Not so long ago, the 0-day vulnerability of CVE-2019-19781 was discussed in Citrix ADC and Citrix Gateway, which went unnoticed for at least a month and was used by various hacker groups.
This week, Citrix released security updates for Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP, which revealed as many as 11 new vulnerabilities that allow to bypass authentication mechanisms, increase local privileges, remotely execute code, implement denial of service and much more. To do everything to get the maximum result when penetrating corporate networks.
CVE-2020-5902 detection bypass
Another CVE-2020-5902 operating method for remote code execution was identified, which differs from those presented earlier. It allows you to access the embedded HyperSQL or HSQLDB database and, together with authentication bypass, allows remote unauthorized code execution on the Tomcat server.
- Exploit: https://vulners.com/metasploit/MSF:EXPLOIT/LINUX/HTTP/F5_BIGIP_TMUI_RCE
- Snort rule: https://vulners.com/talosblog/TALOSBLOG:07EF8115BB6D3EE80E914E6572FFCD88
A PlayStation 4 user found a way to hack the console and received $ 10,000 from Sony. Data about the vulnerability is published on HackerOne.
User theflow0 told about the find on his Twitter page. An exploit in firmware number 7.02 and earlier versions in tandem with the WebKit exploit existing in firmware 6.72 and earlier versions allows you to hack the console to launch pirated games, manipulate and steal user data.
Earlier, Sony announced a program to search for bugs and vulnerabilities – the company is ready to pay from 100 to 50 thousand dollars for errors found.
Mozilla Firefox browser security bug.
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service
Cross-platform light web security scanner
Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces.
Santa is a binary authorization system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.
July 8, the release of the new version (v7) of the MITER ATT & CK knowledge base took place. In the new version, the categories “Techniques”, “Groups” and “Software” were updated for both ATT & CK for Enterprise and ATT & CK for Mobile. Most of the new MITER ATT & CK v7 features were available in beta released in March this year.
Digital Shadows found 15 billion credentials on various trading floors on the darknet. Compromised credentials were stolen as a result of more than 100 thousand hacks and provide access to various accounts, including domain administrator accounts, banking and financial accounts, as well as social network services and streaming platforms.
According to experts, the credentials for financial accounts with confirmed cash or accounts with privileged access to networks and systems of large enterprises were sold at very high prices. At clandestine forums, dozens of advertisements for administrator accounts were found that were auctioned to bidders at prices ranging from $ 500 to $ 120,000.
German law enforcement officers seized the BlueLeaks website web server, which stored internal documents of US police departments. The server belonged to a group of activists DDoSecrets, which published more than 1 million files in the middle of last month.
Four days after the publication of the stolen documents, the DDoSecrets Twitter account was blocked for violating the rules for using the platform prohibiting the publication of links to stolen materials. Twitter has begun blocking tweets with links to BlueLeaks.
SMB-based lateral movement in a Windows environment:
Low-Level Process Hunting on macOS:
Top 16 Active Directory Vulnerabilities:
LOLbas is becoming more popular. Upload and download small files with CertReq.exe: https://dtm.uk/certreq
Other examples: https://pentestlab.blog/2020/07/06/indirect-command-execution/amp