stong

Original report

• Affected Vendor: OpenPrinting
• Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
• Affected Version: All versions <= 2.0.1 (latest release) and master.
• Significant ICS/OT impact? no
• Reporter: Simone Margaritelli [evilsocket@gmail.com]
• Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:

• https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

jborean93

# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function New-ScheduledTaskSession {
    <#
    .SYNOPSIS
    Creates a PSSession for a process running as a scheduled task.

    .DESCRIPTION
    Creates a PSSession that can be used to run code inside a scheduled task

WKL-Sec

# White Knight Labs - Offensive Development
# Debugger Check - PEB

#include <windows.h>
#include <iostream>

void TriggerBreakpoint() {
    __asm {
        int 3 // Software Breakpoint
    }

dru1d-foofus

CVE-2023-41444 - Binalyze IREC.sys Vulnerable Driver

Credits

Mike Alfaro (@_mmpte_software) and Tyler Booth (@tyler_dru1d)

Description

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges due to an improper DACL being applied to the device the driver creates.

Vulnerability Type

Incorrect Acess Control

xpn

// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;

namespace SCCMDecryptPOC
{
    internal class Program

dmchell

using System;
using System.DirectoryServices;

namespace SharpApprover
{
    class Program
    {

        public static void SetAdInfo(string objectFilter,
                int objectValue, string LdapDomain)

gladiatx0r

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

• Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
• Relaying that machine authentication to LDAPS for configuring RBCD
• RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

jborean93

# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Get-ServiceCredential {
    <#
    .SYNOPSIS
    Retrieve the username and plaintext password for all services installed on the local computer.

    .DESCRIPTION
    Will retrieve the username and plaintext password for the service(s) specified. This must be run as an

spacepatcher

What would you need:

• Postgres 9.3, 9.4, 9.5, 9.6 or 10 with cstore_fdw extention (https://github.com/citusdata/cstore_fdw)
• Docker 1.12.6 or higher
• Docker Compose
• Linux machine

Hardware requirements