, and avoiding using other common techniques like msvenom, veil, and other crypters/packers. The techniques he covers to help reduce the AV detection rate are, changing the PE’s section header, codecaves, and dual code caves. He goes over the pros and cons of each usage.

Office DDEAUTO attacks

by admin

Saturday, October 21st, 2017 at 3:15 am

New post on willgenovese.com about macro-less Office command execution and how to use different payloads with the attack.

Exploiting with EternalRomance with Win10 WSL

by admin

Wednesday, October 4th, 2017 at 2:55 am

How to install metasploit inside Win10 WSL and use some python scripts to exploit vulnerable Win2k through 2k16 machines.
willgenovese.com/exploiting-with-eternalromance-using-metapsloit-installed-inside-win10-wsl/

bitcracker – bitlocker password cracker

by admin

Sunday, October 1st, 2017 at 2:45 pm

BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker. Check it out @ https://github.com/e-ago/bitcracker or use as a plugin for John The Ripper Jumbo version @ http://openwall.info/wiki/john/OpenCL-BitLocker

Danderspritz

by admin

Sunday, October 1st, 2017 at 2:41 pm

Francisco Donoso gave a good talk @Derbycon on Equation Group’s leaked Danderspritz tool

Check out his site danderspritz.com and more docs ::here::

DigitalOcean using same common password for 1-Clicks running MySQL

by admin

Tuesday, September 19th, 2017 at 3:31 am

Have fun scanning before DigitialOcean releases their public notice:
1-Click users potentially remotely exploitable unless they have changed the debian-sys-maint password {MySQL, PHPMyAdmin,LAMP, LEMP, WordPress, OwnCloud}
In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created: debian-sys-maint.
Any Droplet created from this common image shares the same password for the MySQL debian-sys-maint user.
Affected Versions:
Ubuntu 14.04
Ubuntu 16.04
Ubuntu 17.10
Debian 7
Debian 8
Not Affected:
Debian 9

EternalBlue analysis

by admin

Sunday, June 25th, 2017 at 12:50 pm

Awesome write-up from @zerosum0x0 & @JennaMagius on how the EternalBlue exploit works and porting the exploit to Win10 https://zerosum0x0.blogspot.com/2017/06/eternalblue-exploit-analysis-and-port.html

Your IP: 54.162.164.86
Hostname: ec2-54-162-164-86.compute-1.amazonaws.com

You are from the area.

We love our country, but fear our government.