|
*Trends in Offensive Tradecraft: Sample Subset* In the most basic form, our automation can articulate trends it sees in the offensive security ecosystem. The automation looks for aggregations in behaviors, native Windows components which are leveraged offensively, and trending software techniques being utilized. This base analysis is consumed and compounded by the automation to produce much more in-depth analysis and suggest pertinent and important content to a user. I thought it would be interesting to share a sample of these basic trends that we see in our dataset. #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam 
0 Comments
*WARNING: Sensors Seeing Momentum Behind CVE-2021-31955 Windows Kernel Information Disclosure POC* Our sensors ingested this exploit yesterday, which has had a significant up-tick in sensor hit count activity (meaning human activity in the cybersecurity ecosystem). Furthermore, this exploit is part of a social structure which specializes in Windows Kernel Exploits. Lastly, there is further social amplification of this exploit as we have seen it has been added to a major Exploit aggregation (PoC-in-GitHub). CVE-2021-31955: https://github.com/mavillon1/CVE-2021-31955-POC PoC-in-GitHub(Aggregation):PoC-in-GitHub/CVE-2021-31955.json at f68e227d41c349cedba87e14f207aa612d061b30 · nomi-sec/PoC-in-GitHub · GitHub Other Kernel Exploit by Author: CVE-2021-26868: https://github.com/mavillon1/CVE-2021-33739-POC #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *Warning: Heavy Traction on CVE-2021-32537 - Out-of-bounds access leading to pool corruption in the Windows Kernel* Sensors are seeing heavy human momentum behind an exploit targeting a Realtek driver (RTKVHD64.sys), deployed to many mainstream devices such as: Microsoft Surface Laptop, Microsoft Surface Book and Dell XPS 13. This exploit is part of a significant social structure which will further serve to amplify its social reach. Exploit PoC: https://github.com/0vercl0k/CVE-2021-32537 #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *Red | Blue Team Resources for Cobalt Strike Tactics* Our AI is picking and pairing some fantastic, trending tradecraft resources, based on social structures and tradecraft signature similarities. Below, the automation has paired two trending resources for Cobalt Strike, but one resource is from a purely defensive perspective and the other from a purely offensive perspective. Definitely worth a check out. Blue: https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence Red: https://github.com/zer0yu/Awesome-CobaltStrike #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  6/2/2021 0 Comments Offensive Nim *Offensive Nim* "Weaponizing Nim for implant development and general offensive operations." Our automation found and grouped a bunch of resources related to the offensive use of the Nim programming language, of which I had never heard of before. Of the resources grouped and deemed important by our AI, Nim implant creation (for Mythic as well), Nim syscall use, Nim steganography, and a report on Russian advanced operator usage of the Nim programming language.
Offensive Nim Main Repo: https://github.com/byt3bl33d3r/OffensiveNim Nimplant: https://github.com/MythicAgents/Nimplant Nim syscalls for Linux: https://github.com/def-/nim-syscall Nim steganography: https://github.com/treeform/steganography Russian APT Report: Zebrocy’s Multilanguage Malware Salad | Securelist #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *EternalBlue suite remade in C/C++* Last month, our automation ingested an extremely interesting remake of part of the infamous shadow brokers leak – EternalBlue. We are going to deep dive into this suite of exploits and tools, over the next few weeks. Side note…I totally forgot how to setup 2008r2 😊.
EternalBlueC (Remake): https://github.com/bhassani/EternalBlueC DoublePulsar Shellcode Analysis: https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *F5 Big IP CVE-2021-22986 RCE Exploit Being Added to Attack Frameworks* Sensors started seeing human momentum behind a framework meant to exploit public-facing applications (T1190). It looks like an RCE for CVE-2021-22986 was just added but we can’t confirm this by looking at the source, as just a precompiled binary is provided, and we have not tested the binary. None the less, this type of integration signals to widespread adoption and misuse of this exploit. Lastly, this framework claims to target the recent vCenter (CVE-2021-21972) exploit as well, which our sensors have registered heavy human momentum behind.
Anonymous-ghost/AttackWebFrameworkTools: https://github.com/Anonymous-ghost/AttackWebFrameworkTools #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *WARNING F5 Big IP (CVE-2021-22986) unauthenticated RCE* Sensors are seeing activity (PoC development and patch reverse engineering) behind CVE-2021-22986 which is an unauthenticated RCE (we all knew this was coming) targeting F5 Big IP. Besides a PoC, the repo offers a complete patch analysis in pdf as well. This exploit belongs to a social structure of medium amplification so in our opinion, it will spur other activity.
PoC: https://github.com/dorkerdevil/CVE-2021-22986-Poc #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *WARNING: PoC of Proxylogon chain SSRF(CVE-2021-26855) to write file* Sensors have detected a PoC for Proxylogon chain SSRF(CVE-2021-26855) to write file. Sensors are also seeing a high number of repos trying to publish this exploit code, battling with GitHub who is actively killing the repos as they go up.
Repos (if they are still up): Proxylogon chain SSRF(CVE-2021-26855) to write file: https://github.com/raheel0x01/CVE-2021-26855/blob/main/POC_of_proxylogonchain.py PoC_proxyLogon[.]py: https://github.com/hackerschoice/CVE-2021-26855/blob/main/PoC_proxyLogon.py #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam  *WARNING (1 hour ago) CVE-2021-26855: Exchange SSRF* Sensors are starting to see parts of the recent Exchange exploit chain become publicly available.
CVE-2021-26855: Exchange SSRF: https://github.com/Udyz/CVE-2021-26855-SSRF-Exchange MS technical Details: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam |
Search by typing & pressing enter
RSS Feed