Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🩸 CitrixBleed 2 — Citrix NetScaler Memory Leak (CVE-2025-5777)
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
🔥16👍10😁2
CVE-2025-48799: Windows Update Service LPE
PoC: https://github.com/Wh04m1001/CVE-2025-48799
Patched: July 8, 2025
#lpe #windows #pentest #redteam
PoC: https://github.com/Wh04m1001/CVE-2025-48799
Patched: July 8, 2025
This vulnability affects windows clients (win11/win10) with at least 2 hard drives.
#lpe #windows #pentest #redteam
GitHub
GitHub - Wh04m1001/CVE-2025-48799
Contribute to Wh04m1001/CVE-2025-48799 development by creating an account on GitHub.
🔥20👍8😁3
CVE-2025-25257: Pre-Auth SQLi to RCE - Fortinet FortiWeb
PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257
Blog: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
#rce #pentest #redteam #fortinet #cve
PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257
Blog: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
Affected:
7.6.0 through 7.6.3
7.4.0 through 7.4.7
7.2.0 through 7.2.10
7.0.0 through 7.0.10
#rce #pentest #redteam #fortinet #cve
🔥28😁11👍5🤯2😱2
Forwarded from APT
🔑 Golden DMSA
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
👍18🔥10😁3🤔3
Немного про релей с SCCM в MSSQL для получения учетных данных NAA и не только.
https://specterops.io/blog/2025/07/15/id-like-to-speak-to-your-manager-stealing-secrets-with-management-point-relays/
А обновление в SCCMHunter обещают после BlackHat в августе
#ad #sccm #pentest #redteam #relay
https://specterops.io/blog/2025/07/15/id-like-to-speak-to-your-manager-stealing-secrets-with-management-point-relays/
А обновление в SCCMHunter обещают после BlackHat в августе
#ad #sccm #pentest #redteam #relay
SpecterOps
I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays - SpecterOps
Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by relaying a remote management point site system to the site database server.
🔥12👍5😁1
CVE-2025-53770: SharePoint RCE (ToolShell)
Exploit: https://github.com/soltanali0/CVE-2025-53770-Exploit
Patched: July 20, 2025
#rce #pentest #redteam #ad #sharepoint #cve
Exploit: https://github.com/soltanali0/CVE-2025-53770-Exploit
Patched: July 20, 2025
#rce #pentest #redteam #ad #sharepoint #cve
GitHub
GitHub - soltanali0/CVE-2025-53770-Exploit: SharePoint WebPart Injection Exploit Tool
SharePoint WebPart Injection Exploit Tool. Contribute to soltanali0/CVE-2025-53770-Exploit development by creating an account on GitHub.
🔥15👍7😁4🤔2🎉1
У SpecterOps очередная крутая статья про сбор данных из ADWS.
https://specterops.io/blog/2025/07/25/make-sure-to-use-soapy-an-operators-guide-to-stealthy-ad-collection-using-adws/
Что еще полезного: как использовать утилиту SoaPy, конвертировать данные в формат BloodHound, ну и конечно как обнаружить этот самый сбор данных домена.
#ad #pentes #redteam #enum #bloodhound #soap
https://specterops.io/blog/2025/07/25/make-sure-to-use-soapy-an-operators-guide-to-stealthy-ad-collection-using-adws/
Что еще полезного: как использовать утилиту SoaPy, конвертировать данные в формат BloodHound, ну и конечно как обнаружить этот самый сбор данных домена.
#ad #pentes #redteam #enum #bloodhound #soap
SpecterOps
Make Sure to Use SOAP(y) - An Operators Guide to Stealthy AD Collection Using ADWS - SpecterOps
Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments
🔥13👍4😁1