​*F5 Big IP CVE-2021-22986 RCE Exploit Being Added to Attack Frameworks* Sensors started seeing human momentum behind a framework meant to exploit public-facing applications (T1190). It looks like an RCE for CVE-2021-22986 was just added but we can’t confirm this by looking at the source, as just a precompiled binary is provided, and we have not tested the binary. None the less, this type of integration signals to widespread adoption and misuse of this exploit. Lastly, this framework claims to target the recent vCenter (CVE-2021-21972) exploit as well, which our sensors have registered heavy human momentum behind.
 
Anonymous-ghost/AttackWebFrameworkTools: https://github.com/Anonymous-ghost/AttackWebFrameworkTools
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam
 

​*WARNING F5 Big IP (CVE-2021-22986) unauthenticated RCE* Sensors are seeing activity (PoC development and patch reverse engineering) behind CVE-2021-22986 which is an unauthenticated RCE (we all knew this was coming) targeting F5 Big IP. Besides a PoC, the repo offers a complete patch analysis in pdf as well. This exploit belongs to a social structure of medium amplification so in our opinion, it will spur other activity.
 
PoC: https://github.com/dorkerdevil/CVE-2021-22986-Poc
 
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

*WARNING: PoC of Proxylogon chain SSRF(CVE-2021-26855) to write file* Sensors have detected a PoC for Proxylogon chain SSRF(CVE-2021-26855) to write file. Sensors are also seeing a high number of repos trying to publish this exploit code, battling with GitHub who is actively killing the repos as they go up.
 
Repos (if they are still up):
 
Proxylogon chain SSRF(CVE-2021-26855) to write file: https://github.com/raheel0x01/CVE-2021-26855/blob/main/POC_of_proxylogonchain.py
 
PoC_proxyLogon[.]py: https://github.com/hackerschoice/CVE-2021-26855/blob/main/PoC_proxyLogon.py
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

*WARNING (1 hour ago) CVE-2021-26855: Exchange SSRF* Sensors are starting to see parts of the recent Exchange exploit chain become publicly available.
 
CVE-2021-26855: Exchange SSRF: https://github.com/Udyz/CVE-2021-26855-SSRF-Exchange
 
MS technical Details: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Sensors have seen continuous human momentum behind Bafomet666/OSINT-SAN, advanced Russian OSINT tool. Within our database, this signal ranks 140/5389 for most all-time sensor hits (raw human momentum). The tool is also connected to a Telegram channel that has impactful social reach in itself.  
 
Bafomet666/OSINT-SAN: Bafomet666/OSINT-SAN: Framework для сбора данных и информации из открытых источников, но есть инструменты поиска и брутфорса которые использовать нужно, только с разрешения владельца ресурса. В Framework используется небольшое количество API. Вам необходимо их зарегистрировать самому.​ (github.com)
 
Telegram Channel: Bafomet dev – Telegram
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam