http://pen-testing.sans.org/blog/2017/11/27/understanding-and-exploiting-web-based-ldap
Rtfdump update
Version 0.0.6 https://blog.didierstevens.com/2017/12/10/update-rtfdump-py-version-0-0-6/
Another S3 leak
Alteryx S3 leak leaves 123m American households exposed | ZDNet http://www.zdnet.com/article/alteryx-s3-leak-leaves-120m-american-households-exposed/
Code Execution via CSV file
Totally stumbled across this by accident, but it does not look like I ma the first to find this:
http://georgemauer.net/2017/10/07/csv-injection.html
https://www.owasp.org/index.php/CSV_Excel_Macro_Injection
https://pentestmag.com/formula-injection/
https://www.contextis.com/blog/comma-separated-vulnerabilities
https://hackerone.com/reports/72785
http://georgemauer.net/2017/10/07/csv-injection.html
https://www.owasp.org/index.php/CSV_Excel_Macro_Injection
https://pentestmag.com/formula-injection/
https://www.contextis.com/blog/comma-separated-vulnerabilities
https://hackerone.com/reports/72785
More on SEC breach
Here's The Latest About What The SEC Hackers Stole, but not a whole lot really
https://packetstormsecurity.com/news/view/28207/Heres-The-Latest-About-What-The-SEC-Hackers-Stole.html
Some fun lately with custom payloads
Doing some testing on new AV. Been reading a lot about custom payloads. I now many of these are old, but the ideas may still be new to others.
Here are some of the more recent reads ......
http://e-spohn.com/blog/2012/08/02/pe-crypters-hyperion/
https://www.christophertruncer.com/bypass-antivirus-with-meterpreter-as-the-payload-hyperion-fun/
http://www.exploit-monday.com/2011/11/powersyringe-powershell-based-codedll.html
http://colesec.inventedtheinternet.com/obfuscating-meterpreter-payloads-with-veil/
http://colesec.inventedtheinternet.com/hacking-with-powershell-powersploit-and-invoke-shellcode/
https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work
https://www.citadelo.com/en/how-we-bypassed-nod32-and-hacked-a-paranoid-customer-2/
Here are some of the more recent reads ......
http://e-spohn.com/blog/2012/08/02/pe-crypters-hyperion/
https://www.christophertruncer.com/bypass-antivirus-with-meterpreter-as-the-payload-hyperion-fun/
http://www.exploit-monday.com/2011/11/powersyringe-powershell-based-codedll.html
http://colesec.inventedtheinternet.com/obfuscating-meterpreter-payloads-with-veil/
http://colesec.inventedtheinternet.com/hacking-with-powershell-powersploit-and-invoke-shellcode/
https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work
https://www.citadelo.com/en/how-we-bypassed-nod32-and-hacked-a-paranoid-customer-2/
Course Review: Ethical Hacking For Beginners
course:
https://stackskills.com/p/ethical-hacking-for-beginners
Overall verdict: Stay Away.
Better course for the money, adn this is not that expensive, so please let that tell you something.
Basic lectures are wrong in this course. The information presented about traceroute and DNS is just plain wrong in this course. Everything else is not that much different form similar coursework available from other sources. My suggestion is to look elsewhere.
https://stackskills.com/p/ethical-hacking-for-beginners
Overall verdict: Stay Away.
Better course for the money, adn this is not that expensive, so please let that tell you something.
Basic lectures are wrong in this course. The information presented about traceroute and DNS is just plain wrong in this course. Everything else is not that much different form similar coursework available from other sources. My suggestion is to look elsewhere.
