Волосатый бублик

#outlook #rce Critical Microsoft Outlook Vulnerability Executes as Email is Opened https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

#windows #lpe Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the csc.sys driver CVE-2024-26229 https://github.com/varwara/CVE-2024-26229

#xxe #sharepoint SharePoint XML eXternal Entity (XXE) Injection Vulnerability (CVE-2024-30043) https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/

#veeam #cve [ Bypassing Veeam Authentication ] ! CVE-2024-29849 ! TLDR: Veeam published a CVSS 9.8 advisory for a authentication bypass vulnerability CVE-2024-29849, Following is a full analysis and exploit for this issue. Blog: https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass PoC: https://github.com/sinsinology/CVE-2024-29849

[ CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again! ] New research by Orange Tsai! This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believe most of the details have already been covered in the official advisory (should be published soon). Although PHP-CGI has gradually been phased out over time, this vulnerability affects XAMPP for Windows by default, allowing unauthenticated attackers to execute arbitrary code on remote XAMPP servers through specific character sequences. Blog; https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html?m=1 PoC: https://github.com/watchtowrlabs/CVE-2024-4577

[ Introducing The Shelf ] By TrustedSec: We love OST here and want to continue contributing to the community. Going forward, we plan to publish internal retired tools, PoCs, and unfinished capabilities to a catch all repo. Blog: https://trustedsec.com/blog/introducing-the-shelf Repo: https://github.com/trustedsec/The_Shelf VenomousSway looks interesing, check it out!

#k8s #kubernetes [ A Guide To Kubernetes Logs That Isn't A Vendor Pitch ] Part of being a a good red teamer is avoiding showing up in logs. In this blog Graham Helton will share what he learned after investigating how logs are generated in Kubernetes. Turns out there are some detection mistakes that are very easy to make... Check it out 👇 https://grahamhelton.com/blog/k8slogs

[ How to Give your Phishing Domains a Reputation Boost ] When we send out our phishing emails, we are reckoning with giants. Spamhaus, SpamAssassin, SpamTitan, Barracuda, and many more giants wish to grind your bones to bake their bread. They are big. They are scary. But they don’t catch everything. Just like Edward Bloom learned; the best way to deal with giants is to make a good first impression. Posts By SpecterOps Team Members: https://posts.specterops.io/one-phish-two-phish-red-teams-spew-phish-1a2f02010ed7

[ CookieKatz ] Dump cookies from Chrome, Edge or Msedgewebview2 directly from the process memory. — Support dumping cookies from Chrome's Incogntio and Edge's In-Private processes — Access cookies of other user's browsers when running elevated — Dump cookies from webview processes — No need to touch on-disk database file — DPAPI keys not needed to decrypt the cookies — Parse cookies offline from a minidump file https://github.com/Meckazin/ChromeKatz

[ smbclient-ng ] fast and user friendly way to interact with SMB shares. https://github.com/p0dalirius/smbclient-ng