Random in Security is a summary of the cybersecurity news.
The vulnerability is an unauthenticated authentication bypass issue that can lead to complete compromise of an F5 system with the Traffic Management User Interface (TMUI) exposed. The post describes how the vulnerability was identifed, the underlying issues that caused the bug, and the steps taken to turn the request smuggling into a critical vulnerability.
According to the technical write-up by Star Labs, the vulnerability CVE-2023-32530 is a SQL injection vulnerability in the web-based management interface of Trend Micro Apex Central (on-premise). This vulnerability could allow an authenticated user to perform a SQL injection attack that could lead to remote code execution. The vulnerability is caused by insufficient input validation in the affected software. The vendor has released a patch to address this vulnerability.
Reptar is a Linux kernel module that can be used to detect and prevent certain types of kernel memory disclosure vulnerabilities. Tavis Ormandy provides a great technical writeup for the article. Intel have published updated microcode for all affected processors.
The post discusses the use of Burp Suite, a popular web application security testing tool, and how to detect and annoy users who use it. The post describes how to identify Burp Suite users by analyzing their HTTP requests and then how to annoy them by sending them fake data or encoding their display in a way that makes it difficult to read. While the post is written in a humorous tone, it does provide some useful information on how to detect and mitigate the use of Burp Suite in web application security testing.
Es gibt eine Welt, die sich “Cyberspace” nennt, und die ihr aus Laptops und Handys schon kennt. Hier ist alles möglich und vieles erlaubt, dennoch wird leider recht oft auch geklaut. Hacker und Viren machen Dinge kaputt - zurück bleiben Chaos und Mengen an Schutt.
The post discusses a technique called “data-bouncing,” which is a method of exfiltrating data from a network by using an intermediary system to bounce the data to a final destination. The goal is to avoid detection by network defenders, who are trying to identify the source and destination of the data.
Signal spends tens of millions of dollars every year to provide their messanger service. They provide an comparison to the multi-billion-dollar corporations, and whose business models directly contravene Signal’s privacy mission. The article aims to provide transparency into the costs of providing a privacy-preserving alternative to mainstream messaging apps. It can be seen as a call to action to support the cause.
In the talk “Detection as Code, Automation, and Testing: The Key to Unlocking the Power of Detection Engineering” Olaf Hartong provided some insights about the Detection Engineering approach at FalconForce. Automation is key, while maintaining an agile approach.
WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.
SpecterInsight is a cross-platform, post-exploitation command and control framework based on .NET for red team engagements, threat emulation, and training.
Starkiller is a Frontend for PowerShell Empire.
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
Red Team Automation code used to emulate attacker techniques, used for rule testing
Turul as a C2 is based on numerous commerical and open source projects, and our experience of developing custom tooling to meet the needs of clients on various CBEST, cross border Red Teams and other engagements.
Modlishka. Reverse Proxy.
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.