Keypoints :
The Azure Machine Learning (AML) service is used for data processing and integrates with other Azure services.…Summary:
PowerHuntShares v2 introduces enhanced functionalities for analyzing SMB shares with excessive privileges, aiding cybersecurity teams in identifying and remediating vulnerabilities. Key features include automated secrets extraction, share similarity scoring, and a new ShareGraph Explorer for visualizing share relationships.Keypoints:
PowerHuntShares is an open-source tool designed to analyze SMB shares with excessive privileges.…Summary:
Cloud Composer, a managed service on Google Cloud Platform, allows users to manage workflows using Apache Airflow. This article discusses how an attacker can exploit default configurations and gain command execution by targeting the environment’s Cloud Storage Bucket, emphasizing the risks associated with write access to the bucket.…Short Summary:
Recent advancements in penetration testing for CICS and IMS applications have highlighted the need for enhanced security measures in mainframe environments. This article discusses seven common vulnerabilities found in these systems and offers methods for testing and mitigating these risks.
Key Points:
Significant advancements in penetration testing for CICS and IMS applications.…Short Summary:
The article discusses the evolution of Azure Automation Accounts, particularly the introduction of Runtime Environments, which allow for custom PowerShell modules and Python packages. It highlights the potential security risks associated with malicious packages that can be uploaded to these accounts, enabling attackers to gain persistent access through backdoored modules.…
Short Summary:
This article discusses the benefits of having access to a testing LPAR at NetSPI, particularly during penetration testing engagements. It details how to retrieve information from in-memory tables on z/OS when certain commands cannot be executed. The author shares a REXX script to visualize and access the contents of the Command Tables Location Table (CTLT), which aids in uncovering potential security vulnerabilities.…
Short Summary:
This article discusses SQL Server credential objects and their potential abuse by threat actors to execute code as different user accounts. It highlights how penetration testers and red teamers can leverage these credentials for privilege escalation, even without local administrative access. The article also provides a detailed walkthrough on how to hijack existing credential objects and execute commands in the context of another user.…
Short Summary:
CVE-2024-37888 is a cross-site scripting (XSS) vulnerability found in the Open Link plugin for CKEditor 4, allowing attackers to execute arbitrary JavaScript in users’ browsers through manipulated links. The vulnerability requires user interaction to exploit and affects versions of the Open Link plugin prior to 1.0.5.…
Short Summary:
This article discusses the exploitation scenarios using GCPwn, a tool for penetration testing Google Cloud Platform (GCP). It details various steps involved in the attack path, including setting up credentials, reconnaissance, pivoting between projects, and using service accounts to gain access to sensitive data.…
DEF CON 32 gathered thousands of hackers and security enthusiasts, providing opportunities for learning and networking. Attendees shared insights from various talks, emphasizing the importance of proactive security in the evolving cybersecurity landscape.
Key Points Networking Opportunities: Attendees engaged with the hacker community to build relationships and share knowledge.…“`html
Short SummaryMicrosoft’s Azure Arc service, introduced in 2019, enables the integration of on-prem resources with Azure cloud. However, it poses security risks due to its authentication model, which relies on a System-Assigned Managed Identity that stores credentials locally. This can lead to unauthorized access if local administrators extract these credentials.…
“`html
Short SummaryThis article discusses the potential for privilege escalation in Google Cloud Platform (GCP) through the misuse of Google Groups with open join settings. It highlights how users can exploit weak group join permissions to gain unauthorized access to roles in GCP, emphasizing the lack of default guardrails to prevent such configurations.…
GCPwn is a python-based framework for pentesting GCP environments. While individual exploit scripts exist today for GCP attack vectors, GCPwn seeks to consolidate all these scripts and manage multiple sets of credentials at once (for example, multiple service account keys) all within one framework. With the use of interactive prompts, GCPwn makes enumeration and exploitation of resources/permissions more trivial to execute aiding the average pentester.…
The NetSPI Agents have encountered various chatbot services that utilize a large language model (LLM). LLMs are advanced AI systems developed by training on extensive text corpora, including books, articles, and websites. They can be adapted for various applications, such as question-answering, analysis, and interactive chatbots.…
Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution.
It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have various undeclared variables in code that can be controlled by Prototype Pollution. …
During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. This vulnerability would allow a low privilege user, with a foothold on a host running the service fabric deployment, to elevate their privileges up to System. …
Summary: The interaction between web2 client-server architectures and web3 systems presents security challenges. Web3 systems often rely on classic centralized components, which can create unique attack surfaces. In this post, ongoing research on the use of web2 components in web3 systems is summarized, including vulnerabilities found in the Dappnode node management framework.…