Freedom F0x weekly cyberanarсhist ezine №008

Контакты:

Telegram-канал FreedomF0x

(Админ канала)

Twitter

Jabber

Содержание:

1. Security
2. Exploits
3. Malware
4. APT
5. Fun
6. Книги
7. Перевод OWASP
8. Коммерция
9. Wishlist (не проходите мимо, взаимопомощь)

Security

- HackTheBox Writeup: Monteverde (https://t3chnocat.com/htb-monteverde/amp/#click=https://t.co/QdrMbPA9QI)

- Vagrant VirtualBox environment for conducting an internal network penetration test (https://github.com/R3dy/capsulecorp-pentest)

  - Jailbreaking Apple TV 4K (https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/)

- Master script for web reconnaissance (https://github.com/samhaxr/recox)

- Simple Android application sandbox file browser tool. Powered by [frida.re] (

  https://github.com/0x742/noia)

- Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners! (

  https://github.com/leonjza/frida-boot)

- Lets Create An EDR… And Bypass It! Part 2 (https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/)

- "Heresy's Gate": Kernel Zw*/NTDLL Scraping + "Work Out": Ring 0 to Ring 3 via Worker Factories (https://zerosum0x0.blogspot.com/2020/06/heresys-gate-kernel-zwntdll-scraping.html?m=1)

- YAA: An Obscure MacOS Compressed File Format (https://wwws.nightwatchcybersecurity.com/2020/06/14/yaa-an-obscure-macos-compressed-file-format/amp/?__twitter_impression=true)

- PowerSharpPack (https://github.com/S3cur3Th1sSh1t/PowerSharpPack)

- WordPress 5.4.2 is now available! (https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/)

- Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability (https://research.nccgroup.com/2020/06/15/striking-back-at-retired-cobalt-strike-a-look-at-a-legacy-vulnerability/)

- A dynamic infrastructure toolkit for red teamers and bug bounty hunters! (https://github.com/pry0cc/axiom)

- Multiple Vulnerabilities in IBM Data Risk Manager (https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md)

- SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE (https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/)

- SOHO Device Exploitation (https://blog.grimm-co.com/2020/06/soho-device-exploitation.html?m=1)

- Fast Google Dorks Scan (https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan)

- Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found (длинная ссыль)

- Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. (https://github.com/TrustedSec/unicorn)

- Welcome to hashcat v6.0.0! (https://hashcat.net/forum/thread-9303.html)

- Active Directory Lab for Penetration Testing (https://medium.com/@browninfosecguy/active-directory-lab-for-penetration-testing-5d7ac393c0c4)

- Все лучшее на хуй иб))) (https://fondom.ssg.systems)

- FuzzGen: Automatic Fuzzer Generation (https://github.com/HexHive/FuzzGen)

- End-to-End Encryption for Zoom Meetings (https://github.com/zoom/zoom-e2e-whitepaper)

- Scan blob files for sensitive content (https://github.com/mthbernardes/shaggy-rogers)

- All in one port scanning script. (https://github.com/KathanP19/portscan.sh)

- Red Team Techniques - June 2020 (https://www.reddit.com/r/purpleteamsec/comments/hbdvz4/red_team_techniques_june_2020/)

- Spear-phishing campaign tricks users to transfer money (TTPs & IOC) (https://blog.redteam.pl/2020/06/spear-phishing-muhammad-appleseed1-mail-ru.html)

- A sniffer for Bluetooth 5 and 4.x LE (https://github.com/nccgroup/Sniffle)

- Tool Release – Socks Over RDP Now Works With Citrix (https://research.nccgroup.com/2020/06/17/tool-release-socks-over-rdp-now-works-with-citrix/ https://github.com/nccgroup/SocksOverRDP)

- Cybersecurity in LoRa and LoRaWAN: Context and Background (https://www.tarlogic.com/en/blog/cybersecurity-in-lora-and-lorawan-context-and-background/)

- A post exploitation framework designed to operate covertly on heavily monitored enviroments (https://github.com/bats3c/shad0w/)

- The RE&CT Framework is designed for accumulating, describing and categorizing actionable Incident Response techniques. (https://atc-project.github.io/atc-react/)

- #BlueLeaks (269 GB) Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more. (https://hunter.ddosecrets.com/datasets/102)

^^^К содержанию^^^

Exploits

- AnyDesk UDP Discovery Remote Code Execution (CVE-2020-13160) (https://devel0pment.de/?p=1881)

- CVE-2020-5410 Spring Cloud Config (https://xz.aliyun.com/t/7877)

- Disable kernel lockdown using ACPI SSDT injection (https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh)

- CVE-2020-13650 (https://know.bishopfox.com/advisories/digdash-version-2018?hs_amp=true&__twitter_impression=true)

- Resources for Windows exploit development (https://github.com/FULLSHADE/WindowsExploitationResources)

- Pre-Authentication Remote Code Execution in Netgear SOHO devices (https://github.com/grimm-co/NotQuite0DayFriday/tree/master/2020.06.15-netgear)

- Composr CMS Remote Code Execution (https://github.com/MegadodoPublications/exploits/blob/master/composr.md)

- Ripple20 (https://www.jsof-tech.com/ripple20/)

- SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass (https://ssd-disclosure.com/ssd-advisory-mimosa-routers-privilege-escalation-and-authentication-bypass/)

- Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162) (https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/)

- LPE for CVE-2020-1054 targeting Windows 7 x64 (https://github.com/0xeb-bp/cve-2020-1054 https://0xeb-bp.github.io/blog/2020/06/15/cve-2020-1054-analysis.html)

- VLC Media Player 3.0.11 fixes severe remote code execution flaw (https://www.bleepingcomputer.com/news/security/vlc-media-player-3011-fixes-severe-remote-code-execution-flaw/)

- CVE-2020-1181: SHAREPOINT REMOTE CODE EXECUTION THROUGH WEB PARTS (https://www.zerodayinitiative.com/blog/2020/6/16/cve-2020-1181-sharepoint-remote-code-execution-through-web-parts)

- A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software (https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/)

- Treck TCP/IP Stack (Update A) (https://www.us-cert.gov/ics/advisories/icsa-20-168-01)

- GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788 (https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient)

- GHSL-2020-099: mXSS vulnerability in AngularJS (https://securitylab.github.com/advisories/GHSL-2020-099-mxss-angular)

- css timing attack via window.opener (https://gist.github.com/keerok/b55462036212863b8faa0567b499b49d)

- Broken phishing accidentally exploiting Outlook zero-day (https://isc.sans.edu/diary/Broken+phishing+accidentally+exploiting+Outlook+zero-day/26254)

- Ripple20, set of vulnerabilities inside Treck / KASAGO IP Stacks (https://gist.github.com/SwitHak/5f20872748843a8ad697a75c658278fe)

- CVE-2020-0787-EXP-ALL-WINDOWS-VERSION (https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION/blob/master/README.md)

- CVE-2020-8163 - Remote code execution of user-provided local names in Rails (https://github.com/sh286/CVE-2020-8163/

^^^К содержанию^^^

Malware

- C# Implementation of the Hell's Gate VX Technique (https://github.com/am0nsec/SharpHellsGate)

- Open source pre-operation C2 server based on python and powershell (https://github.com/mhaskar/Octopus)

- [Zero2Auto] – Initial Stagers - From one Email to a Trojan (https://0x00sec.org/t/zero2auto-initial-stagers-from-one-email-to-a-trojan/21722)

- BYOB (Build Your Own Botnet) (https://github.com/malwaredllc/byob https://perception-point.io/resources/research/byob-build-your-own-botnet-in-action/)

- A Netcat-style backdoor for pentesting and pentest exercises (https://github.com/tgadola/serval)

- A method of bypassing EDR's active projection DLL's by preventing entry point exection (https://github.com/CCob/SharpBlock)

- Further Evasion in the Forgotten Corners of MS-XLS (https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/)

^^^К содержанию^^^

APT

- The Little Ransomware That Couldn’t (Dharma) (https://thedfirreport.com/2020/06/16/the-little-ransomware-that-couldnt-dharma/)

- Cobalt: tactics and tools update (https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/cobalt_upd_ttps/)

- AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations (https://unit42.paloaltonetworks.com/acidbox-rare-malware/)

^^^К содержанию^^^

Fun

- Лубянская Федерация. Как ФСБ определяет политику и экономику России Доклад Центра «Досье» (https://fsb.dossier.center)

- Пару слов про "анонимность" (https://teletype.in/@flatl1ne/Z6BZ5RqRl7)

- Don't ask me now! Go-ogle (https://github.com/0derel/DAMN)

- Интервью с Даниилом Югославским @yugoslavskiy Интервьюирует великолепная Алина @AlienJolka (https://www.youtube.com/watch?v=3nMhmbZnmdg)

- Telegram снова Законе (https://meduza.io/news/2020/06/18/roskomnadzor-razblokiroval-telegram)

^^^К содержанию^^^

Friends:

- in51d3 Канал Разведчицы)))

- NeuroAliceMusic Канал нашей хорошей подруги с годной музыкой

- vulnersBot Бот с одной из самых больших баз уязвимостей

- darknet_prison Вестник ДаркНета

Хорошо там где нас нет

Добре там де нас немає

^^^К содержанию^^^

Книги

- Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations - a novel side-channel attack for eavesdropping sound (https://t.me/freedomf0x/8372)

- Страх и отвращение в Лас-Вегасе (ред. в некоторых переводах "Страх и ненависть в Лас-Вегасе") - (https://t.me/freedomf0x/8374)

- Metasploit Penetration Testing Cookbook - Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework (https://t.me/freedomf0x/8381)

- Ubuntu Server CLI pro tips (https://t.me/freedomf0x/8386)

- 5G New Radio: A Beam-based Air Interface - book is written by active participants in the standardization, experts from top companies who have been proposing some of the specified techniques (https://t.me/freedomf0x/8388)

- Intrusion Detection A Data Mining Approach - from the foundations of the subject, it gradually explores more sophisticated techniques on intrusion detection, including Fuzzy Sets, Genetic Algorithm, Rough Sets, and Hierarchical Reinforcement Learning (https://t.me/freedomf0x/8390)

- United States Patent ADAPTIVE ROBOTIC NERVOUS SYSTEMS AND CONTROL CIRCUITS THEREFOR - self-stabilizing control circuit utilizing pulse delay circuits for controlling the limbs of a limbed robot (https://t.me/freedomf0x/8395)

- AWS Shield Threat Landscape Report – Q1 2020 -  Report provides a summary of threats detected and mitigated by AWS Shield (https://t.me/freedomf0x/8396)

- The Beginner’s Guide to IDAPython (https://t.me/freedomf0x/8398)

- Threat vector: GTP - Vulnerabilities in LTE and 5G networks 2020 (https://t.me/freedomf0x/8400)

- 2020 GLOBAL THREAT REPORT - threat report by CrowdStrike (https://t.me/freedomf0x/6616)

- Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis - Inthispaper,weproposeanovelsystem placed at the network egress point that aims to efficiently and effectively detect APT malware infections based on malicious DNS and traffic analysis (https://t.me/freedomf0x/8407)

- Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification - paper presents a fractal based anomaly classification mechanism, with the goal of reducing both false positives and false negatives, simultaneously (https://t.me/freedomf0x/8409)

- Assembler 101 - Short Assembler Intro (https://t.me/freedomf0x/8411)

- ITL Bulletin - bulletin summarizes highlights from NIST Special Publication 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device Security (https://t.me/freedomf0x/8413)

