-CyberSecurityTechnologies-

2021-02-22 09:45:11 #Analytics
10 most exploited vulnerabilities of the week (feb 15-21)
CVE-2021-3156 - Heap-Based Buffer Overflow in Sudo
https://t.me/cybersecuritytechnologies/2577
CVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT
https://t.me/cybersecuritytechnologies/2679
CVE-2021-1647 - MS Defender RCE Vulnerability
https://www.anquanke.com/post/id/231625
CVE-2020-10759 - Dazed Blesbok
https://t.me/cybersecuritytechnologies/1243
CVE-2021-21976 - VMware Post-Auth RCE in vSphere Replication
CVE-2021-3177 - Python 3 Buffer Overflow
https://t.me/cybersecuritytechnologies/2740
CVE-2020-8625 - A vulnerability in BIND's GSSAPI
https://kb.isc.org/docs/cve-2020-8625
CVE-2021-20655
https://jvn.jp/en/jp/JVN58774946/index.html
CVE-2021-1366 - A vulnerability in the interprocess communication channel of Cisco AnyConnect Secure Client
https://www.coresecurity.com/core-labs/articles/analysis-cisco-anyconnect-posture-hostscan-local-privilege-escalation-cve-2021 Open / Comment

2021-02-22 08:08:01 #Research
"OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary", 2020. Open / Comment

2021-02-22 08:08:01 #IoT_Security
Genetics of a Modern IoT Attack
https://cujo.com/genetics-of-a-modern-iot-attack Open / Comment

2021-02-22 08:08:01 #Red_Team_Tactics
1. Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths
https://github.com/BishopFox/GadgetProbe
2. Anti-Debug/Anti-Memory Dump for Android
https://github.com/darvincisec/AntiDebugandMemoryDump Open / Comment

2021-02-22 08:08:01 #Tech_book
"Blue Team Handbook Vol 2: SOC, SIEM, and Threat Hunting Use Cases" 2019.
// A condensed field guidefor the Security Operations team (V.1.02) Open / Comment

2021-02-22 08:08:01 #Malware_analysis
1. macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings
2. Dynamic Data Exchange (DDE) is Back in the Wild
https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116
]-> https://isc.sans.edu/forums/diary/DDE+and+oledump/27122 Open / Comment

2021-02-22 08:08:01 3 years of the channel "Cybersecurity Technologies" !!!
That is how it all began:
https://t.me/cybersecuritytechnologies/2
Channel without advertising and donation.
Daily content sharing.
Thank you what are you with us!

1. Most Innovative Research:
BaseSAFE: Baseband SAnitized Fuzzing through Emulation
https://arxiv.org/abs/2005.07797
Web Cache Deception in the Wild
https://t.me/cybersecuritytechnologies/2723
2. Best Server-Side Bug:
RCE in Citrix ADC (CVE-2019-19781)
https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc
]-> PoC: https://t.me/cybersecuritytechnologies/527
3. Best Privilege Escalation Bug:
Exploiting the "noowners" Flag - APFS Privilege Escalation
https://t.me/cybersecuritytechnologies/2293
4. Best Client-Side Bug:
Zero-Click iMessage Exploit
https://t.me/cybersecuritytechnologies/987
5. Best Cryptographic Attack:
TPM Fail: TPM Meets Timing and Lattice Attacks
https://t.me/cybersecuritytechnologies/468 Open / Comment

2021-02-21 07:53:01 #Threat_Research
Exploiting Out-Of-Band XXE via LOCK Method write-up
https://dhiyaneshgeek.github.io/web/security/2021/02/19/exploiting-out-of-band-xxe
// The XXE flaw can allow an attacker to turn the XML parser into a proxy which allows local/remote content to be served on request. It allows an attacker to:
- read files on the application server;
- interact with any back-end or external systems that the application itself can access Open / Comment

2021-02-21 07:53:01 #Whitepaper
"USB Propagation", 2021.
// This paper is going to demonstrate USB worming (propagation). It should be noted that this technique does not require administrative privileges
Full code:
https://github.com/vxunderground/VXUG-Papers/tree/main/USB%20Propagation Open / Comment

2021-02-21 07:53:01 #SCADA_Security
Vulnerabilities in Advantech WebAccess/SCADA
1. CVE-2020-13550:
Advantech WebAccess/SCADA installation local file inclusion (PoC)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1168
2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:
Advantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 Open / Comment