Etheream heist
Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes http://thehackernews.com/2017/07/ethereum-cryptocurrency-heist.html
Anthem Breach Settlement
Anthem Agrees to Settle 2015 Data Breach for $115 Million https://threatpost.com/anthem-agrees-to-settle-2015-data-breach-for-115-million/126527/
WWE fans exposed
Leaky WWE Database Exposes Personal Data of 3M Wrestling Fans https://threatpost.com/leaky-wwe-database-exposes-personal-data-of-3m-wrestling-fans/126710/
Hospitality breaches
Hard Rock, Loews Hotels Among Sabre Corp Hospitality Breach Victims https://threatpost.com/hard-rock-loews-hotels-among-sabre-corp-hospitality-breach-victims/126715/
Molina Needs some Health
https://krebsonsecurity.com/2017/05/molinahealthcare-com-exposed-patient-records/
Canada fires tax worker
http://www.cbc.ca/news/politics/canada-revenue-agency-tax-privacy-breach-dvd-lost-fired-employee-1.4121807
Qatar state news agency hacked
http://www.securityweek.com/qatar-begins-probe-after-state-news-agency-hacked
How was flexispy hacked
https://dl.packetstormsecurity.net/papers/attack/flexispy-hacked.txt
Update:
another DIY guide:
https://dl.packetstormsecurity.net/papers/attack/hackback-a-diy-guide.txt
Update:
another DIY guide:
https://dl.packetstormsecurity.net/papers/attack/hackback-a-diy-guide.txt
Tinder Investigates After 40,000 Profile Pics Snatched
https://packetstormsecurity.com/news/view/27749/Tinder-Investigates-After-40-000-Profile-Pics-Snatched.html
Microsoft Windows 32-bit / 64-bit cmd.exe Shellcode
https://packetstormsecurity.com/files/142572/wincmdexe-shellcode.txt
French election hack
Hackers emit 9GB of stolen Macron 'emails' two days before French presidential election • The Register http://www.theregister.co.uk/2017/05/06/hackers_release_9gb_of_email_from_macron_two_days_before_french_presidential_election/
Hacker Steals Millions of User Account Details from Education Platform Edmodo
https://motherboard.vice.com/en_us/article/hacker-steals-millions-of-user-account-details-from-education-platform-edmodo
India's Zomato Says Data From 17 Million Users Stolen
Https://packetstormsecurity.com/news/view/27822/Indias-Zomato-Says-Data-From-17-Million-Users-Stolen.html
Bell Canada Hack Hits 1.9 Million Customers
Https://packetstormsecurity.com/news/view/27812/Bell-Canada-Hack-Hits-1.9-Million-Customers.html
New card for you
IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels https://threatpost.com/ihg-confirms-second-credit-card-breach-impacting-1000-plus-hotels/125033/
Reset your passwords
Atlassian Resets HipChat Passwords Following Breach https://threatpost.com/atlassian-resets-hipchat-passwords-following-breach/125210/
Holiday Inn breach
Holiday Inn Hotels Hit By Card Payment System Hack https://packetstormsecurity.com/news/view/27692/Holiday-Inn-Hotels-Hit-By-Card-Payment-System-Hack.html
RaaS
Russian Hacker Creates Starter Pack Ransomware Service https://packetstormsecurity.com/news/view/27685/Russian-Hacker-Creates-Starter-Pack-Ransomware-Service.html
Small Linux shellcode
Linux x86_64 execve("/bin/sh") Shellcode https://packetstormsecurity.com/files/142135/31linuxx8664binsh-shellcode.txt
GameStop breach
GameStop Confirms Possible Breach Of Customer Credit Card Info https://packetstormsecurity.com/news/view/27657/GameStop-Confirms-Possible-Breach-Of-Customer-Credit-Card-Info.html
Analyze Embedded PDF file
https://blog.didierstevens.com/2017/04/20/malicious-documents-the-matryoshka-edition/
Shoney's announces breach
http://www.ibtimes.co.uk/shoneys-restaurants-hit-pos-malware-customers-card-details-compromised-months-1617409
Hotel chain breach bigger
InterContinental Hotel Chain Breach Expands https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/
Citadel owner pleads guilty
Russian mastermind of $500m bank-raiding Citadel coughs to crimes
http://www.theregister.co.uk/2017/03/22/russian_citadel_malware_pleads_guilty/
ABTA Website Hacked
43,000 People Affected By Breach
https://packetstormsecurity.com/news/view/27609/ABTA-Website-Hacked-43-000-People-Affected-By-Breach.html
Pwn2Own2017
Chrome Remains the Winner in Browser Security
https://securityzap.com/pwn2own-2017-chrome-remains-winner-browser-security/
Pentesting whiteboards
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-one-line-web-client
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-get-firewall-rules
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-built-in-port-scanner
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-add-a-firewall-rule
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-find-juicy-stuff-in-the-file-system
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-sudo-make-me-a-sandwich
