#research
ALPACA Attack: Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication.
# https://alpaca-attack.com/
# https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html
# https://github.com/RUB-NDS/alpaca-code/
ALPACA Attack: Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication.
# https://alpaca-attack.com/
# https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html
# https://github.com/RUB-NDS/alpaca-code/
The Hacker News
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
ALPACA Attack: A new TLS attack allows attackers to launch cross-protocol attacks against secure sites.
Beginners Guide to 0day/CVE AppSec Research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
Executing Code Using Microsoft Teams Updater
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/
#teams #redteam #research
Trustwave
Executing Code Using Microsoft Teams Updater | Trustwave
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule.
Redash Exploiting (CVE-2021-41192)
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
https://ian.sh/redash
#redash #cve #research
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.https://ian.sh/redash
#redash #cve #research
Undetected Azure AD Bruteforce Attack
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
APT
Domain Admin in only 5 minutes via Name Impersonation (CVE-2021-42278) Before patch, there was a weird behavior on the KDC. When requesting a service ticket, if the KDC wasn't able to find the user behind the TGT, it would make another lookup, but this time…
An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
This post provides Splunk SPL queries for detecting the attacks described in Charlie’s blog, using only Windows Security Log events from a domain controller. Furthermore, this post only examines a subset of the Windows Event logging data source
https://www.trustedsec.com/blog/an-attack-path-mapping-approach-to-cves-2021-42287-and-2021-42278
#ad #pac #s4u2self #research #escalation
This post provides Splunk SPL queries for detecting the attacks described in Charlie’s blog, using only Windows Security Log events from a domain controller. Furthermore, this post only examines a subset of the Windows Event logging data source
https://www.trustedsec.com/blog/an-attack-path-mapping-approach-to-cves-2021-42287-and-2021-42278
#ad #pac #s4u2self #research #escalation
TrustedSec
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Figure 1 - CVE 2021-42287 and 2021-42278 Attack Path 1 Diagram While each detection strives for high fidelity and may be able stand on its own accord,…
Cobalt Strike, a Defender’s Guide
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
Zabbix SAML Authentication Bypass (CVE-2022-23131)
Research:
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
PoC:
https://github.com/jweny/zabbix-saml-bypass-exp
#zabbix #research #auth #bypass #cve
Research:
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
PoC:
https://github.com/jweny/zabbix-saml-bypass-exp
#zabbix #research #auth #bypass #cve
Sonarsource
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.