*WARNING: Sensors Seeing Momentum Behind CVE-2021-31955 Windows Kernel Information Disclosure POC* Our sensors ingested this exploit yesterday, which has had a significant up-tick in sensor hit count activity (meaning human activity in the cybersecurity ecosystem). Furthermore, this exploit is part of a social structure which specializes in Windows Kernel Exploits. Lastly, there is further social amplification of this exploit as we have seen it has been added to a major Exploit aggregation (PoC-in-GitHub).
CVE-2021-31955: https://github.com/mavillon1/CVE-2021-31955-POC PoC-in-GitHub(Aggregation):PoC-in-GitHub/CVE-2021-31955.json at f68e227d41c349cedba87e14f207aa612d061b30 · nomi-sec/PoC-in-GitHub · GitHub Other Kernel Exploit by Author: CVE-2021-26868: https://github.com/mavillon1/CVE-2021-33739-POC #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam
0 Comments
*Warning: Heavy Traction on CVE-2021-32537 - Out-of-bounds access leading to pool corruption in the Windows Kernel* Sensors are seeing heavy human momentum behind an exploit targeting a Realtek driver (RTKVHD64.sys), deployed to many mainstream devices such as: Microsoft Surface Laptop, Microsoft Surface Book and Dell XPS 13. This exploit is part of a significant social structure which will further serve to amplify its social reach.
Exploit PoC: https://github.com/0vercl0k/CVE-2021-32537 #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam *Red | Blue Team Resources for Cobalt Strike Tactics* Our AI is picking and pairing some fantastic, trending tradecraft resources, based on social structures and tradecraft signature similarities. Below, the automation has paired two trending resources for Cobalt Strike, but one resource is from a purely defensive perspective and the other from a purely offensive perspective. Definitely worth a check out.
Blue: https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence Red: https://github.com/zer0yu/Awesome-CobaltStrike #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam 6/2/2021 0 Comments Offensive Nim*Offensive Nim* "Weaponizing Nim for implant development and general offensive operations." Our automation found and grouped a bunch of resources related to the offensive use of the Nim programming language, of which I had never heard of before. Of the resources grouped and deemed important by our AI, Nim implant creation (for Mythic as well), Nim syscall use, Nim steganography, and a report on Russian advanced operator usage of the Nim programming language.
Offensive Nim Main Repo: https://github.com/byt3bl33d3r/OffensiveNim Nimplant: https://github.com/MythicAgents/Nimplant Nim syscalls for Linux: https://github.com/def-/nim-syscall Nim steganography: https://github.com/treeform/steganography Russian APT Report: Zebrocy’s Multilanguage Malware Salad | Securelist #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam |