Hacking
I haven’t had tea but I was thinking about the MAC i was remoting into and I suddenly thought.. I wonder how to crack the hashes from a MAC. Surely it’s just cat /etc/passwd and cat /etc/shadow and then unshadow and run hashcat right?
WRONG!
The hashes for local users are stored here:
Read more “Hash Cracking for Modern OS X (10.8+)”
Defence
Spotted on twitter (thanks Danny!):
CISA updates the known exploited vulnerabilities list (KEV) yesterday with another 38 updates!
That means an update is required for OFFESNIVE KEV!
Read more “Offensive KEV Updates! CISA releases 38 more CVEs to KEV”
Threat Intel
When running honeypots you never have to wait too long for something to drop!
This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.
Read more “Learn to SOC: Java Webshell via confluence”
Education
There’s thousand of vulnerabilities, but do you ever struggle work out what ones might actually be useful to you if you are defending or attacking?
Well don’t worry I’ve started to document some things that might help you both attack and defend in CYBERSPACE!
Read more “PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV”
Guides
Have you ever wanted to run a quick test of egress ports from userland from a windows machine?
Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.
Read more “Testing Risky Egress Ports”
Education
You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.
A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.
The install process is simple, log into your account on tenable community portal and download the relevant installation package.
Read more “Installing Nessus Pro on Kali Linux”
Guides
According to NIST, a denial of service (DoS) is:
“The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).”
denial of service (DoS) – Glossary | CSRC (nist.gov)
a distributed denial of service (DDoS) is:
“A denial of service technique that uses numerous hosts to perform the attack.”
distributed denial of service (DDoS) – Glossary | CSRC (nist.gov)
Read more “Defending against Denial of Service (DoS) Attacks”
Guides
If you want to keep up with the world of cyber security the fastest place is twitter, however that’s not the only place and whilst tweetdeck and twitter itself are incredible useful, you also are going to want to check out other areas. Inspired by a friend’s tool I thought I’d just knock up a list of sites that have useful cyber security information on:
Read more “Useful Security News Sites and Blogs”
Education
Useful for a range of defensive and offensive purposes, internet asset search platforms enable a range of activities from:
Each has its own interfaces, features, dataset sand styles.
I’ve put together a list of the most popular, there may be more that I haven’t listed.
Read more “Passive Port Scanners & Internet Asset Discovery Platforms”
Threat Intel
We are seeing active exploitation in the wild: MIRAI deployment, coinminer deployments etc.
THIS DOES SHOW IN THE ACCESS LOGS! The comment about “what isn’t in the logs” is about POST request BODY not showing in them, not that nothing is logged
XMRIG, KINSING, MIRAI etc. are being deployed by threat actors after exploiting this vulnerability.
This is a fast publish
POC is in the wild: https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
https://github.com/jbaines-r7/through_the_wire
keep checking vendor guidance and keep checking this for updates… use at own risk etc.
Workaround/Hotfixes have been published by Atlassian:
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://jira.atlassian.com/browse/CONFSERVER-79000
GreyNoise Tag is online: GreyNoise Trends
Also check this out for scanners: GreyNoise
Nice work https://twitter.com/_mattata and all the other people in the cyber community that are working on this!
IT MAY BE WISE TO ASSUME BREACH
The vulnerability appears to be in: xwork-1.0.3-atlassian-10.jar
Velocity discovers a zero-day in confluence 03/06/2022 (GMT)