Modern malware implements a lot of anti-debugging and anti-analysis features. Today, when a malware is spread in the wild, there are chances that it will be automatically sent into a automatic analysis pipe, and a sandbox. To analyze a sample in a sandbox, it must be “copied” into the sandbox and executed. This can happen…
ISC Stormcast For Monday, July 7th, 2025 https://isc.sans.edu/podcastdetail/9514, (Mon, Jul 7th) Source link
Just looked at our telnet/ssh honeypot data, and found some interesting new usernames that attackers attempted to use: “notachancethisisreal“ This username is likely used to detect Cowrie (and other) honeypots. Cowrie is often configured to accept logins randomly. No matter the username/password combination used, the login will succeed every few times. This is supposed to…
ISC Stormcast For Thursday, July 3rd, 2025 https://isc.sans.edu/podcastdetail/9512, (Thu, Jul 3rd) Source link
#!/usr/bin/env python3 # Exploit Title: Social Warfare WordPress Plugin 3.5.2 – Remote Code Execution (RCE) # Date: 25-06-2025 # Exploit Author: Huseyin Mardini (@housma) # Original Researcher: Luka Sikic # Original Exploit Author: hash3liZer # Vendor Homepage: https://wordpress.org/plugins/social-warfare/ # Software Link: https://downloads.wordpress.org/plugin/social-warfare.3.5.2.zip # Version: <= 3.5.2 # CVE: CVE-2019-9978 # Tested On: WordPress 5.1.1…
Exploit Title: McAfee Agent 5.7.6 – Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit Author: Keenan Scott Vendor Homepage: hxxps[://]www[.]mcafee[.]com/ Software Download: N/A (Unable to find) Version: < 5.7.6 Tested on: Windows 11 CVE: CVE-2022-1257 <# .SYNOPSIS Dump and decrypt encrypted Windows credentials from Trellix Agent Database (“C:\ProgramData\McAfee\Agent\DB\ma.db”) – PoC for CVE-2022-1257….
# Exploit Title: Sitecore 10.4 – Remote Code Execution (RCE) # Exploit Author: Yesith Alvarez # Vendor Homepage: https://developers.sitecore.com/downloads # Version: Sitecore 10.3 – 10.4 # CVE : CVE-2025-27218 # Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-27218/exploit.py from requests import Request, Session import sys import base64 def title(): print(”’ _______ ________ ___ ___ ___ _____ ___…
# Exploit Title: Moodle 4.4.0 – Authenticated Remote Code Execution # Exploit Author: Likhith Appalaneni # Vendor Homepage: https://moodle.org # Software Link: https://github.com/moodle/moodle/releases/tag/v4.4.0 # Tested Version: Moodle 4.4.0 # Affected versions: 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11 # Tested On: Ubuntu 22.04, Apache2, PHP 8.2 # CVE: CVE-2024-43425 #…
# Exploit Title: gogs 0.13.0 – Remote Code Execution (RCE) # Date: 27th June, 2025 # Exploit Author: Ardayfio Samuel Nii Aryee # Software link: https://github.com/gogs/gogs.git # Version: gogs <=0.13.0 # Tested on: Ubuntu # CVE: CVE-2024-39930 # =============================== # Example Usage: # python3 exploit.py http://gogs.local:3000 alice:password123 ~/.ssh/id_rsa ~/.ssh/id_rsa.pub “touch /tmp/pwned” #…
# Titles: Microsoft SharePoint 2019 NTLM Authentication # Author: nu11secur1ty # Date: 06/27/25 # Vendor: Microsoft # Software: https://www.microsoft.com/en-us/download/details.aspx?id=57462 # Reference: https://www.networkdatapedia.com/post/ntlm-autSharePoint 2019 NTLM Authentication hentication-security-risks-and-how-to-avoid-them-gilad-david-maayan ## Description: Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the `_api/web` endpoint, disclosing rich…
