Search the Community

The US Cybersecurity and Infrastructure Protection Agency (CISA) has released an open source incident response tool, which makes it easy to detect signs of malicious activity in Microsoft cloud environments. You can see the tool at this link:

The United States Cybersecurity and Infrastructure Security Agency (CISA) has released 'Decider', an open source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports. The MITER ATT&CK framework is a standard for identifying and tracking adversary tactics and techniques based on observations of cyberattacks, allowing defenders to adjust their security posture and pivot accordingly. In addition, CISA has recently published a “best practice” guide on MITRE ATT&CK mapping, which in conjunction with the tool can increase its usefulness. The 'Decider' tool has been developed by CISA together with the Institute of Engineering and Development of National Security Systems and MITRE and is freely available through the CISA repository.

[hide] [Hidden Content]]

Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!). Together with Google Collaboratory, it allows us to break hashes without the need for dedicated hardware from any browser. [hide][Hidden Content]]

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom right now is perfect for teams as small as one person, without costing you much at all to run. And by not much to run at all, I mean, less than 5 bucks a month if you use responsibly, and a free two months with my referral link below. Read more about the economics at the bottom. Packages To Date aquatone httprobe subfinder assetfinder gf masscan sn0int kxss jq SecLists gobuster nmap waybackurls amass anti-burl Golang (setup, path configured, latest version) hakrawler zdns zmap ffuf gau dirb subjack SQLMap fbrobe getjs openvpn projectdiscovery chaos-client projectdiscovery nuclei projectdiscovery chaos projectdiscovery shuffledns dnsprobe dnsvalidator urlprobe oh-my-zsh tmux masscan subgen proxychains w/ Tor setup mosh docker metasploit dalfox subjack [hide][Hidden Content]]

This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability. View the full article

This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root. View the full article

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02. View the full article

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. View the full article

Trend Micro Virtual Mobile Infrastructure version 5.5.1336 suffers from a denial of service vulnerability. View the full article