Exploit for Unrestricted Upload of File with Dangerous Type in Filemanagerpro File_Manager

wp-file-manager-exploit-CVE-2020-25213-with-Zerologon Project...

MiracleLinux 7 : samba-4.10.16-9.0.1.el7.AXS7 (AXSA:2020-1012:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1012:06 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...

MiracleLinux 4 : samba4-4.2.10-15.0.1.AXS4 (AXSA:2021-1573:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1573:01 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...

MiracleLinux 8 : openchange-2.3-27.el8, samba-4.13.3-3.el8 (AXSA:2021-2082:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2082:01 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...

Exploit for CVE-2020-1472

zerologon-lab Scripts for a lab environment demonstrating the...

Exploit for CVE-2020-1472

Domain-Controller-DC-Exploitation-with-Metasploit-Impacket End...

Exploit for CVE-2020-1472

ZeroLogon-CVE-2020-1472 Explicação e demonstração da vulnerabi...

Exploit for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit CVE-2020-1472. It attempts to perform the Netlogon authentication bypass. The script will immediately terminate when successfully performing the bypass, and not perform any...

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and passwor...

Netlogon Weak Cryptographic Authentication

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...

RansomHub A Rebranded Menace Exploiting the ZeroLogon Vulnerability

...

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

Exploit for Improper Certificate Validation in Microsoft

ADVulnScanner Detects common vulnerabilities in...

Attacks, Vulnerabilities and Actors 21 August to 27 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

The U.S. Cyber Command USCYBERCOM on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of...

Conti Ransomware

Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...

Microsoft Netlogon Privilege Escalation Vulnerability

Microsoft's Netlogon Remote Protocol MS-NRPC contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a...

Exploit for CVE-2020-1472

介绍 参考很多师傅写的关于CS的脚本,内容有横向移动、密码抓取、权限提升、权限维持等,尽可能将内网渗透中常用到的东西整理一下方便使用 更新日志 2021.7.7 更新CVE-2021-1675只测试了本地提权,其他的待测 参考于 https://github.com/cube0x0/CVE-2021-1675 2021.7.26 更新CVE-2021-1675-36934,参考与 https://github.com/cube0x0/CVE-2021-36934 2021.8.14 更新ZeroLogonCVE-2020-1472,参考...

samba: Netlogon elevation of privilege vulnerability (Zerologon)

A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...