Freedom F0x weekly cyberanarhist ezine №007

::::[FREEDOM F0X WEEKLY CYBERANARCHIST EZINE]::::

Contact: t.me/freedomf0x t.me/SlipperyFox twitter.com/FlatL1ne xmpp:[email protected]

007(13.06.2020)

*****Security*****

* Create randomly insecure VMs
https://github.com/cliffe/SecGen

* Applied Purple Teaming - Infrastructure, Threat Optics, and Continuous Improvement
https://github.com/DefensiveOrigins/APT06202001

* A tool designed to hunt for Phishing Kit source code
https://github.com/cybercdh/kitphishr

* Mouse Framework is an iOS and macOS post-exploitation framework
https://github.com/entynetproject/mouse

* Arissploit Framework is a simple framework designed to master penetration testing tools.
https://github.com/entynetproject/arissploit

* Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools
https://github.com/entynetproject/quack

* A very rough x64 POC for spoofing environment variables
https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503

* Extending BloodHound: Track and Visualize Your Compromise
https://porterhau5.com/blog/extending-bloodhound-track-and-visualize-your-compromise/

* Empire 3.2.3 is out! This update adds some new features
https://github.com/BC-SECURITY/Empire/releases

* HTB Endgame: P.O.O.
https://0xdf.gitlab.io/2020/06/08/endgame-poo.html

* HomePwn - Swiss Army Knife for Pentesting of IoT Devices
https://github.com/ElevenPaths/HomePWN

* LethalHTA - A new lateral movement technique using DCOM and HTA
https://codewhitesec.blogspot.com/2018/07/lethalhta.html?m=1

* Web-based check for Windows privesc vulnerabilities
https://github.com/deadjakk/patch-checker

* Impost3r -- A linux password thief
https://github.com/ph4ntonn/Impost3r

* Cmd Hijack - a command/argument confusion with path traversal in cmd.exe
https://hackingiscool.pl/cmdhijack-command-argument-confusion-with-path-traversal-in-cmd-exe/amp/?__twitter_impression=true

* undocumented env vars in mscorwks.dll
https://redplait.blogspot.com/2020/06/undocumented-env-vars-in-mscorwksdll.html?m=1

* nRF52 Debug Resurrection (APPROTECT Bypass)
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/

* Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
https://research.nccgroup.com/2020/06/11/technical-advisory-arm-mbedos-usb-mass-driver-storage-memory-corruption/amp/?__twitter_impression=true

* A fast TCP tunnel over HTTP
https://github.com/jpillora/chisel

* Minimalistic TCP / UDP Port Scanner
https://www.infosecmatter.com/minimalistic-tcp-and-udp-port-scanner/

* NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format.
https://github.com/mlgualtieri/NTLMRawUnHide

* OOB to RCE: Exploitation of the Hobbes Functional Interpreter
https://know.bishopfox.com/advisories/oob-to-rce-exploitation-of-the-hobbes-functional-interpreter?hs_amp=true&__twitter_impression=true

* mimikatz.cs one-liner
https://gist.github.com/xillwillx/96e2c5011577d8583635ad7bf6d4fb58

* Full DLL Unhooking with C++
https://ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++

* AppSec Ezine - 330th Edition
https://pathonproject.com/zb/?dc50d3b3ee6e4e8c#4tuCL7sce3k2fef5jJlbVRTrjOE52BFJNoVIRHqnO0k=

* Red Team: Using SharpChisel to exfil internal network
https://medium.com/@shantanukhande/red-team-using-sharpchisel-to-exfil-internal-network-e1b07ed9b49

* C# Wrapper around Chisel from https://github.com/jpillora/chisel
https://github.com/shantanu561993/SharpChisel

* Install Linux from a running Windows system, without need for a live USB.
https://github.com/mikeslattery/tunic

*****Exploits*****

* Double free RCE in VLC
https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/

* 10-Strike Bandwidth Monitor version 3.9 ROP VirtualAlloc buffer overflow exploit with SEH, DEP, and ASLR.
https://packetstormsecurity.com/files/157979/10-Strike-Bandwidth-Monitor-3.9-Buffer-Overflow.html

* CVE-2020-13777: TLS 1.3 session resumption works without master key, allowing MITM
https://gitlab.com/gnutls/gnutls/-/issues/1011

* Vulnerability checker for Callstranger (CVE-2020-12695)
https://github.com/yunuscadirci/CallStranger

