Our colleague Iago Abad Barreiro has weaponized the leaked token handles technique for MSSQL. Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain. https://lnkd.in/dMbgaZVH
BlackArrow (Tarlogic)’s Post
More Relevant Posts
-
🚨Alert🚨CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server 🔥PoC:github.com/absholi7ly/Byp… ⚠It could allow attackers to bypass authentication and gain unauthorized access to sensitive code repositories and data.cve-2024-4985-… 👇Query Hunter:/product.name="Github Enterprise" FOFA:app="Github-Enterprise" SHODAN:http.html:"Github Enterprise" https://lnkd.in/ecaKr86N
-
Here is a list of C# binaries tools for multiple needs. 1. Windows Persistent Tool - https://lnkd.in/gqVXWHjD 2. Mimikatz DPAPI Alternative - https://lnkd.in/gPbtdppw 3. BloodHound Collector - https://lnkd.in/gX9zb9ep 4. Mimikatz Alternative (some sekurlsa and dcsync commands) - https://lnkd.in/ghW_9-77 5. PowerUp Alternative - https://lnkd.in/ghBNn_HV 6. PowerView Alternative - https://lnkd.in/gbjvX3pg 7. PortScanner Alternative - https://lnkd.in/gTfv5PX5 8. Winpeas - https://lnkd.in/gxd2BxVg 9. Privesc / System Info - https://lnkd.in/g3MPG2Ed 10. AD Exploitation - https://lnkd.in/gMBibmyf 11. Browser Credentials - https://lnkd.in/g2s6jR4p List of actions you can do that would increase in difficulty. 1. Practice with these tools on unpatched boxes. 2. Use these tools with a C2 framework to see if you can bypass defender. 3. Edit, obfuscate, and/or innovate to create a working version that will bypass defender without a C2. If you find the tools useful, please be sure to star the authors Github repos to increase visibility and to show appreciation. Extra Notes: Tool that may or may not help with initial compromise https://lnkd.in/gPudiU_M
GitHub - mandiant/SharPersist
github.com
-
Associate Projects at Cognizant || Software Developer with Skill Java, Angular, Android, Flutter
A simple todo application using Spring boot & Spring Security Jwt authentication https://lnkd.in/g9cAPhzi
GitHub - sid-fireskull/TodosJwt: JWT Authentication Implementation
github.com
-
System Engineer @ Techbridgesoft Innovation Pvt Ltd C|EH V12 || NIST-CSF || SOC Team || IAM || UEBA || SIEM || VAPT || SOAR || PATCH MANAGEMENT || OWASP || PYTHON & GO || DEV-SECOPS || PRODUCT ARCHITECT
PRACTICE ENCRYPTING YOUR GITHUB SSH-KEYS ----------------------------------------------------------------------------------- The CVE-2024-23487 on Jenkins server allows the attcker to exploit and enter intlo your network ounce entered they can use this vulnerability to get ssh key credentials and access your GitHub and dump all repositories. https://lnkd.in/gjmE9N3n
-
-
Checkout my write-up for the Retro machine on Vulnlab! It consist of two ways of retrieving the NTLM hash of the administrator using different tools and two ways of dealing with STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. https://lnkd.in/dc9eAyQM
Vulnlab - Retro [Easy]
sy1.sh
-
Penetration testing Manager @ KIB | Vulnerability Management | Penetration testing | OSEP | OSWE | OSCE | OSCP | CRTE | DevSecOps
Account Takeover via Password Reset without user interactions A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. user[email][]=[email protected]&user[email][]=[email protected] https://lnkd.in/dausHPt8
GitHub - Vozec/CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028
github.com
-
last week i faced some issues while building tests for an authentication flow using next-auth v5, so i decided to write the tutorial article that would have saved me a lot of time and energy. here, i explain how to set up an authentication flow using next-auth v5 with next.js middlewares, and the required setup to test it using jest. https://lnkd.in/dNt4dxNi
How to set up NextAuth v5 authentication with middleware and Jest configuration in Next.js 14
medium.com
-
⚠️Medium Risk Vulnerability Alert⚠️: CVE-2024-31463 Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONIC_REVERSE_PROXY_SETUP variable set to true: 1. HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself. 2. Ironic listens in host network on a private port 6388 on localhost by default. As a result, when the reverse proxy mode is used, any Pod or local Unix user on the control plane Node can access the Ironic API on the private port without authentication. A similar problem affects Ironic Inspector (INSPECTOR_REVERSE_PROXY_SETUP set to true), although the attack potential is smaller there. CVSSv3.1 Base Score: 4.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #ironic #apisecurity #owasp https://lnkd.in/dXnXy4ju
CVE-2024-31463 - vulnerability database | Vulners.com
vulners.com
-
Vigilant from Vulnlab involved enumerating smb shares to find an encrypted pdf file, analyzing the dll file to decrypt the contents of the file, accessing kibana to use synthetic monitoring in obtaining a shell on container, mounting the host file system through docker sock, recovering hash from SSSD for a domain user and escalating to local admin through ESC13 https://lnkd.in/g-gJHDpn
Vulnlab — Vigilant
arz101.medium.com
-
Woke up to an "everything is slow" email Recurring issue. Got a column into the INCLUDE of an index, fixed the issue Just in time to avoid a reboot User: "I have a big group text with other admins…so far the consensus is that it has improved since whatever magic you did " #DBAMagic How's your day so far? ----------------- Ring the 🔔 on my profile to get notified when I post I post when inspiration strikes But not every day 😁 #SQLServer #FractionalDBAs #PocketDBA #Coffee
-
