Channel address:
Categories:
Technologies
Language: English
Subscribers:
2.98K
Description from channel
Positive Technologies Offensive Team: twitter.com/ptswarm
This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
0
3 stars
0
2 stars
1
1 stars
2
The latest Messages 4
2022-03-14 16:38:28
Veeam fixed an Unauth RCE (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication and Local Privilege Escalation (CVE-2022-26503) in Veeam Agent for Microsoft Windows found by our researcher Nikita Petrov.
Advisory: https://www.veeam.com/kb4288
2.2K views13:38
2022-03-10 16:22:14
A tip for those who hunt bugs in mobile applications from Starbucks
2.1K viewsedited 13:22
2022-03-10 15:52:54
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis) by Jang and Peter
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim’s server
https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
2.8K viewsedited 12:52
2022-03-08 13:56:04
The Dirty Pipe Vulnerability by Max Kellermann
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.
It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit.
The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
Contents:
• Abstract
• Corruption pt. I
• Access Logging
• Corruption pt. II
• Corruption pt. III
• Man staring at code
• Man staring at kernel code
• Pipes and Buffers and Pages
• Uninitialized
• Corruption pt. IV
• Exploiting
• Timeline
https://dirtypipe.cm4all.com
2.4K views10:56
2022-02-25 14:39:41
New article by our researcher Egor Dimitrenko about unauth vulnerabilities in VMware products: "Catching bugs in VMware: Carbon Black Cloud Workload and vRealize Operations Manager". This is the second in series of our VMware research.
Read the article: https://swarm.ptsecurity.com/catching-bugs-in-vmware-carbon-black-cloud-workload-appliance-and-vrealize-operations-manager/
538 views11:39
2022-02-24 13:22:16
Adding save function to impacket's ```
reg.py```
for Backup Operators to Domain Admin exploitationsave feature to reg.py allows for remote saving of registry hives. The feature can be used to escalate from Backup Operators to Domain Admin by retrieving a Domain Controller's hives and using them to obtain hash and act as the Domain Controller or as the domain admin directly.
backup method which doesn't mirror an existing function of the original reg cmdlet but instead allows to dump SAM, SYSTEM and SECURITY "at once".
https://github.com/SecureAuthCorp/impacket/pull/1257
511 viewsedited 10:22
2022-02-23 15:51:13
Relaying Kerberos over DNS using krbrelayx and mitm6 by Dirk-jan MollemaIn scenario, where attacker have the ability to spoof a DNS server via DHCPv6 spoofing with mitm6, he can get victim machines to reliably authenticate to him using Kerberos and their machine account. This authentication can be relayed to any service that does not enforce integrity, such as Active Directory Certificate Services (AD CS) http(s) based enrollment, which in turn makes it possible to execute code as SYSTEM on that host. This technique is faster, more reliable and less invasive than relaying WPAD authentication with mitm6, but does of course require AD CS to be in use.
Contents:
• Kerberos over DNS
• Abusing DNS authentication
• Changes to krbrelayx and mitm6
• Attack example
• Defenses
• Mitigating mitm6
• Mitigating relaying to AD CS
• Tools
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6
434 views12:51
2022-02-18 11:44:58
We have successfully bypassed the patch for RCE in Magento Open Source and Adobe Commerce (CVE-2022-24086), and have sent the report to Adobe (we weren't the first). The new CVE-2022-24087 was issued. Hotfix is available now.
Patch ASAP!
527 views08:44
2022-02-18 09:45:07
We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.
Successful exploitation could lead to RCE from an unauthenticated user.
635 views06:45
2022-02-15 19:30:41
New article by our researchers Mikhail Klyuchnikov and Egor Dimitrenko about unauth RCEs in VMware products: "Hunting for bugs in VMware: View Planner and vRealize Business for Cloud".
Read the article: https://swarm.ptsecurity.com/hunting-for-bugs-in-vmware-view-planner-and-vrealize-business-for-cloud/
This is the first article about our VMware research. More to come!
913 views16:30