Shibboleth from HackTheBox — Detailed Walkthrough

Shibboleth from HackTheBox — Detailed Walkthrough

Shibboleth from HackTheBox — Detailed Walkthrough Showing all the tools and techniques needed to complete the box. Machine Information Shibboleth from HackTheBox Shibboleth is a medium machine on HackTheBox. After some initial enumeration we find a login page for an installation of Zabbix. Using Metasploit we dump user hashes that are easily cracked...

THM Writeup: Ra

THM Writeup: Ra

Ra God of Gods. In this article, I step through the process of exploiting a domain controller by enumerating services running on open ports, abusing a password reset function on a website, and elevating my privileges on the domain controller using CVE-2020–12772 to gather all the challenge flags. This challenge is...

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.  "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate...

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions

A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an...

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories,"...

Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia

Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia

A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of...

Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload

Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload

According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don’t work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves.  For most of us, keeping the sieve of our networks afloat requires nightmarishly hard...

Chinese “Override Panda” Hackers Resurface With New Espionage Attacks

Chinese “Override Panda” Hackers Resurface With New Espionage Attacks

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last...

Google Releases First Developer Preview of Privacy Sandbox on Android 13

Google Releases First Developer Preview of Privacy Sandbox on Android 13

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by...

Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious...

NahamCon CTF 2022 Write-up: Click Me! Android challenge

NahamCon CTF 2022 Write-up: Click Me! Android challenge

NahamSec, John Hammond & few other folks hosted a CTF this weekend. I solved Android challenges, the challenges were really fun. I decided to write down this one. The Challenge Let’s download and run the click_me.apk We are greeted with this screen, let’s click on GET FLAG button to see what happens....

TryHackMe — Content Discovery

TryHackMe — Content Discovery

TryHackMe — Content Discovery In this article we will cover another TryHackMe challenge “Content Discovery”. This room teaches us how can we identify hidden content in Webservers and use them to explore more vulnerabilities. Let’s dive in… Content on a web page is of many types like Configuration files, Images, Media etc. There...

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. "Collectively, the cyber and kinetic actions work to disrupt or...

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could...

Indian Govt Orders Organisations to Report Security Breaches Within 6 Hours to CERT-In

Indian Govt Orders Organisations to Report Security Breaches Within 6 Hours to CERT-In

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber

PicoCTF 2022 Web Exploitation

PicoCTF 2022 Web Exploitation

Includes, Insp3ct0r, where are the robots, Power Cookie Photo by Boitumelo Phetla on Unsplash Welcome back amazing hackers, after a long time I am boosted again by posting a blog on another interesting jeopardy CTF challenge PicoCTF 2022. In this write-up, we are going to see some of the web exploitation challenges. First...

Hacking IPMI and Zabbix in HackTheBox — Shibboleth

Hacking IPMI and Zabbix in HackTheBox — Shibboleth

Hacking IPMI and Zabbix in HackTheBox — Shibboleth Port Scanning TCP https://medium.com/media/aea714586f97b4274f2537723f2dabee/href Add shibboleth.htb to /etc/hosts file. UDP https://medium.com/media/6d0c074de935d7ee20f1ce3b71b8919f/href Other ports found were in open|filtered STATE and I'm not including them here in the results. Web Server enumeration vHost scanning We will use ffufto perform vhost scanning. ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -o ffuf-vhosts.out -u...

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak...

Everything you need to know to create a Vulnerability Assessment Report

Everything you need to know to create a Vulnerability Assessment Report

You've been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be "What is that?" Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where...

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee...

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved...

U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities

U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. <!--adsense--> That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand

CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."  "HTTPS DDoS attacks are more expensive in terms of required computational resources because of...

QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available

QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available

Network-attached storage (NAS) appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), allowing Unix-like operating systems to serve as file servers...

[eBook] Your First 90 Days as MSSP: 10 Steps to Success

[eBook] Your First 90 Days as MSSP: 10 Steps to Success

Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we’ve seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren’t just focusing their efforts on supply chains.For example, businesses are becoming increasingly more reliant on SaaS...

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and...

Google’s New Safety Section Shows What Data Android Apps Collect About Users

Google’s New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user...

Using PGP to enhance security and non-repudiation of terraform ops

Using PGP to enhance security and non-repudiation of terraform ops

Sample devsecops flow Terraform has transitioned to a lingua franca for multi-cloud infrastructure as a code. Due to the sensitive content (depending on organization policies passwords, IP addresses, network structure, etc may be identified as sensitive information) stored as part of terraform plans and state, most organizations need to put...

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State...

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security...

Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System

Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System

Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy...

Tryhackme: Anonymous

Tryhackme: Anonymous

Walkthrough Intro: Hola folks! This time we’ll do Anonymous room which is rated as Medium on Tryhackme. So let’s root 😀 Initials With my initials, includes storing the machine IP address to variable, export IP=10.10.193.59 Port scanning: rustscan -a $IP --ulimit 5000 | tee rust.txt With rustscan we found that 4...

Tryhackme: AgentSudo

Tryhackme: AgentSudo

walkthrough Intro Hola folks, This time let’s root AgentSudo from Tryhackme rated as Easy machine. Initials export IP=10.10.220.97 Port scanning rustscan -a $IP --ulimit 5000 | tee rust.txt Found 3 open ports 21, 22, 80 nmap let’s dig deep into those ports nmap -sC -sV -p21,22,80 oN nmap $IP -Pn nmap scan results Further...

Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default

Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a...

Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak

Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak

The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape,...

North Korean Hackers Target Journalists with GOLDBACKDOOR Malware

North Korean Hackers Target Journalists with GOLDBACKDOOR Malware

A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in...

Iranian Hackers Exploiting VMware RCE Bug to Deploy ‘Code Impact’ Backdoor

Iranian Hackers Exploiting VMware RCE Bug to Deploy ‘Code Impact’ Backdoor

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace...

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and...

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the...

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched...

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations WorldWide

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations WorldWide

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in...

Secret from HackTheBox — Detailed Walkthrough

Secret from HackTheBox — Detailed Walkthrough

Secret from HackTheBox — Detailed Walkthrough Showing all the tools and techniques needed to complete the box. Machine Information Secret from HackTheBox Secret is rated as an easy machine on HackTheBox. We start with a backup found on the website running on the box. In there we find a number of interesting files,...

THM: Raz0rBlack

THM: Raz0rBlack

In this article, I step through the process of exploiting a domain controller by enumerating RPCbind & NFS, abusing Kerberos, enumerating SMB and elevating my privileges on the domain controller by exploiting a user belonging to the Backup Operators group. This challenge is available on the TryHackMe platform and is...

How to perform a basic SQL Injection Attack? — Ethical Hacking

How to perform a basic SQL Injection Attack? — Ethical Hacking

How to perform a basic SQL Injection Attack? — Ethical Hacking How does a SQL Injection attack work? SQL injection attack is possible when a website exposes inputs to be taken from the user and uses the user input to directly run a query in MySQL. In this blog, I will be demonstrating how...

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached...

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira...

How I Bypass 2FA while Resetting Password

How I Bypass 2FA while Resetting Password

It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »