The big news this past week was a ransomware attack against MGM Resorts and Caesar’s Entertainment. The attacks have both been attributed to ALPHV and apparently Caesar’s quickly paid the ransom, (which may have been tens of millions according to bloomberg), while MGM seems to have refused to pay up and is still having issues … Read More “MGM AND CAESARS RANSOMWARE ATTACKS” »
Year: 2023
BillyBoss is an intermediate machine on OffSec Proving Grounds Practice. This machine has a vulnerable content management system running on port 8081 and a couple of different paths to escalate privileges. In this walkthrough we’ll use GodPotato from BeichenDream. This machine is also vulnerable to smbghost and there will be another walkthrough at a later … Read More “BillyBoss – Proving Grounds Walkthrough” »
21 years after its’ launch, the Windows XP activation algorithm has been completely cracked allowing for offline activation. Unfortunately it is common for very out of date Operating Systems to still be deployed, especially in manufacturing and industrial settings. Software that is required to run or communicate with an essential piece of equipment was written … Read More “Windows XP ACTIVATION ALGORITHM CRACKED” »
The City of Dallas is currently dealing with a ransomware attack that is affecting multiple departments including the Police. Apparently while their systems are locked down Police and dispatch are having to do their work by hand which is slowing things down, although they are still responding as normal to calls. The City is advising … Read More “CITY OF DALLAS RANSOMWARE ATTACK” »
fo-sec recently posted a great writeup with ten different ways you may be able to bypass Windows Defender. If you have attempted or completed any CTFs, or intentionally vulnerable machines on Hack The Box, tryhackme, or Proving Grounds then you may have run into issues with Windows Defender blocking your efforts to gain a foothold … Read More “10 METHODS TO BYPASS Windows Defender” »
If you were not able to attend Shmoocon 2023 you can still view the talks and presentations. There are presentations on a wide variety of topics including career development, hardware hacking, Open Source Software, blue team operations, OSINT, and more! Videos are available here!
In it’s too good to be true news, what if you could just ask your target system to execute code? Lucas Luitjes has an interesting article about simply asking AI chatbots to execute code and it turns out they will! Sanitizing user input has been a known issue for quite some time. Without sanitized input … Read More “REMOTE CODE EXECUTION BY ASKING NICELY – InjectGPT” »
Veeam has recently disclosed a vulnerability which allows unauthenticated access to cleartext credentials. A bad actor would only require network access to exploit this vulnerability and it has been assigned a CVSS score of 7.5 HIGH. Versions before 12.0.0.1420 P20230223 and 11.0.1.1261 P20230227 are vulnerable. Leaked credentials are especially concerning in this case because they … Read More “Veeam Backup & Replication – CVE-2023-27532” »
A malware campaign is currently underway targeting popular Python packages by typosquatting. Once deployed the malware replaces crypto wallet addresses stored in the clipboard with a wallet controlled by the attacker. Phylum has discovered over 450 malicious packages in the wild mostly targeting crypto, finance, and web development packages. More information on affected packages and … Read More “ACTIVE MALWARE CAMPAIGN TARGETING POPULAR Python PACKAGES” »
A buffer overflow vulnerability has been disclosed that could allow for local privilege escalation to root and leakage of stack and heap addresses. The CVSS score is 7.8 HIGH. A patch has been proposed and mitigation is available by disabling unprivileged user namespaces. This is another buffer overflow in nf_tables similar to the one we … Read More “KERNEL STACK BUFFER OVERFLOW in Linux – CVE-2023-0179” »