Lessons from Operation RussianDoll

As defensive security controls raise the bar to attack, attackers will employ increasingly sophisticated techniques to complete their mission. Understanding the mechanics and impact of these threats is essential to systematically discover and deflect the coming wave of advanced attacks. Mandiant...

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

3 6 0 the end of the tour the ultimate firepower“stealth”,“the spike”, etc. vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction Before sent over a patch a generic D3D game buck perspective plug-in, a buddy because the stock Duvet cover, with a plug-in to play the ultimate firepower of boredom, a do nothing level is too dishes light has a perspective or abused, please I helped him the whole point of the...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

Responses with Set-Cookie header cached

h3. Context We have Confluence running with SSO from Crowd. Confluence is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get...

Responses with Set-Cookie header cached

h3. Context We have Confluence running with SSO from Crowd. Confluence is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get...

Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)

import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from impacket import uuid from impacket import dcerpc from impacket.dcerpc.v5 import transport except ImportError, : print 'Install the following...

Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067)

Microsoft Windows - NetAPI32.dll Code Execution Python MS08-067 import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from impacket import uuid from impacket import dcerpc from impacket.dcerpc.v5 import...

Centreon 2.5.3 - Remote Command Execution

Centreon 2.5.3 - Remote Command Execution Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreo...

Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit

Exploit for windows platform in category remote exploits EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS08067.py import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from...

Centreon 2.5.3 - Remote Command Execution

Exploit for php platform in category web applications Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in...

Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

Venom - Metasploit Shellcode Generator / Compiler / Listenner

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...

Algobox 0.9 DLL Hijacking

Exploit Title: ALGOBOX DLL HIJACKING VULNERABILTY Date: FEB 14 2016 Exploit Author: SHANTANU KHANDELWAL Vendor Homepage: http://www.xm1math.net Software Link: http://www.xm1math.net/algobox/algoboxwin32install.exe Version: LPORT=4444 quserex.dll Exploit: Place a dummy .alg file with the malicious...

SideDoor - Debian/Ubuntu Backdoor Using A Reverse SSH Tunnel

sidedoor maintains a reverse tunnel to provide a backdoor. sidedoor can be used to remotely control a device behind a NAT. sidedoor is packaged for Debian-based systems with systemd or upstart. It has been used on Debian 8 jessie and Ubuntu 14.04 LTS trusty. The sidedoor user has full root access...

FLARE Script Series: flare-dbg Plug-ins

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my first post on using flare-dbg to automate string decoding, be sure to check it out! We created the flare-dbg Pytho...

[SECURITY] Fedora 22 Update: nginx-1.8.1-1.fc22

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

DNS Record Scanner and Enumerator

This module can be used to gather information about a domain from a given DNS server by performing various DNS queries such as zone transfers, reverse lookups, SRV record brute forcing, and other techniques. This module requires Metasploit: https://metasploit.com/download Current source:...