Cybersecurity information flow

Gentoo Linux Security Advisory 202210-18 - Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which could result in remote code execution. Versions less than 1.13.8 are affected.
Gentoo Linux 安全咨询202210-18-在 Sofia-SIP 中发现了多个漏洞，其中最严重的漏洞可能导致远程代码执行。小于1.13.8的版本受到影响。

Deleting Shadow Copies In Pure C++

Collection of Linux eBPF slides/documents.

golang design pattern go 设计模式实现，包含 23 种常见的设计模式实现，同时这也是极客时间-设计模式之美 的笔记

从个人的角度去简单整理下打点前的信息收集那些事。从信息收集本质上来说多数内容都是大同小异，遇到坚壁时，不用死磕，毕竟条条大路通罗马。（大佬们也可以说说看法~向各位大佬学习！！）

更多年轻、疯狂的LAPSUS$ 黑客组织，可能正隐藏在暗处，伺机而动。

Chinese and Russian cyber-spies actively targeting security vulnerability
中国和俄罗斯的网络间谍积极打击安全漏洞

作者:Code Intelligence (@CI_Fuzz) 程序:HSQL Development Group (HSQLDB) 漏洞类型:RCE,Security code review 赏金:-

谁给个hacking安全信息流的注册邀请码

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Article Link: This Week in Malware - Nearly 40 Packages Discovered
1 post - 1 participant
Read full topic
本周在恶意软件中，我们发现并分析了在 npm 和 PyPI 注册表中标记为恶意、可疑或依赖性混淆攻击的近40个包。
文章链接: 本周在恶意软件-近40个软件包发现
1名1职参与者
阅读全部主题

Red Hat Security Advisory 2022-7068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7068-01-Mozilla Firefox 是一款开源的 Web 浏览器，专为标准遵从性、性能和可移植性而设计。此更新将 Firefox 升级到版本102.4.0 ESR。解决的问题包括分布式拒绝服务攻击漏洞。

一边是人才紧缺的呼声高涨，一边却是急切地优化裁员，为何会出现这一看似矛盾的境况？

本文接着前面的内容，分析Server和Client的相互攻击方式。

Garage Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
车库管理系统1.0版一直存在跨网站脚本漏洞。

读读 fingerprintx ，一个端口指纹识别工具GitHub：https://github.com/praetorian-inc/fingerprintx fingerprintx是一个类似于httpx的实用... 阅读全文>>

Summary
This article shows you how to exploit the MS17–010 vulnerability on Windows 7 or higher.
Disclaimer
This article is for informational and educational purposes only, and for those who’re willing and curious to know and learn about Security and Penetration Testing. The content may not be used for illegal purposes. If you’re ready to learn something new for the good, then read on.
Details
Why this post?
During my OSCP training I had a lot of trouble rooting the Eternal Blue targets. After many hours of troubleshooting, it finally worked. I would like to save others from wasting precious lab time.
This walkthrough has been prepared in such a way that it should always work on systems running on Windows 7 or higher and vulnerable for MS17–010. See my other blog for the Windows XP procedure.
We will exploit the 'Eternal Blue' vulnerability with custom payload. To be exact, we will create an executable file that:
- is not detected as malware by the Windows Defender software
- disables the Windows Firewall
- w

Summary
This article shows you how to exploit the MS17–010 vulnerability on Windows XP .
Disclaimer
This article is for informational and educational purposes only, and for those who’re willing and curious to know and learn about Security and Penetration Testing. The content may not be used for illegal purposes. If you’re ready to learn something new for the good, then read on.
Details
Why this post?
During my OSCP training I had a lot of trouble rooting XP target ‘Xlicx in Wonderland’. After many hours of troubleshooting, it finally worked. I would like to save others from wasting precious lab time.
This walkthrough has been prepared in such a way that it should always work on any system running on Windows XP or Windows 2000 ('JD') and vulnerable for MS17–010.
Our final payload will be an executable file that:
- will setup a netcat reverse shell (port 8080)
The POC consists of two machines: the victim (Windows 7 64bits) and an attacker machine (Kali Linux 2022.1).
victim:
- Windows XP Professional SP3
- IP a

Coca is a toolbox which is design for legacy system refactoring and analysis, includes call graph, concept analysis, api tree, design patterns sugg…

