Dealing with log4shell aka CVE-2021-44228
A remote code execution flaw exists in log4j2, which is used by basically every Java application on the planet. It’s remotely exploitable, and not just through the front end, but on the back ends....
Tagged: aka
MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability
FortiGuard Labs found a malware sample being distributed in the wild targeting TP-link wireless routers. It leverages a recently post-authenticated RCE vulnerability released barely two weeks prior. click here to read full Article Read...
XLMMacroDeobfuscator – Extract And Deobfuscate XLM Macros (A.K.A Excel 4.0 Macros)
XLMMacroDeobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls,...
Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular...
Git-Wild-Hunt – A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt
A tool to hunt for credentials in the GitHub wild AKA git*hunt Getting started Install the tool Configure your GitHub token Search for credentials See results cat results.json | jq Installation requirements: virtualenv,...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let’s assume that we have a valid credentials, or an active session with access to...
