CVE-2024-2432 Palo Alto GlobalProtect EoP : Unveiling The Path To Privilege Escalation
.webp "CVE-2024-2432 Palo Alto GlobalProtect EoP : Unveiling The Path To Privilege Escalation")
On Windows system, it was found that GlobalProtect (App version 6.1.1-5 and 6.2.0-89) was vulnerable to arbitrary file delete with elevated privileges by symbolic link attack lead to local privilege escalation on local machine. It was observed that when a Windows unprivileged user attempt to connect VPN with GlobalProtect, the process "PanGpHip.exe" will do the following with SYSTEM privilege: query directory...
Awesome-OpSec : Empowering Digital Safety Through Feminist Cybersecurity And Operational Security
.webp "Awesome-OpSec : Empowering Digital Safety Through Feminist Cybersecurity And Operational Security")
A Feminist Guide to Digital Defense serves as a comprehensive resource for enhancing online safety and privacy through a feminist lens. This guide compiles essential reads, DIY tutorials, and expert advice aimed at bolstering operational security. From the basics of cybersecurity to advanced tactics for securing digital spaces, it empowers readers to navigate the web with confidence and combat...
CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow
.webp "CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow")
This is a proof of concept for CVE-2024-25153, a Remote Code Execution vulnerability in Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114. Full technical details can be found. Usage Run the exploit using the following command: CVE-2024-25153.py --host <hostname> --port <port> --url <url> --cmd <command> Only the --host argument is required, and others are optional. Use the --help argument for full usage instructions. Disclaimer This proof-of-concept is for demonstration purposes...
Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations
.webp "Kimsuky PowerShell Backdoor – A Comprehensive Analysis Of Its Commands And Operations")
In the shadowy realms of cyber espionage, the Kimsuky PowerShell Backdoor stands as a sophisticated tool designed for stealthy infiltrations and data exfiltration. This article delves into the intricate workings of its server-client communication, presenting a detailed enumeration and analysis of the backdoor's commands. Through examining these operational intricacies, we shed light on the tactics deployed by cyber adversaries...
SpoofCheck – Fortifying Email Defenses By Unmasking Domain Spoofability
A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails. Usage: ./spoofcheck.py [DOMAIN] Domains are spoofable if any of the following conditions are met: Lack of an SPF or DMARC...
Awesome Incident Response – Essential Tools And Resources
%20(1).webp "Awesome Incident Response – Essential Tools And Resources")
Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. Contents Adversary Emulation All-In-One Tools Books Communities Disk Image Creation Tools Evidence Collection Incident Management Knowledge Bases Linux Distributions Linux Evidence Collection Log Analysis Tools Memory Analysis Tools Memory...
Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide
.webp "Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide")
An Ansible Role that installs Bloodhound-CE on a debian based system. Checks if {{ ludus_bloodhound_ce_install_path }}/docker-compose.yml exists If not, it installs vanilla bloodhound-ce (via docker-compose) Outputs the admin password in bloodhound_ce_install_path (default: /opt/bloodhound) To force the role to re-run, stop the docker container and remove the ludus_bloodhound_ce_install_path folder cd /opt/bloodhound docker compose down cd .. rm -rf /opt/bloodhound Requirements Debian based OS Role Variables Available variables are listed below, along with default values (see defaults/main.yml): #...
DetectDee – The Ultimate Guide To Tracing Social Media Profiles
.webp "DetectDee – The Ultimate Guide To Tracing Social Media Profiles")
DetectDee is a cutting-edge tool designed to streamline the process of locating social media accounts across various platforms by utilizing usernames, email addresses, or phone numbers. Tailored for cybersecurity experts, it offers precision, evasion capabilities against web application firewalls, and easy integration. This guide delves into the functionalities, installation, and usage of DetectDee, ensuring a seamless experience for those...
Awesome Honeypots : Guardians Of The Digital Frontier – A Comprehensive Guide To Cybersecurity Tools
.webp "Awesome Honeypots : Guardians Of The Digital Frontier – A Comprehensive Guide To Cybersecurity Tools")
A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Discover more awesome lists at sindresorhus/awesome. Contents Awesome Honeypots Contents Related Lists Honeypots Honeyd Tools Network...
Banshee – A Foray Into Kernel-Level Power With Rootkit Techniques
.webp "Banshee – A Foray Into Kernel-Level Power With Rootkit Techniques")
Learning about Windows rootkits lately, so here is my own implementation of some techniques. For an overview, see Features below. Banshee is meant to be used with kdmapper or a similar driver mapper. I am just learning about kernel driver development, so this is for educational purposes mainly. Usage You can integrate Banshee into your tooling, by including the Banshee.hpp file in your project, e.g.: Banshee banshee = Banshee(); banshee.Initialize(); int targetPid...