Hackernews 编译，转载请注明出处： Fortinet已证实，最近披露的关键身份验证绕过问题(CVE-2022-40684)正被在野利用。该漏洞被跟踪为CVE-2022-40684，影响了FortiGate防火墙和FortiProxy网络代理。 攻击者可以利用此漏洞登录易受攻击的设备。 “在FortiOS和FortiProxy中使用备用路径或通道[CWE-88]的身份验证绕过可能允许未经身份验证的攻击者通过特制的HTTP或HTTPS请求在管理界面上执行操作。”PSIRT公司发布的公告中写道。 由于存在远程利用该漏洞的风险，该公司建议客户立即解决此关键漏洞。 该漏洞会影响从7.0.0到7.0.6以及从7.2.0到7.2.1的FortiOS版本，从7.0.0至7.0.6和7.2.0的FortiProxy版本也会受到影响。 这家网络安全公司通过发布FortiOS/FortiProxy 7.0.7或7.2.2版本解决了该漏洞。该公司还为那些无法立即部署安全更新的人提供了解决方法。 无法升级其系统的客户应禁用HTTP/HTTPS管理接口或限制可以访问的IP地址。 公告指出：“Fortinet知道有一个实例利用了此漏洞，建议立即根据设备日志中的以下危害指标验证您的系统：user=”Local_Process_Access“”。 Horizon3攻击团队的安全研究人员开发了一种概念验证（PoC）攻击代码，并计划于本周晚些时候发布。   消息来源：securityaffairs，译者：Shirley； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc ” 并附上原文

美国大型连锁医院之一疑似遭到勒索软件攻击，导致手术延迟、患者护理中断以及在全国范围内重新安排医生预约。拥有逾 140 间医院、被《贝克尔医院评论》（Becker’s Hospital Review）杂志评为全美第四大医疗系统的 CommonSpirit Health 本周二宣布遭遇“IT 安全问题”，迫使某些系统宕机。 虽然 CommonSpirit 拒绝透露具体细节，但一位熟悉其补救措施的人士向 NBC 新闻证实，它遭受了勒索软件攻击。CommonSpirit 也拒绝分享有关其有多少设施出现延误的信息。然而，包括田纳西州的 CHI 纪念医院、德克萨斯州的一些圣卢克医院和西雅图的弗吉尼亚梅森方济会健康中心在内的多家医院都宣布受到影响。 一位不愿透露姓名以保护家人的医疗隐私的德克萨斯州妇女说，她和她的丈夫已于周三抵达 CommonSpirit 附属医院进行此前计划的大手术，但医生推荐等待医院的技术问题修复之后再进行手术。 对医疗保健链的勒索软件攻击相对普遍，两年多来一直是美国医疗系统的频繁部分。即使攻击没有关闭医院，它也可以使部分或全部数字系统脱机，从而切断医生和护士对数字信息的访问，例如患者记录和护理建议。 转自 cnBeta，原文链接：https://www.cnbeta.com/articles/tech/1325679.htm 封面来源于网络，如有侵权请联系删除

这是一个抓取浏览器密码的工具，后续会添加更多功能

最近做了一道国际赛SEKAI的取证题, 题目使用LiME对内核为5.15.0-43-generic的Ubuntu制作内存镜像, 需要自行制作Symbols 进行分析. 出题人让我们自行探索新版Linux内核下的取证策略. 尽管官方Volatility2提供制作profile和Volatility3提供制作Symbols的方案, 但在实际应用中, 均出现较多目前互联网尚未解决的问题. (具体详见GitHub关于Volatility的Issues.). 下文主要内容是基于官方文档、题目、实操步骤, 提供在新版Linux下的制作Symbols的解决方案.

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
[GitHub]Save the trouble to open the burpsuite...Please do not use it for illegal purposes.
在 User Portal 和 Webadmin 中的身份验证绕过漏洞允许远程攻击者执行 Sophos Firewall v18.5 MR3及更老版本的代码。
省省力气打开套装吧，请不要用于非法目的。

有新的漏洞组件被发现啦,组件ID:Apache
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

在 ApacheAirflow 版本2.4.1之前，停用用户不会阻止已经通过身份验证的用户继续使用 UI 或 API。

[GitHub]CVE-2022-41082 is a SSRF vulnerability which leads to remote code execution (RCE) when PowerShell is accessible to the attacker. a very problematic issue for sys admins
[ GitHub ] CVE-2022-41082是一个 SSRF 漏洞，当 PowerShell 被攻击者访问时，它会导致远程代码执行(RCE)。对于系统管理员来说是个非常棘手的问题

Obfuscate Go builds

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
[GitHub]Apache 2.4.49 & 2.4.50 LFI to RCE exploit
在2.4.49 Apache HTTP Server 的路径正常化修改中发现了一个缺陷。攻击者可以使用路径遍历攻击将 URL 映射到由类别别名指令配置的目录之外的文件。如果这些目录外的文件不受通常的默认配置“请求全部拒绝”的保护，则这些请求可以成功。如果对这些别名路径也启用了 CGI 脚本，则可以允许远程代码执行。众所周知，这个问题在野外被利用。这个问题只影响 Apache 2.4.49，而不会影响更早的版本。Apache HTTP Server 2.4.50中的修正被发现是不完整的，见 CVE-2021-42013。
[ GitHub ] Apache 2.4.49 & 2.4.50 LFI 到 RCE 的利用