Sys-Admin InfoSec

14 Dec 2023 07:06

/ Exploiting JetBrains TeamCity CVE Globally

CISA warns:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Sys-Admin InfoSec

13 Dec 2023 08:02

/ pfSense Security: Sensing Code Vulnerabilities

Attackers can combine the vulnerabilities to execute arbitrary code on the pfSense appliance remotely. An attacker can trick an authenticated pfSense user into clicking on a maliciously crafted link containing an XSS payload that exploits the command injection vulnerability:

https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

Sys-Admin InfoSec

11 Dec 2023 10:57

📢 OpenBLD.net IPv6 Pre-Release Testing

Last week, last month, this year... I've been meeting and talking to different people, and they all echoed the same sentiment - IPv6 is needed 💯

A few days ago, I got acquainted with VEESP.com, a company that generously provided OpenBLD.net with an incredibly fast server featuring a high-speed Ethernet connection 🛞

Abstract: Usually, I spend some time testing servers, then assign them a secondary role before introducing them to the production environment. However, this time was different...

I was so impressed 😱 with the veesp.com server's speed that it practically flew into production almost immediately... )

I believe this is a great opportunity to start exploring the IPv6 space. In this month or early 2024, I hope we can begin experimenting with IPv6!

If you're ready to participate in the preliminary testing, please let me know through this OpenBLD.net Pre-Release Testing Form. I will reach out to you directly when the time comes, and together we can strive to make this world even better 🌱

P.S. Thanks to veesp.com and everyone who gives incentive to take a step forward 🤝

Sys-Admin InfoSec

07 Dec 2023 12:08

AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers

https://www.blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420

Sys-Admin InfoSec

07 Dec 2023 08:16

SLAM CPU Attack

https://www.vusec.net/projects/slam/

Sys-Admin InfoSec

06 Dec 2023 17:41

/ 1C Bitrix under attack

Vulnerability of the landing module of a content management system (CMS). Exploitation of the vulnerability could allow a remote attacker to execute OS commands on a vulnerable host, gain control of resources and penetrate the internal network:

https://www.1c-bitrix.ru/vul/18645386/

Sys-Admin InfoSec

05 Dec 2023 08:02

🏄‍♂️ Обновление OpenBLD.net Экосистемы → Скорость

Обновление можно назвать экспериментальным, так как часть устоявшихся стабильных системных установок пришлось переработать, что в итоге дало прирост в скорости отклика на ~10ms 🔩

Что еще. В DoH RIC добавилась опция "all" т.е. можно пробовать использовать DoH DNS без фильтрации. Этот эксперимент, в случае успешности может привести к DoH RIC с опцией "children" где будет меньше "синего кита", "наркотиков", "сект".

Именно скорость, безопасность получаемого контента формируют наше внутреннее состояние. Стабильное удержание такого отклика с течением времени нужно наблюдать, так как часть изменений экспериментальны, успех зависит буквально от нас всех.

Как попробовать. Просто настрой браузер, используй какое-то время, если что-то не будет работать, приходи сразу ко мне @sysadminkz

Станешь ты лучшей частью того, что уже есть, все зависит конкретно от тебя, твоего фидбека. Задумайся об этом. Peace ✌️

Sys-Admin InfoSec

04 Dec 2023 08:32

/ New macOS proxy-trojan spreads with warez

What’s interesting is that not a single version of the malware is marked as malicious on virustotal..:

https://securelist.ru/trojan-proxy-for-macos/108460/

P.S. URL sended to OpenBLD.net ecosystem

Sys-Admin InfoSec

30 Nov 2023 11:45

/ Extracting Training Data from ChatGPT

Training data extraction attacks:

https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html

Sys-Admin InfoSec

29 Nov 2023 10:06

/ BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

https://francozappa.github.io/post/2023/bluffs-ccs23/

Sys-Admin InfoSec

29 Nov 2023 06:59

➕ Дополнение от OpenBLD.net для Chrome, Brave

Лайтовый экстеншн, дополняет сервис, блокируя часть рекламы вшитую в URL'ы корневых доменов.

Чистит ресурсы которые используют рекламные сети без явных принадлежностей к тем или иным поддоменам.

Не имеет внешних, или иных подключений, не собирает данные, идеально дополняет DoH/DoT OpenBLD.net сервис.

Видео, как в принципе помогает жить OpenBLD.net приложено там-же на странице.

Пробуем. Наслаждаемся. Фидбечим:

https://chromewebstore.google.com/detail/openbldnet-blocker/jjpjcmckhkcefefgbgghomdhcbfmklea

Sys-Admin InfoSec

28 Nov 2023 04:58

/ ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF

https://securityonline.info/ved-ebpf-kernel-exploit-and-rootkit-detection-using-ebpf

Sys-Admin InfoSec

27 Nov 2023 06:41

They (Blender project) also fought with massive DDoS.. Let me remind you that I fought and still fight with shit traffic flying to OpenBLD.net side ..)

https://www.blender.org/news/cyberattack-november-2023/

I think it was correlated with this included… because high traffic flew and continues to fly from BR..:

https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html

Hold on, my friends, peace to all✌️

Sys-Admin InfoSec

24 Nov 2023 09:09

/ Diamond Sleet supply chain compromise distributes a modified CyberLink installer

research with hunting query example:

https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/

Sys-Admin InfoSec

23 Nov 2023 18:07

/ InfectedSlurs Botnet Spreads Mirai via Zero-Days

https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days

Sys-Admin InfoSec

13 Dec 2023 12:56

📢 serversAwesome

In OpenBLD.net scoping activities, I created lite Go app - Awesome Servers Inventory Web App, which is a simple web app to manage your servers inventory. Ideal solution for small projects and infrastructures or IT ecosystems.

