Areizen

#!/usr/bin/python3
import frida
import subprocess
import sys

if len(sys.argv) !=2:
    print(f"[-] Usage : python3 {sys.argv[0]} <package_to_uninstall>")
    sys.exit(-1)

def message(message, data):

SwitHak

Ripple20, set of vulnerabilities inside Treck / KASAGO IP Stacks

General

• Ripple20 is the codename to a set of 19 vulnerabilities discovered by the cybersecurity team JSOF.
• These vulnerabilities are inside an IP stack, selled under two different names (Treck TCP/IP for U.S market Kasago TCP/IP, for Asia market. -These two stacks were bought and used under privated-labeled by several softwares companies, some known names are: GHnetv2, Kwiknet, Quadnet.
• But there's more, these stacks were also integrated, sometimes with modifications, inside several RTOS (real-time operating system).
• Last, some of the vulnerabilities, depending the device operating system, configuration or location can have greater or lower CVSS score.
• My advice is for companies to ask their suppliers if they use one of this stack and assess the risk following their company risk policy.
• This will not be an easy set of vulnerabilities to patch, sadly.

0xtornado

[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]

mattifestation

Malware Sample Inspected

Trickbot COVID macro lure via MSFT: ec34b207d503a3c95ee743ee296a08e93a5e960aa4611ea8c39d8e5d4c5f6593

test.js

eval("WScript.CreateObject(\"WScript.Shell\").Run(\"calc.exe\");");

skelsec

#
# Command-line interface to extract well-known secrets from registry hives 
# using MemProcFS's registry API
#
#
# IMPORTANT: use the !latest! AIOWinreg version (0.0.2) from pip or github
#
# Author: Tamas Jos @skelsec

dmaasland

$Source = @"
using System;
using System.Runtime.InteropServices;

namespace ProcDump {
    public static class DbgHelp {
        [DllImport("Dbghelp.dll")]
        public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
    }
}

PsychoTea

import sys
import json
import re

kslide = 0x0

if len(sys.argv) < 2:
  print("Usage: PanicParser.py [file path]")
  exit()

vavkamil

# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert  \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \

lizthegrey

default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

jthuraisamy

Windows Toolkit

Binary

Native Binaries

• IDA Pro

IDA Plugins	Preferred	Neutral	Unreviewed