■■□□□ Interesting thread: BlackMatter Ransomware group just ransomed another food critical infrastructure in the US, The ransom demand is 5,900,000$ for now The victim is playing by the rules: “@CISAgov is going to be demanding answers from us within the next 12 hours” #BlackMatter https://twitter.com/ido_cohen2/status/1439863554606305286 https://t.me/cKure/9406
All posts tagged cyber
September 20, 2021 at 09:45PM
■■■■■ Zero-Day: PoC CVE-2021-30632 – Out of bounds write in V8. Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google’s patch. https://github.com/Phuong39/PoC-CVE-2021-30632 https://t.me/cKure/9405
September 20, 2021 at 09:45PM
■■■■■ A (v3.5 compatible) .NET tool for stealing and importing certificates in the Windows certificate store without touching disk. Useful for red team operations where you need to poach a certificate for pivoting purposes and want to do so with an in-memory post-ex payload. This is similar to Benjamin Delpy’s Mimikatz. https://github.com/TheWover/CertStealer https://t.me/cKure/9404
September 20, 2021 at 09:45PM
■■■■□ Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise https://t.me/cKure/9403
September 19, 2021 at 04:00PM
■□□□□ QLOG – Windows Security Logging. https://github.com/threathunters-io/QLOG https://t.me/cKure/9402
September 19, 2021 at 03:55PM
■■■□□ Hunting for OMI Vulnerability Exploitation with Azure Sentinel. https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-omi-vulnerability-exploitation-with-azure-sentinel/ba-p/2764093 https://t.me/cKure/9401
September 19, 2021 at 12:10PM
■□□□□ ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files. https://github.com/Greenwolf/ntlm_theft https://t.me/cKure/9400
September 19, 2021 at 10:55AM
■□□□□ Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in Microsoft Office products. At least one attack targeted government agencies. Using the vulnerability, attackers can not only spy on users of the infected system, but also download malicious programs like ransomware viruses into it.…
September 19, 2021 at 10:48AM
● ICYMI: The vulnerabilities in this (t.me/cKure/9386) post have not been fixed by the vendor. So technically they are zero-day issues. https://t.me/cKure/9398
September 19, 2021 at 02:52AM
■■■□□ Anonymous Hacktivists Leak 180 GB of Data from Web Host Epik. https://www.ehackingnews.com/2021/09/anonymous-hacktivists-leak-180-gb-of.html https://t.me/cKure/9397