Features:

- Add new server
- Edit existing server
- Delete existing server
- Copy server IP details to clipboard
- Yaml config file
- Portable sqLite database
- One binary file to run the app

- https://github.com/m0zgen/serversAwesome

Sys-Admin InfoSec

12 Dec 2023 02:08

Urgently Apple iOS Security Updates Content

https://support.apple.com/en-gb/HT214035

Sys-Admin InfoSec

07 Dec 2023 17:32

/ Curse of the Krasue: New Linux Remote Access Trojan

https://www.group-ib.com/blog/krasue-rat/

Sys-Admin InfoSec

07 Dec 2023 11:45

📢 Открытый практикум DevOps: Паттерны и антипаттерны создания dockerfile
⁠
↘ Детали

Время:

• 12 Декабря (Вторник) 19:00 МСК

Программа:

• Что такое dockerfile
• Слои dockerfile
• Паттерны создания dockerfile

Ведёт:

• Александр Крылов – Опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Sys-Admin InfoSec

06 Dec 2023 17:48

/ A Comprehensive Analysis Of Outlook Attack Vectors

..it is essential to examine the attack vectors on Outlook for typical enterprise environments, which Check Point Research will do in this paper. We assume the position of an average user – we click and double-click on things on Outlook – as our daily work requires, and we examine the security risks they may introduce from a security research perspective:

https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/

Sys-Admin InfoSec

06 Dec 2023 08:19

/ Printer names and icons might be changed and HP Smart app automatically installs

Printers are renamed as HP printers regardless of their manufacturer. Most are being named as the HP LaserJet M101-M106 model. Printer icons might also be changed:

- Read details on Microsoft site

Sys-Admin InfoSec

05 Dec 2023 04:30

/ Guidance for investigating attacks using CVE-2023-23397

A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak.

Understanding the vulnerability and how it has been leveraged by threat actors can help guide the overall investigative process:

https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/

Sys-Admin InfoSec

01 Dec 2023 02:16

/ Apple WebKit patches: Processing web content may disclose sensitive information

iOS - https://support.apple.com/en-gb/HT214031
macOS - https://support.apple.com/en-gb/HT214032
Safari - https://support.apple.com/en-gb/HT214033

Sys-Admin InfoSec

30 Nov 2023 11:45

📢 Открытый практикум Golang by Rebrain: Как работает map
⁠
Время:

↘ 5 Декабря (Вторник) 19:00 МСК. Детали

Программа:

• Теоретическая часть (hash, hashmap, виды адресации)
• Изучение исходников и небольшое сравнение с другими языками
• sync.Map

Ведёт:

• Егор Гришечко – Software engineer в Uber. Пишет внутреннее облако Uber. Observability - 10 лет профессионального опыта. Докладчик на крупных конференциях (.NEXT, GolangConf)

P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию.

Sys-Admin InfoSec

29 Nov 2023 07:58

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/

Sys-Admin InfoSec

28 Nov 2023 11:04

/ Analysis of CVE-2023-46214 + PoC. Remote Code Execution (RCE) vulnerability in Splunk Enterprise

https://blog.hrncirik.net/cve-2023-46214-analysis

Sys-Admin InfoSec

27 Nov 2023 14:18

/ Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques

Reading this article will provide you with:

- Understanding of the logs that can be extracted from your Azure AD, and how.
- Knowledge about how to analyze these logs, and get the right information out of them.
- Learning about more than 10 Threat scenarios and corresponding hunting queries that you can run in your own environment to identify threats.
- Access to a tool Rezonate wrote to extract logs from AzureAD to any preferred analysis platform of your choice.

https://www.rezonate.io/blog/defending-azure-active-directory/

Sys-Admin InfoSec

27 Nov 2023 05:54

Awesome SOC

A collection of sources of documentation, as well as field best practices, to build/run a SOC

https://github.com/cyb3rxp/awesome-soc

Sys-Admin InfoSec

24 Nov 2023 03:31

Nala - deb Packed Manager with Parallel functions

https://christitus.com/stop-using-apt/

https://youtu.be/oroSkR4Nn_w?t=222

P.S. the for the links dear subscriber )) ✌️

Sys-Admin InfoSec

23 Nov 2023 10:45

📢 Открытый практикум Networks by Rebrain: vxlan, часть 1
⁠
Время:

↘ 28 Ноября (Вторник) 19:00 МСК. Детали

Программа:

— Необходимость vxlan
— Классический вариант с Flood and Learn подходом
— Появление BGP Control plane

Ведёт:

Дмитрий Радчук – Team Lead Вконтакте. CCIE x4. Опыт работы с сетями больше 12 лет. Опыт преподавания больше 4-х лет