* CallStranger CVE-2020-12695
https://callstranger.com

* Legacy LVFS S3 bucket takeover and CVE-2020-10759 fwupd signature verification bypass
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md

* CVE-2020-0796 Remote Code Execution POC
https://github.com/ZecOps/CVE-2020-0796-RCE-POC/

* CVE-2020-1206 Uninitialized Kernel Memory Read POC
https://github.com/ZecOps/CVE-2020-1206-POC/

* Diving into the SMBLost vulnerability (CVE-2020-1301)
https://airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/amp/?__twitter_impression=true

* SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/

* SharpSploit v1.6 Updates
https://offensivedefence.co.uk/posts/sharpsploit-16/

* RIDL test suite and exploits
https://github.com/vusec/ridl

* CVE-2020-12405
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1053

* A survey of recent iOS kernel exploits
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html?m=1

* CVE-2020-10749 PoC (Kubernetes MitM attacks via IPv6 rogue router advertisements)
https://github.com/knqyf263/CVE-2020-10749

* CVE-2020-1225
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1045

* CVE-2020-1226
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1027

* Analysis of CVE 2020 7350
https://medium.com/faraday/analysis-of-cve-2020-7350-dcda2ff8a3d6

*****Malware*****

* Embedding executable files in PDF Documents
https://github.com/thelinuxchoice/evilpdf

* GuLoader? No, CloudEyE.
https://research.checkpoint.com/2020/guloader-cloudeye/

* Partial rewrite of @Flangvik NetLoader. Supports proxy with authentication, XOR encrypted binaries, multiple arguments passing to binary.
https://gist.github.com/Arno0x/2b223114a726be3c5e7a9cacd25053a2

* Extract AutoIt scripts embedded in PE binaries
https://github.com/nazywam/AutoIt-Ripper

* DLL Generator for side loading attack
https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator

* ntlm_theft: A file payload generator for forced ntlm hash disclosure
https://medium.com/greenwolf-security/ntlm-theft-a-file-payload-generator-for-forced-ntlm-hash-disclosure-2d5f1fe5b964
A tool for generating multiple types of NTLMv2 hash theft files

* BetterSafetyKatz
https://github.com/Flangvik/BetterSafetyKatz

* Web Based Command Control Framework (C2)
https://github.com/EnginDemirbilek/NorthStarC2

* Windows RAT (Remote Administration Tool) with a multiplatform RESTful C2 server
https://github.com/jafarlihi/serpentine

* [CVE49] Microsoft Windows LNK Remote Code Execution Vulnerability - CVE-2020-1299
https://blog.vincss.net/2020/06/cve49-microsoft-windows-lnk-remote-code-execution-vuln-cve-2020-1299-eng.html?m=1

* Android Crypter/Decrypter source code for researchers
https://github.com/thelinuxchoice/crydroid

* Kernel Driver for intercepting key strokes.
https://github.com/HarsaroopDhillon2/KL-Kernel-Project

*****APT*****

* REvil’s Lessons: It’s Time Law Firms Quit Taking Cybersecurity for Granted
https://www.thesslstore.com/blog/revils-lessons-its-time-law-firms-quit-taking-cybersecurity-for-granted/?aid=52910032

* TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new

*****Fun*****

* Папка 600гб где-то с утечками, обновляется
https://drive.google.com/drive/folders/1Do_6k7-JSr8EeGbX9HAqvkZqVG3rFo7O

* Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate-limit!)
https://github.com/m4ll0k/Shodanfy.py

Contact: t.me/freedomf0x t.me/Slippery_Fox twitter.com/FlatL1ne xmpp(жаба_ёпт):[email protected]

Friends: t.me/in51d3 t.me/NeuroAliceMusic t.me/vulnersBot t.me/darknet_prison

Our private (no logs) xmpp server: FreedomFox.im (for add, write to [email protected])

Хорошо там где нас нет (с) Русские хакеры
Добре там де нас немає (с) Російські хакери

-------:::::::[B00KZ]:::::::-------

* 5G Evolution and 6G - white paper describes NTT DOCOMO’s current technical prospects for 5G evolution and 6G (https://t.me/freedomf0x/8262)

* 5G Cyber Security - research identifies a range of measures to manage risk to 5G networks (https://t.me/freedomf0x/8264)

* Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices - paper seeks to better understand IoT device security by examining the design of authentication and access control schemes (https://t.me/freedomf0x/8293)

