Goddi (Go Dump Domain Info) - Dumps Active Directory Domain Information

Based on work from Scott Sutherland @nullbind, Antti Rantasaari, Eric Gruber @egru, Will Schroeder @harmj0y, and the PowerView authors. Install Use the executables in the releases section. If you want to build it yourself, make sure that your go environment is setup according to the Go setup doc...

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

Is Facebook’s Anti-Abuse System Broken?

Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company's "community standards," the social media giant's technology appears to be woefully inadequate. Last wee...

Dump Active Directory Domain Information: goddi

goddi go dump domain info dumps domain users, groups, domain controllers, and more in CSV output and it runs on Windows and Linux. Functionality StartTLS and TLS tls.Client func connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the curren...

Facebook Graph Metadata Crosswalk Mapping Proof Of Concept

!/usr/bin/perl Facebook 'Graph' metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate facebook users with fake news...

Information disclosure

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check...

Facebook Bolsters Privacy Measures With New Data Access Restrictions

Facebook on Wednesday listed a number of new data access restrictions as the social media company looks to reassure end users that their personal information will remain private. The new measures, detailed in a post by Facebook CTO Mike Schroepfer, limit the personal data that apps can collect...

Ping Identity: Server-Side Request Forgery on SAML Application - Import via URL

Summary == The My Applications feature on PingOne Identity admin allows you to add new SAML applications to your account. One feature allows you to import metadata via URI instead of via upload. This uses Java 1.8 to make an external web request to the URI supplied. Typically this is hard to...

The devil’s in the Rich header

In our previous blog, we detailed our findings on the attack against the Pyeongchang 2018 Winter Olympics. For this investigation, our analysts were provided with administrative access to one of the affected servers, located in a hotel based in Pyeongchang county, South Korea. In addition, we...

[20180501] - Core - ACL violation in access levels

Inadequate checks allowed users to modify the access levels of user groups with higher permissions...

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

A years ago when the mysterious hacking group 'The Shadow Brokers' dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits. A group of Hungarian security researchers from CrySyS Lab and Ukatemi ha...

Regular Expression Denial Of Service (ReDoS)

node-forge is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is caused by a weak choice of regular expression regex groups and allows a given string to cause a huge performance slow down...

CVE-2018-7206

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...

DEBIAN-CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

UBUNTU-CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially

h3. Summary Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially. If you synchronize nested groups with upper case letters into Confluence from Crowd / LDAP, and then update the external directory to remove the child groups, the groups will no...

Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially

h3. Summary Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially. If you synchronize nested groups with upper case letters into Confluence from Crowd / LDAP, and then update the external directory to remove the child groups, the groups will no...

CVE-2014-9504

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...

Design/Logic Flaw

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...

CVE-2014-4919

OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups...