💥MacDirtyCowDemo

#macOS #XNU #vulnerability #exploitation #security #DirtyCOW #MacDirtyCow #root #su

|FORCEDENTRY, ты тут?|

🕵️‍♂️Думаю, что многие не забыли про сделавший много шума год назад data-only 0-click RCE сплойт FORCEDENTRY(CVE-2021-30860, integer overflow в JBIG2 реализации для xpdf в Apple (JBIG2Stream::readTextRegionSeg(), посредством программирования JBIG2 weird machine в парсере), что относится к CoreGraphics по сути) через iMessage от NSO Group. То есть прилетает тебе PDF файл, который якобы ".gif" и за счет того, что IMTranscoderAgent анализировал как раз такого рода самозванцев за пределами BlastDoor песочницы, израильтяне могли достичь SBX. В действительности эксплуатация была намного сложнее и можно почитать подробнее: на канале, тут и тут.

Причем исследователи из Google Project Zero не смогли установить точный след после IMTranscoderAgent SBX и как предположение выдвинули несколько сценариев эксплуатации:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE

Проблема для безопасников и по сей день стоит в том, что в публичном доступе до сих пор нет сэмплов(отсюда можем сделать вывод, что стандартными методами детектить не выйдет). В этом посте Мэтта помимо разбора атаки идет речь и о детектировании без испльзования регулярок или проверок имени процесса, в конечном итоге был представлен инструмент(ELEGANTBOUNCER) для анализа файлов non-fileless(data-only) атаки, причем не основываясь на сэмплах.

🔖Более подробно можно почитать в статье Мэтта.

🕵️‍♂️I think that many have not forgotten about the FORCEDENTRY exploit that made a lot of noise a year ago (CVE-2021-30860, integer overflow in the JBIG2 implementation for xpdf in Apple (JBIG2Stream::readTextRegionSeg(), by programming the JBIG2 weird machine in the parser), which refers to CoreGraphics in fact) via iMessage from NSO Group. That is, a PDF file arrives to you, which is allegedly ".gif" and due to the fact that IMTranscoderAgent analyzed just such impostors outside the BlastDoor sandbox, the Israelis could achieve SBX. In fact, the operation was much more complicated and you can read more: a on the channel, here and here.

Moreover, researchers from Google Project Zero were unable to establish an exact trace after IMTranscoderAgent SBX and, as an assumption, put forward several operating scenarios:
1️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ iOS kernel LPE
2️⃣iMessage RCE ➡️ IMTranscoderAgent SBX ➡️ some_service ➡️ iOS kernel LPE

The problem for security guards to this day is that there are still no samples in the public domain (from here we can conclude that it will not be possible to detect using standard methods). In this post by Matt, in addition to analyzing the attack, we are talking about detecting without using regular expressions or checking the process name, eventually a tool for analyzing non-fileless(data-only) attack files was introduced, and not based on samples(ELEGANTBOUNCER).

🔖You can read more in Matt's article.

#NSO #PegasusSpyware #FORCEDENTRY #iOS #iMessage #forensics #security #expoitation #sbx #xpdf #weirdMachine #JBIG2

Mobile Application Penetration Testing Cheat Sheet 📒

#Infosec #Android #Ios #Tech #Cyber #BugBounty #Security

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

📕Ransomware Attacks on Critical
Infrastructure Fund DPRK(Democratic People’s Republic of Korea) Malicious Cyber Activities

#advisory #NSA #FBI #CISA #HHS #ROK #NIS #DSA #CSA #DPRK #security #ransomware #ICS #exploitation #Apache #Log4j #SMA100 #TOS

𝙈𝙖𝙨𝙨 𝙃𝙪𝙣𝙩𝙞𝙣𝙜 𝘽𝙡𝙞𝙣𝙙 𝙓𝙎𝙎.


𝙇𝙞𝙣𝙠: https://twitter.com/thecybertix/status/1654025276123406337?t=L9suAy2ju68fLaCOFPiOjg&s=19

XSS where you can inject the payload within the image file name and alert!.

𝙇𝙞𝙣𝙠:
https://twitter.com/thecybertix/status/1658343842943496192?t=oDKM3yzg1SgmXFxPjIoLGA&s=19

𝐑𝐞𝐝 𝐓𝐞𝐚𝐦 𝐓𝐨𝐨𝐥𝐬 🔥

🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com/

🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV

🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C

🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk

🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz

🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q

🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ

🔴 PERSISTENCE:
- SharPyShell ==> https://lnkd.in/eXm8h8Bj
- SharpStay ==> https://lnkd.in/erRbeFMj
- SharpEventPersist ==> https://lnkd.in/e_kJFNiB

🔴 LATERAL MOVEMENT:
- SCShell ==> https://lnkd.in/e256fC8B
- MoveKit ==> https://lnkd.in/eR-NUu_U
- ImPacket ==> https://lnkd.in/euG4hTTs

🔴 EXFILTRATION:
- SharpExfiltrate ==> https://lnkd.in/eGC4BKRN
- DNSExfiltrator ==> https://lnkd.in/epJ-s6gp
- Egress-Assess ==> https://lnkd.in/eXGFPQRJ

#redteam #cybersecurity #penetrationtesting #security #ethicalhacking #tools

Is using same password everywhere safe | Password Security

New YouTube video uploaded now. Soon, more amazing coming soon especially for OSINT lovers once we reaches 200subs.

youtu.be/q97UuYWhSv8

#osint #privacy #security #infosec #cybersec #opsec #cybersecurity

OSINT OPS Episode 1 | The Secret Behind Ransomwares

A new podcast styled video, give your feedback if you would like to see videos in this style by liking and commenting on the video.

We have some really good topics about ransomware which we think everyone should know.

https://youtu.be/1aHautvb1Wk?si

#cybersec #infosec #ransomware #privacy #security

Check if your email has been breached -

#osint #opsec #privacy #security #infosec #cybersec

https://haveibeenpwned.com/
https://www.breachdirectory.org/
https://leak-lookup.com/ (unverified)
https://snusbase.com/ (unverified)
https://dehashed.com/
https://intelx.io/
https://leakpeek.com/
https://search.0t.rocks/
https://monitor.firefox.com/

Join @osintambition for more.

The only OSINT tool you will ever need (ALL in one OSINT Tool)

https://youtu.be/Aj0sWUvGbEY

Join @osintambition for more.

#osint #privacy #security #infosec #cybersec #opsec

Linux Distribution for #OSINT

Credit: @cybdetective

1. OSINTUX
https://www.osintux.org/
2. BackBox
https://www.backbox.org/
3. OSINTBox
https://github.com/Dimaslg/osintBOX
4. CSI Linux
https://csilinux.com/
5. ArchStrike
https://archstrike.org/
6. Offen Osint
https://github.com/Double2Sky/OffenOsint
7. Huron Osint
https://github.com/HuronOsint/OsintDistro
8. Septor Linux
https://septor.sourceforge.io/
9. Pentoo Linux
https://www.pentoo.ch/
10. Tsurugi Linux
https://tsurugi-linux.org/downloads.php
11. TraceLabs OSINT VM. : https://www.tracelabs.org/initiatives/osint-vm

Join @osintambition for more.
#osint #cybersec #infosec #security

ScrapedIn -
A tool to scrape LinkedIn without API restrictions for data reconnaissance

https://github.com/dchrastil/ScrapedIn

Detailed video with demo is coming soon on YouTube.

Join @osintambition for more.

#osint #osinf #cyber #infosec #linkedin #privacy #security

This new Email OSINT tools is amazing | OSINT Industries Alternative

https://youtu.be/qDRyDmWjDeU

Show some love on this video.
Like, share and subscribe.

Join @osintambition for more.

#osint #opsec #emailosint #phonenumberosint #privacy #security #socmint

Top 7 Websites to check if your data has been leaked online | Breach Data | Email OSINT

https://youtu.be/Ef6J0haava8

#osint #privacy #security #infosec #cybersec #opsec
#email #emailosint

Like, share and subscribe.

Join @osintambition for more.

New blog in OSINT Ambition

OSINT: Revealing the digital identity of an invitation link creator on telegram by @ManuelBot59

https://publication.osintambition.org/osint-revealing-the-digital-identity-of-an-invitation-link-creator-on-telegram-de88b747c046

Join @osintambition for more.

#osint #socmint #telegramosint #infosec #cybersec #privacy #security #opsec