* Хакер №253 - журнал компьютерных хулиганов (https://t.me/freedomf0x/8295)

* Learn Coding: C++ & Python - crystal clear guides to help you discover coding (https://t.me/freedomf0x/8298)

* Криминалистика - учебное пособьие для студентов юридического факультета (https://t.me/freedomf0x/8300)

* Offensive WMI - Infrastructure for management data and operations on Windows-based operating systems used for offensive purpose (https://t.me/freedomf0x/8302)

* How to Spot the Blue Team - How to use a Red Team’s infrastructure to detect a Blue Team’s analysis (https://t.me/freedomf0x/8304)

* Thinkig in Pandas - how to use the python data analysis library the rigth way (https://t.me/freedomf0x/8306)

* Official Google Cloud Certified Professional Data Engineer Study Guide - The Google Cloud Certified Professional Data Engineer exam tests your ability to design, deploy, monitor, and adapt services and infrastructure for data-driven decision-making (https://t.me/freedomf0x/8308)

* MEDJACK.2 Hospitals Under Siege - In the first report we described how Medical devices have become a key pivot point for attackers within healthcare networks (https://t.me/freedomf0x/8313)

* Encyclopedia of Cyber Warfare - This volume seeks to provide some clarity about the history and current capabilities of the cyber domain (https://t.me/freedomf0x/8315)

* MEDJACK.4 - A Functional Overview - This is the anatomy of a generic medical device hijack attack (MEDJACK) (https://t.me/freedomf0x/8319)

* ANATOMY OF AN ATTACK: The Internet of Things (IoT) - the results of research into current or potential critical information security issues (https://t.me/freedomf0x/8321)

* Cyber Dragon - Inside China's Information Warfare and Cyber Operations (https://t.me/freedomf0x/8323)

* Creating an Active Defense PowerShell Framework to Improve Security Hygiene and Posture - paper explores the viability of creating an Active Defense PowerShell framework for small to medium-sized organizations to improve security hygiene and posture (https://t.me/freedomf0x/8331)

* ANATOMY OF AN ATTACK Industrial Control Systems Under Siege - report will explain how the industrial attacks happen (https://t.me/freedomf0x/8344)

* Understanding Cyber Warfare - textbook offers an accessible introduction to the historical, technical, and strategic context of cyber conflict (https://t.me/freedomf0x/8346)

* How to Define and Build an Effective Cyber Threat Intelligence Capability - (https://t.me/freedomf0x/8349)

* Cyber Threat! - How to Manage the Growing Risk of Cyber Attacks (https://t.me/freedomf0x/8351)

* Cyber Threat Intelligence for the Internet of Things - the book initially provides a comprehensive classification of state-of-the-art surveys,which address various dimensions of the IoT paradigm (https://t.me/freedomf0x/8357)

* Технологии управления в информационных войнах - в монографии представлен анализ эволюции технологий управления в информационных войнах в контексте развития научной рациональности (https://t.me/freedomf0x/8359)

* Занимательная кибернетика - о кибернетике, роботах, теории игр, устройстве электронно-вычислительных машин, биоэлектрических системах упраления (https://t.me/freedomf0x/8361)

-------:::::::[Перевод OWASP]:::::::-------

4.0 Введение в курс и задачи пентестера

https://teletype.in/@flatl1ne/pw24-VjOQ

4.1.1 Сбор информации с помощью поисковых систем

https://teletype.in/@hackitb4sh3r/5Hj78-aya

4.1.2 Определение веб-сервера

https://teletype.in/@hackitb4sh3r/CYZ479ksM

4.1.3 Исследование метафайлов веб-сервера на предмет утечки информации

https://teletype.in/@hackitb4sh3r/JWVV3DWfe

4.1.4 Определение веб-приложений на сервере

https://teletype.in/@hackitb4sh3r/gjK3XwFqB

4.1.5 Поиск утечек информации в комментариях и метаданных

https://teletype.in/@hackitb4sh3r/mWZcdPKnd

-------:::::::[Content]:::::::-------

Донат для поддержания канала (:channel donations:)

btc

152o4Mke9UKkoKXAYvbd5nH9o6Fji6QVQs

Ether

xed2c43e27d58631b5838d0cb2dc75293bb4ee47b

Yandex wallet

4100110550919853

Master card

5106218037682903

==========================================================================================================================

Логи со стиллеров постоянно пополняются от 300$

==========================================================================================================================