- Attack Chain Detection - This article is a U.S. Government work and is in the public domain in the USA. Statistical Analysis and Data Mining: The ASA Data Science Journal (https://t.me/freedomf0x/8428)

- MADE: Security Analytics for Enterprise Threat Detection - In this paper we address the problem of detecting malicious activity in enterprise networks and prioritizing the detected activities according to their risk (https://t.me/freedomf0x/8430)

- 5G CYBERSECURITY - This project will identify a number of 5G use case scenarios and demonstrate how the components of the 5G architecture can provide security capabilities (https://t.me/freedomf0x/8432)

- NIST Special Publication 800-207 Zero Trust Architecture - Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move network defenses from static, network-based perimeters to focus on users, assets, and resources (https://t.me/freedomf0x/8438)

- Guide to WMI Events as a Surveillance Tool - While an impressive piece of software engineering, WMI has a spookier side:it can be abused by insiders as a tool to surveil other employees (https://t.me/freedomf0x/8442)

- Office 365 Administrator’s Guide (https://t.me/freedomf0x/8449)

- РОЗЫСК ПО EMAIL - Разведка почтовых сервисов из открытых источников (https://t.me/freedomf0x/8451)

- ts mitigation​ - is a risk reduction control set, that empowers risk management professionals to quickly and easily develop executive level cyber risk management plans (https://t.me/freedomf0x/8453)

- Криминальная история христианства (https://t.me/freedomf0x/8457)

- Вся кремлевская рать - Краткая история современной России (https://t.me/freedomf0x/8460)

^^^К содержанию^^^

Перевод OWASP

(ред. С добавлениями)

4.0 Введение в курс и задачи пентестера (https://teletype.in/@flatl1ne/pw24-VjOQ)

4.1.1 Сбор информации с помощью поисковых систем (https://teletype.in/@hackitb4sh3r/5Hj78-aya)

4.1.2 Определение веб-сервера (https://teletype.in/@hackitb4sh3r/CYZ479ksM)

4.1.3 Исследование метафайлов веб-сервера на предмет утечки информации (https://teletype.in/@hackitb4sh3r/JWVV3DWfe)

4.1.4 Определение веб-приложений на сервере (https://teletype.in/@hackitb4sh3r/gjK3XwFqB)

4.1.5 Поиск утечек информации в комментариях и метаданных (https://teletype.in/@hackitb4sh3r/mWZcdPKnd)

4.1.6 Определение точек входа веб-приложения (https://teletype.in/@hackitb4sh3r/Jhbc1iMEq)

4.1.7 Составление карты веб-приложения (https://teletype.in/@hackitb4sh3r/3ZQuhbAvR)

4.1.8 Определение фреймворка веб-приложения (https://teletype.in/@hackitb4sh3r/HKKeYPDHo)

4.1.9 Определение движка веб-приложения (https://teletype.in/@hackitb4sh3r/sLX9Or8ry)

4.1.10 Составление карты архитектуры веб-приложения (https://teletype.in/@hackitb4sh3r/QgrVPVm8)

^^^К содержанию^^^

Коммерция

Донат для поддержания канала (:channel donations:)

- BitCoin (BTC) 152o4Mke9UKkoKXAYvbd5nH9o6Fji6QVQs

- Ether xed2c43e27d58631b5838d0cb2dc75293bb4ee47b

- Yandex wallet 4100110550919853

- Master card 5106218037682903

Продажа: Логи со стиллеров постоянно пополняются от 300$

Продажа/услуги:

1) CobaltStrike 4.0 with ArtefactKit+ResourseKit 3.14 with our CobaltStrike 3.14 == 1k

2) Core Impact 19.1 (with April update) + 3rd party Core tools = 5k and many outher private soft

3) Защищенный ноутбук: Устройство позволяющее безопасно работать с клиент банком и не бояться кражи денег со счета взлома личной переписки или незаконного изъятия техники Не подвержен заражению компьютерными вирусами полностью закрывает несанкционированный доступ к почте документам микрофону и веб камере компьютера Делает невозможным извлечение документов и восстановление других служебных данных вследствие захвата или изъятия = 3k

4) FIN APT software(08.06.2020)

01 CobaltStrike 4.0 with ArtefactKit+ResourseKit 3.14 with our CobaltStrike 3.14 (lic patch)

02 Nessus 8.9.1 + (patch with updates)

03 checkmarx 8.9.0.210 + (patch)

04 metasploit pro (Latest) + (patch)

05 core impact 19.1+ (licence, no online updates, last update April 2020)

06 acunetix 13.0.200519155 + (patch with update)

07 netsparker 5.7, 5.8 + (patch)

08 HP webinspector 20.1(win 10+) + (patch)

09 proxifier 3.42 + (serial)

10 IBM Appscan 10.0.0.22023 + (patch)

11 Rapid7 AppSpider 7.2.119.1 + (patch)

Price: 10k$ btc

5) Flipper Zero — Tamagotchi for Hacker. Fully opensource and customizable device for pentesters and geeks in Tamagotchi body It has built-in 315/433/866MHz transceiver to control and sniff stuff like garage door, car alarams, etc. 125kHz and iButton module to read/write and emulate proximity cards. Infrared transceiver to control any TV’s. Also compatible with Arduino IDE and PlatformIO so you can write your own firmware extentions. https://flipperzero.one

6) Запущен джабер сервер!!! FreedomFox.im

В данный момент во избежания набега скамеров, регистрация в ручную по запросу писать admin@freedomfox.im Данный сервис будет интегрирован с различными торговыми площадками. Сделки строго через систему гарантов: admin@thesecure.biz (платная услуга) admin@freedomfox.im abuse@freedomfox.im (бесплатная услуга)

^^^К содержанию^^^

Пожелания

Очень нужно лечение от жадности для любого из списка:

Сетевое железо Brocade FabricOS под свичи silkworm 300 (и под любые поделия brocade)

Сетевое железо Brocade SLX, MLXe

Сетевое железо Cisco IOS * (особенно по ISR 4xxx серий, ASR )

Сетевое железо Cisco Nexus NX-OS * ( очень актуально NXOS 7 для n3k-c3064pq )

Сетевое железо Cisco MDS (NX-OS 6.2) выделены производителем в отдельное семейство

Сетевое железо Eltex SMG1016/1016M/2016

Сетевое железо Eltex SMG2/SMG4

Сетевое железо Eltex ESR-series

Сетевое железо Huawei AR-series (особенно на подключение точек доступа)

Сетевое железо Huawei CE-S6330 (CE-S6xxx -series)

Сетевое железо Huawei NE-series

Сетевое железо Juniper SRX (SRX2xx, SRX3xx, and DC series)

Сетевое железо Juniper MX (80,204,240-960,10003(10k3),104,150)

Сетевое железо Juniper EX (2200,2300,3200,3300,4200,4300,4500,4550)

Сетевое железо Juniper QFX (5000,5100, 5110)

Special request Juniper vMX Amazon perpetual license (некоторое время лицензия раздавалась в AWS, потом пофиксили)

Special request Juniper vSRX Special request Huawei AP replace cloud firmware to standalone or controller

СХД NetApp FAS (OnTap)

СХД EMC CX4, CX5, VNX

СХД IBM любые

СХД Huawei (особенно Dorado)

СХД Hitachi VNX любые

СХД HP Eva p4300,p4400

СХД 3Par любые

СХД Nec все

СХЖ Fujitsu все

скромный (и одновременно охуевший) вишлист. Почему ко всему этому дерьму нужны таблетки? Потому что к БУ железу лицензии стоят дороже чем я могу себе позволить (не готов работать полгода ради лицензии на снятую с производства СХД) и при этом не жрать.

Также разыскивается:

https://silentbreaksecurity.com/red-team-toolkit/slingshot/ https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview HP Foritify

^^^К содержанию^^^