Channel: exploit.org
Release of an article on the experimental vector of pivoting against Windows
Caster - Windows Nightmare
https://blog.exploit.org/windows-nightmare
Caster - Windows Nightmare
https://blog.exploit.org/windows-nightmare
Beyond the Code: Art of AppSec in Java: Part 1
Master your knowledge of application security, follow best practices and become stronger with us.
https://blog.exploit.org/java-appsec/
Master your knowledge of application security, follow best practices and become stronger with us.
https://blog.exploit.org/java-appsec/
NetArmor v1.1 released
+ Fixed ClientHello packet detection in TLS Fingerprinting
+ Advanced HTTP/2 Fingerprinting according to Akamai's White Paper
+ JDK 11 and upper support
+ ALPN support in Reactor Netty Provider
Github
+ Fixed ClientHello packet detection in TLS Fingerprinting
+ Advanced HTTP/2 Fingerprinting according to Akamai's White Paper
+ JDK 11 and upper support
+ ALPN support in Reactor Netty Provider
Github
Beyond the Code: Exposing in Disguise
In this article we will review the usage of such techniques as TLS (JA3) Fingerprinting, HTTP/2 Fingerprinting in a use case of malicious client detection.
https://blog.exploit.org/exposing-in-disguise/
In this article we will review the usage of such techniques as TLS (JA3) Fingerprinting, HTTP/2 Fingerprinting in a use case of malicious client detection.
https://blog.exploit.org/exposing-in-disguise/
New version of Above v2.5 sniffer
+ The tool now handles all frames and packets in the air
+ New 5 protocols support: EAPOL, ARP, IGMP, DHCP, ICMPv6
+ New visual output of packets
+ Completely rewritten and simplified code, removed threads, removed dependency on pcap_analyzer
+ Fixed code for some protocols for error handling
https://github.com/casterbyte/Above/releases/tag/v2.5
+ The tool now handles all frames and packets in the air
+ New 5 protocols support: EAPOL, ARP, IGMP, DHCP, ICMPv6
+ New visual output of packets
+ Completely rewritten and simplified code, removed threads, removed dependency on pcap_analyzer
+ Fixed code for some protocols for error handling
https://github.com/casterbyte/Above/releases/tag/v2.5
GitHub
Release Above v2.5 (Codename: Ayrton Senna) · casterbyte/Above
The tool now handles all frames and packets in the air
New 5 protocols support: EAPOL, ARP, IGMP, DHCP, ICMPv6
New visual output of packets
Completely rewritten and simplified code, removed threads...
New 5 protocols support: EAPOL, ARP, IGMP, DHCP, ICMPv6
New visual output of packets
Completely rewritten and simplified code, removed threads...
Pivoting against Windows is a fairly complex post-exploitation process. In this article I will demonstrate my new method of link layer pivoting using SoftEther and without a virtual machine
Caster — Witchhammer
https://blog.exploit.org/witchhammer
Caster — Witchhammer
https://blog.exploit.org/witchhammer
Everything Lit: Ways to achieve UEFI persistence.
Just one view of "extreme" techniques. Imagination and knowledge is all you need!
https://blog.exploit.org/everything-lit/
Just one view of "extreme" techniques. Imagination and knowledge is all you need!
https://blog.exploit.org/everything-lit/
Pivoting is one of the stages of post-exploitation, in a sense it is extreme network administration. In my article I will demonstrate pivoting on Windows using TailScale
Caster - Defect
https://blog.exploit.org/defect
Caster - Defect
https://blog.exploit.org/defect
Pivoting is one of the post-exploitation processes where an attacker tries to expand its presence in the network infrastructure. In this article, I will demonstrate a method of pivoting on Linux using TailScale to get into the internal infrastructure
Caster - Defect VIP
https://blog.exploit.org/defectvip
Caster - Defect VIP
https://blog.exploit.org/defectvip
SECURITY ALERT ⚠️
Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through specially crafted media files, such as images or videos.
For security reasons disable auto-download feature. Please follow these steps:
1. Go to Settings.
2. Tap on "Advanced".
3. Under the "Automatic Media Download" section, disable auto-download for "Photos", "Videos", and "Files" across all chat types (Private chats, groups, and channels).
We are currently investigating this vulnerability.
Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through specially crafted media files, such as images or videos.
For security reasons disable auto-download feature. Please follow these steps:
1. Go to Settings.
2. Tap on "Advanced".
3. Under the "Automatic Media Download" section, disable auto-download for "Photos", "Videos", and "Files" across all chat types (Private chats, groups, and channels).
We are currently investigating this vulnerability.
RCE Status Update.
During the investigation and analysis of the trial material that was provided to us as samples and attack attempts, no illegitimate interference with the Telegram Desktop behavior was detected.
The verdict was made in parallel with the Telegram development team.
