Guides

Testing Risky Egress Ports

Have you ever wanted to run a quick test of egress ports from userland from a windows machine?

Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.

Read more “Testing Risky Egress Ports”
Education

Installing Nessus Pro on Kali Linux

You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.

A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.

The install process is simple, log into your account on tenable community portal and download the relevant installation package.

Read more “Installing Nessus Pro on Kali Linux”
Guides

Defending against Denial of Service (DoS) Attacks

What is a DoS Attack?

According to NIST, a denial of service (DoS) is:

“The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).”

denial of service (DoS) – Glossary | CSRC (nist.gov)

a distributed denial of service (DDoS) is:

“A denial of service technique that uses numerous hosts to perform the attack.”

distributed denial of service (DDoS) – Glossary | CSRC (nist.gov)

Read more “Defending against Denial of Service (DoS) Attacks”
Threat Intel

CVE-2022-26134 – Confluence Zero Day RCE

We are seeing active exploitation in the wild: MIRAI deployment, coinminer deployments etc.

THIS DOES SHOW IN THE ACCESS LOGS! The comment about “what isn’t in the logs” is about POST request BODY not showing in them, not that nothing is logged

https://www.virustotal.com/gui/file/5d2530b809fd069f97b30a5938d471dd2145341b5793a70656aad6045445cf6d/community

XMRIG, KINSING, MIRAI etc. are being deployed by threat actors after exploiting this vulnerability.

This is a fast publish

POC is in the wild: https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

https://github.com/jbaines-r7/through_the_wire

keep checking vendor guidance and keep checking this for updates… use at own risk etc.

Workaround/Hotfixes have been published by Atlassian:

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://jira.atlassian.com/browse/CONFSERVER-79000

GreyNoise Tag is online: GreyNoise Trends

Also check this out for scanners: GreyNoise

Nice work https://twitter.com/_mattata and all the other people in the cyber community that are working on this!

IT MAY BE WISE TO ASSUME BREACH

The vulnerability appears to be in: xwork-1.0.3-atlassian-10.jar

Background

Velocity discovers a zero-day in confluence 03/06/2022 (GMT)

Read more “CVE-2022-26134 – Confluence Zero Day RCE”
Guides

Cyber Essentials Readiness

So, you have a driver to achieve cyber essentials, great stuff. Now if you are a business of reasonable size and scale this activity requires a bit of planning, context and lots of access and data. This could be via a distributed team or via a dedicated project team. In this post I’m going to look at what you may need to conduct the planning, discovery, assessment, and certification for Cyber Essentials and/or CE+.

Read more “Cyber Essentials Readiness”
Defence

Office Microsoft Support Diagnostic Tool (MSDT) Vulnerability “Follina”

This is a fast publish!

Confirmed all Office (ISO Install/PRO and 365) when using the Rich Text Format (RTF) method.

Office 365 has some sort of patch against the .DOCX format.

WGET Execution

Read more “Office Microsoft Support Diagnostic Tool (MSDT) Vulnerability “Follina””
Copyright (c) Xservus Limited