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-wmic-process
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-netsh-interface
https://pen-testing.sans.org/blog/2017/03/06/pen-test-poster-white-board-powershell-ping-sweeper
https://pen-testing.sans.org/blog/2017/03/03/got-meterpreter-pivotpowpy
https://pen-testing.sans.org/blog/2017/02/28/pen-test-poster-white-board-bash-make-output-easier-to-read
https://pen-testing.sans.org/blog/2017/02/21/pen-test-poster-white-board-bash-check-service-every-second
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-get-firewall-rules
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-built-in-port-scanner
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-add-a-firewall-rule
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-find-juicy-stuff-in-the-file-system
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-sudo-make-me-a-sandwich
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-wmic-process
https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-cmd-exe-c-netsh-interface
https://pen-testing.sans.org/blog/2017/03/06/pen-test-poster-white-board-powershell-ping-sweeper
https://pen-testing.sans.org/blog/2017/03/03/got-meterpreter-pivotpowpy
https://pen-testing.sans.org/blog/2017/02/28/pen-test-poster-white-board-bash-make-output-easier-to-read
https://pen-testing.sans.org/blog/2017/02/21/pen-test-poster-white-board-bash-check-service-every-second
Rootkit Tricks
a few links:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489(v=vs.85).aspx
http://stackoverflow.com/questions/4021307/enumprocesses-vs-createtoolhelp32snapshot
https://books.google.com/books?id=ifQPC86G66sC&pg=PA437&lpg=PA437&dq=CreateToolhelp32Snapshot()
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682631(v=vs.85).aspx
A few other windows things:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724947(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms646293(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489(v=vs.85).aspx
http://stackoverflow.com/questions/4021307/enumprocesses-vs-createtoolhelp32snapshot
https://books.google.com/books?id=ifQPC86G66sC&pg=PA437&lpg=PA437&dq=CreateToolhelp32Snapshot()
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682631(v=vs.85).aspx
A few other windows things:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724947(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms646293(v=vs.85).aspx
Hide console shellcode
Windows x86 Hide Console Window Shellcode https://packetstormsecurity.com/files/141586/winx86hide-shellcode.txt
Linux file read
Linux/x86 File Reader Shellcode https://packetstormsecurity.com/files/141698/linuxx86filereader-shellcode.txt
Create File Shellcode
CreateFile Shellcode https://packetstormsecurity.com/files/141707/createfile-shellcode.c
Directory search shellcode
Windows x86 Executable Directory Search Shellcode
https://packetstormsecurity.com/files/141333/win86execdirsearch-shellcode.txt
Random Linux Shellcode
Linux x86_64 Random Listener Shellcode https://packetstormsecurity.com/files/141332/linuxrandom-shellcode.txt
Explain 'getsystem'
https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/
https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/
http://carnal0wnage.attackresearch.com/2010/01/metasploit-getsystem-command.html?m=1
http://www.khromozome.com/windows-privilege-escalation-bypassuac/
https://www.redspin.com/it-security-blog/2010/02/getsystem-privilege-escalation-via-metasploit/
ASLR flaw
A Chip Flaw Strips Away a Key Hacking Safeguard for Millions of Devices | WIRED https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/
Basics of Windows Incident Response
https://jordanpotti.com/2017/01/20/basics-of-windows-incident-response/
AV0id – Anti-Virus Bypass Metasploit Payload Generator Script
https://www.commonexploits.com/av0id-anti-virus-bypass-metasploit-payload-generator-script/
Quick Integration of MISP and Cuckoo
https://blog.rootshell.be/2017/01/25/quick-integration-misp-cuckoo/
Detecting Kerberoasting Activity Part 2
Creating a Kerberoast Service Account Honeypot https://adsecurity.org/?p=3513
Microsoft AD hacking tricks
Sneaky Persistence Active Directory Trick #18: Dropping SPNs on Admin Accounts for Later Kerberoasting https://adsecurity.org/?p=3466
Microsoft Office Word Malicious Macro Execution
https://packetstormsecurity.com/files/140972/office_word_macro.rb.txt
Lynis Auditing Tool 2.4.1
Lynis Auditing Tool 2.4.1
https://packetstormsecurity.com/files/140981/lynis-2.4.1.tar.gz
Question and Answer
https://www.youtube.com/watch?v=JAH43TZYGt4
https://www.youtube.com/watch?v=sCG-5fluNPo
https://www.youtube.com/watch?v=sCG-5fluNPo
Subscribe to:
Posts (Atom)