0-Click exploit in MediaTek Wi-Fi chipsets affects routers and smartphones / Exploiting (CVE-2024-20017) 4 different ways
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
#expdev #poc
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
#expdev #poc
hyprblog
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways
a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.
❤10👍3🔥1
Attacking UNIX Systems via CUPS, Part I
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
#linux #rce #printer
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned around these CUPS issues.
CVSS 9.9
This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
A series of bugs in the CUPS printers discovery mechanism (cups-browsed) and in other components of the CUPS system, can be chained together to allow a remote attacker to automatically install a malicious printer (or hijack an existing one via mDNS) to execute arbitrary code on the target host as the lp user when a print job is sent to it.
https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
#linux #rce #printer
🤣8❤6👍4😐4🔥2🥰2😁2🤯1
Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street
#windows #expdev #lpe
https://github.com/MzHmO/Exploit-Street
#windows #expdev #lpe
GitHub
GitHub - MzHmO/Exploit-Street: Complete list of LPE exploits for Windows (starting from 2023)
Complete list of LPE exploits for Windows (starting from 2023) - MzHmO/Exploit-Street
❤13🤯3👍2🥱2🤣1
Forwarded from Malware Research / RedTeam / News
New blog on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that identified by author in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
Security Intelligence
Being a good CLR host – Modernizing offensive .NET tradecraft
Learn how red teams can modernize their use of .NET assemblies using CLR customizations.
⚡9❤6👍4