PNG samples have nothing to do with the problem, given the specifics of image processing on the Telegram server, while only a properly crafted vunlerable JPG may be considered valid by the server, potentially indicating a problem related to mozjpeg. Despite claims that one of the samples overwrites data in the R9 register to 0x666, we did not find such behavior, moreover, one statement is not a strong evidence of the vulnerability. Without any additional information, it's just guesswork.
The versions of Telegram tested were from 4.16.0 to 4.16.6.
Information about the environment in which the test was performed:
CPU:
Architecture:
Platform:
Analyzed and debugged Telegram source code starting points:
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L434
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L415
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L452
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L440
- https://github.com/telegramdesktop/tdesktop/blob/84ce72ec7a7f39dddeea5c311a4ec1eb2776847b/Telegram/SourceFiles/storage/file_download.cpp#L160
- https://github.com/telegramdesktop/tdesktop/blob/84ce72ec7a7f39dddeea5c311a4ec1eb2776847b/Telegram/SourceFiles/storage/file_download.cpp#L164
However, there may be things that were not noticed by us in this short time frame.
To request samples, that we were provided with during the investigation or you noticed something that we did not, and want to share with us, please contact us by [email protected]
⚠️ If you managed to develop POC - contact Telegram directly by [email protected] as you'll be eligible for payout starting from 10,000 EUR.
During the investigation and analysis of the trial material that was provided to us as samples and attack attempts, no illegitimate interference with the Telegram Desktop behavior was detected.
The verdict was made in parallel with the Telegram development team.
PNG samples have nothing to do with the problem, given the specifics of image processing on the Telegram server, while only a properly crafted vunlerable JPG may be considered valid by the server, potentially indicating a problem related to mozjpeg. Despite claims that one of the samples overwrites data in the R9 register to 0x666, we did not find such behavior, moreover, one statement is not a strong evidence of the vulnerability. Without any additional information, it's just guesswork.
The versions of Telegram tested were from 4.16.0 to 4.16.6.
Information about the environment in which the test was performed:
CPU:
AMD EPYC™ 7502P 32-Core (Zen2)Architecture:
x86_64Platform:
Windows 10 Version 22H2 (OS Build 19045.4291)Analyzed and debugged Telegram source code starting points:
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L434
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L415
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L452
- https://github.com/desktop-app/lib_ui/blob/master/ui/image/image_prepare.cpp#L440
- https://github.com/telegramdesktop/tdesktop/blob/84ce72ec7a7f39dddeea5c311a4ec1eb2776847b/Telegram/SourceFiles/storage/file_download.cpp#L160
- https://github.com/telegramdesktop/tdesktop/blob/84ce72ec7a7f39dddeea5c311a4ec1eb2776847b/Telegram/SourceFiles/storage/file_download.cpp#L164
However, there may be things that were not noticed by us in this short time frame.
To request samples, that we were provided with during the investigation or you noticed something that we did not, and want to share with us, please contact us by [email protected]
⚠️ If you managed to develop POC - contact Telegram directly by [email protected] as you'll be eligible for payout starting from 10,000 EUR.
Hi to all of those with superior taste and knowledge of true mastery.
Today we are giving away 10 Telegram Premiums amongst our subscribers.
Enjoy and hope the stakes play in your favour, while we do our job😉
Today we are giving away 10 Telegram Premiums amongst our subscribers.
Enjoy and hope the stakes play in your favour, while we do our job
Please open Telegram to view this post
VIEW IN TELEGRAM
⚠️PuTTY CVE-2024-31497 ⚠️
📰Brief: attacker can gain access to private key with public key and some signed messages on hand via forged identification signature of legitimate user. Signed messages may be publicly visible due to storage in public Git.
🚩Possibilities: login into any servers key was used in, supply chain attacks software maintained git, etc.
📗Affected versions: 0.80 and prior.
📚Full description: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
📰Brief: attacker can gain access to private key with public key and some signed messages on hand via forged identification signature of legitimate user. Signed messages may be publicly visible due to storage in public Git.
🚩Possibilities: login into any servers key was used in, supply chain attacks software maintained git, etc.
📗Affected versions: 0.80 and prior.
📚Full description: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
MikroTik equipment is widely distributed all over the world and its security is an acute issue. In this paper, Caster covered many aspects related to the network security of MikroTik equipment.
Caster - Lockdown
https://blog.exploit.org/caster-routeros-lockdown
Caster - Lockdown
https://blog.exploit.org/caster-routeros-lockdown
10 winners of the giveaway were randomly selected by Telegram and received their gift links in private messages.
Cisco equipment is widespread in production networks. In this article, Caster will demonstrate methods to protect Cisco IOS from network attacks.
Caster - Disciple
https://blog.exploit.org/caster-disciple
Caster - Disciple
https://blog.exploit.org/caster-disciple
Poisoning attacks against Windows machines have become well known among pentesters. In this article, Caster will demonstrate how to detect poisoning attacks using Suricata.
Caster - Neurotransmitter
https://blog.exploit.org/caster-neurotransmitter
Caster - Neurotransmitter
https://blog.exploit.org/caster-neurotransmitter
HTML Embed Code: