Sys-Admin Up

@sysadm_in_up

Kanal geosi va tili: Qozog‘iston, Inglizcha

Toifa: Texnologiyalar

InfoSec, Hacks, Perks, Tools, IT/IS Courses, CVE… Contains part of the news that was not included in the Sys-Admin & InfoSec Channel (@sysadm_in_channel)

Связанные каналы | Похожие каналы

Kanal geosi va tili

Qozog‘iston, Inglizcha

Toifa

Texnologiyalar

Statistika

Saralanganlar

Postlar filtri

O‘chirilganlarni yashirish

Repostlarni yashirish

Sys-Admin Up

25 Jun, 19:57

red_hat_enterprise_linux_9_configuring_firewalls_and_packet_filters.pdf

629.7Kb

Configuring firewalls and packet filters

Managing the firewalld service, the nftables framework, and XDP packet filtering features (doc from RHEL 9)

72 0 1

Zyxel NAS Under Attack

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request (CVE-2024-29973. NVD Last Modified 06/24/2024):

https://nvd.nist.gov/vuln/detail/CVE-2024-29973

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

Detailed research:

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.

94 0 0

Sys-Admin Up

25 Jun, 08:16

XZ backdoor: Hook analysis

https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/

XZ backdoor behavior inside OpenSSH

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

112 0 2

Sys-Admin Up

24 Jun, 19:50

Remote Network Latency Measurements Leak User Activity

https://snailload.com/

Paper:

https://snailload.com/snailload.pdf

129 0 1

Sys-Admin Up

24 Jun, 16:35

/ Ueficanhazbufferoverflow: Widespread Impact From Vulnerability In Popular Pc And Server Firmware

https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware - Eclypsium | Supply Chain Security for the Modern Enterprise

Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe va...

128 0 1

Sys-Admin Up

22 Jun, 17:32

Fickle Stealer Distributed via Multiple Attack Chain

https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain

Fickle Stealer Distributed via Multiple Attack Chain | FortiGuard Labs

FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.…

150 0 1

Sys-Admin Up

21 Jun, 13:00

DejaVU - Open Source Deception Platform

Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:

https://github.com/bhdresh/Dejavu

GitHub - bhdresh/Dejavu: DejaVU - Open Source Deception Framework

DejaVU - Open Source Deception Framework. Contribute to bhdresh/Dejavu development by creating an account on GitHub.

182 0 2

Sys-Admin Up

19 Jun, 15:44

Modern Approaches to Network Access Security-508c.pdf

503.1Kb

Modern Approaches To Network Access Security from CISA (Publication: June 18, 2024)

211 0 2

Sys-Admin Up

15 Jun, 09:53

Windows Wi-Fi Driver Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078

331 0 4

Sys-Admin Up

13 Jun, 17:49

/ Dipping into Danger: The WARMCOOKIE backdoor

https://www.elastic.co/security-labs/dipping-into-danger

Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs

Elastic Security Labs observed threat actors masquerading as recruiting firms to deploy a new malware backdoor called WARMCOOKIE. This malware has standard backdoor capabilities, including capturing screenshots, executing additional malware, and reading/writing files.

310 0 1

Sys-Admin Up

13 Jun, 17:13

Noodle RAT: Reviewing the Backdoor

https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html

Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

243 0 2

Sys-Admin Up

11 Jun, 11:48

Bypassing Veeam Authentication CVE-2024-29849

https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

Bypassing Veeam Authentication CVE-2024-29849

Veeam Backup Enterprise Manager Authentication Bypass

243 0 2

Sys-Admin Up

7 Jun, 10:24

What’s Going on With Check Point (CVE-2024-24919)?

https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

What’s Going on With Checkpoint (CVE-2024-24919)? | GreyNoise Blog

Find out more about CVE-2024-24919, a zero-day vulnerability in Check Point's Network Security gateway products that threat actors are exploiting in the wild.

314 0 2

Sys-Admin Up

5 Jun, 16:00

Bypass Windows Defender 2024 - Windows Cyber Security

Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:

- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7

Bypass Windows Defender 2024 - Windows Cyber Security

Be better than yesterday In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetec...

277 0 4

Sys-Admin Up

5 Jun, 12:52

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

Big story with step by step examples..:

https://samcurry.net/hacking-millions-of-modems

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.

247 0 2

Sys-Admin Up

4 Jun, 18:16

Confluence Data Center and Server Remote Code Execution Vulnerability

Technical Overview:

https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/

Confluence Data Center and Server Remote Code Execution Vulnerability

Overview The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a…

246 0 2

Sys-Admin Up

31 May, 05:29

Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:

https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html

Manifest V2 phase-out begins

In November 2023, we shared a timeline for the phasing out of Manifest V2 extensions in Chrome. Based on the progress and feedback we...

2.6k 2 7

Sys-Admin Up

30 May, 18:30

Disrupting FlyingYeti's campaign

FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.

https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine

Disrupting FlyingYeti's campaign targeting Ukraine

In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine.

283 0 1

Sys-Admin Up

28 May, 07:41

Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

https://github.com/FLOCK4H/Freeway

272 0 6