Продажа/услуги:

1) CobaltStrike 4.0 with ArtefactKit+ResourseKit 3.14 with our CobaltStrike 3.14 == 1k

2) Core Impact 19.1 (with April update) + 3rd party Core tools = 5k
and many outher private soft

3) Защищенный ноутбук:
Устройство позволяющее безопасно работать с клиент банком и не бояться
кражи денег со счета взлома личной переписки или незаконного изъятия
техники Не подвержен заражению компьютерными вирусами полностью
закрывает несанкционированный доступ к почте документам микрофону и веб
камере компьютера Делает невозможным извлечение документов и
восстановление других служебных данных вследствие захвата или изъятия = 3k

4) FIN APT software(08.06.2020)

01 CobaltStrike 4.0 with ArtefactKit+ResourseKit 3.14 with our CobaltStrike 3.14 (lic patch)

02 Nessus 8.9.1 + (patch with updates)

03 checkmarx 8.9.0.210 + (patch)

04 metasploit pro  (Latest) + (patch)

05 core impact 19.1+ (licence, no online updates, last update April 2020)

06 acunetix 13.0.200519155 + (patch with update)

07 netsparker 5.7, 5.8  + (patch)

08 HP webinspector 20.1(win 10+) + (patch)

09 proxifier 3.42 + (serial)

10 IBM Appscan 10.0.0.22023 + (patch)

11 Rapid7 AppSpider 7.2.119.1 + (patch)

Price: 10k$ btc

5) Flipper Zero — Tamagotchi for Hacker. Fully opensource and customizable device for pentesters and geeks in Tamagotchi body It has built-in 315/433/866MHz transceiver to control and sniff stuff like garage door, car alarams, etc. 125kHz and iButton module to read/write and emulate proximity cards. Infrared transceiver to control any TV’s. Also compatible with Arduino IDE and PlatformIO so you can write your own firmware extentions. https://flipperzero.one

6) Запущен джабер сервер!!!
FreedomFox.im

В данный момент во избежания набега скамеров, регистрация в ручную по запросу писать [email protected]
Данный сервис будет интегрирован с различными торговыми площадками.
Сделки строго через систему гарантов: [email protected] (платная услуга) [email protected] [email protected] (бесплатная услуга)

-------:::::::[Wishlist]:::::::-------

Очень нужно лечение от жадности для любого из списка:

Сетевое железо Brocade FabricOS под свичи silkworm 300 (и под любые поделия brocade)
Сетевое железо Brocade SLX, MLXe
Сетевое железо Cisco IOS * (особенно по ISR 4xxx серий, ASR )
Сетевое железо Cisco Nexus NX-OS * ( очень актуально NXOS 7 для n3k-c3064pq )
Сетевое железо Cisco MDS (NX-OS 6.2) выделены производителем в отдельное семейство
Сетевое железо Eltex SMG1016/1016M/2016
Сетевое железо Eltex SMG2/SMG4
Сетевое железо Eltex ESR-series
Сетевое железо Huawei AR-series (особенно на подключение точек доступа)
Сетевое железо Huawei CE-S6330 (CE-S6xxx -series)
Сетевое железо Huawei NE-series
Сетевое железо Juniper SRX (SRX2xx, SRX3xx, and DC series)
Сетевое железо Juniper MX (80,204,240-960,10003(10k3),104,150)
Сетевое железо Juniper EX (2200,2300,3200,3300,4200,4300,4500,4550)
Сетевое железо Juniper QFX (5000,5100, 5110)

Special request Juniper vMX Amazon perpetual license (некоторое время лицензия раздавалась в AWS, потом пофиксили)
Special request Juniper vSRX
Special request Huawei AP replace cloud firmware to standalone or controller

СХД
СХД NetApp FAS (OnTap)
СХД EMC CX4, CX5, VNX
СХД IBM любые
СХД Huawei (особенно Dorado)
СХД Hitachi VNX любые
СХД HP Eva p4300,p4400
СХД 3Par любые
СХД Nec все
СХЖ Fujitsu все

скромный (и одновременно охуевший) вишлист. Почему ко всему этому дерьму нужны таблетки? Потому что к БУ железу лицензии стоят дороже чем я могу себе позволить (не готов работать полгода ради лицензии на снятую с производства СХД) и при этом не жрать.

Также разыскивается:

https://silentbreaksecurity.com/red-team-toolkit/slingshot/
https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview HP Foritify