Jul 5, 2022

Currently 0-day Is Not Hard

Tags: ,

Google Project Zero researcher Maddie Stone presents a speech at the FIRST conference which titled "0-day In-the-Wild Exploitation in 2022…so far".

It revealed that nine out of 18 zero-day flaws detected and disclosed as exploited in-the-wild in 2022 are variants of previously patched vulnerabilities.

  • Found 18 detected zero-days as exploited in-the-wild.
  • At least 9 of them are variants of previously patched vulnerabilities.

This means that many of the attacks were not so sophisticated, instead threat actors that exploited the issue were able to come back and trigger the known vulnerability through a different path. 

For example:

  • CVE-2022-30190 (Follina Windows vulnerability) ~  CVE-2021-40444 MSHTML zero-day
  • CVE-2022-21882 (Windows win32k) ~ CVE-2021-1732
  • CVE-2022-22587 (iOS) ~ CVE-2021-30983
  • CVE-2022-1096 (Chromium) ~ CVE-2016-5128, CVE-2021-30551, CVE-2022-1232
  • CVE-2022-1364 (Chromium v8) ~ CVE-2021-21195
  • CVE-2022-26134 (Atlassian Confluence) ~ CVE-2021-26084
  • CVE-2022-26925 (PetitPotam) ~ CVE-2021-36942 (patch regressed)

“When 0-day exploits are detected in-the-wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take actions to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method.”

To properly address zero-day vulnerabilities Google researchers recommend platform security teams and other independent security researchers to invest in root cause analysis, variant analysis, patch analysis, and exploit technique analysis.

Learn from 0-days exploited in the wild to make -day hard.

Make 0-day hard by:

  • Increase the cost (mean time, expertise) per exploit.
  • Increase the number of exploits required.

 

Links:

Jul 4, 2022

GitHub Actions + Nuclei

Tags: ,

This is a demo on using GitHub Action and Nuclei to protect your CI. It also includes how an attacker can leverage GHA to mine cryptocurrencies, pivot into other targets, and distribute backdoors into different repositories. 


Links:

Jul 3, 2022

SSHScan

Tags: , , ,

SSHScan is a testing tool that enumerates SSH Ciphers. Using SSHScan, weak ciphers can be easily detected.


Links:

Jul 2, 2022

SSl/TLS Recon

Tags: , , ,

sslscan2 

  • support legacy protocols, SSLv2 and SSLv3, as well as TLSv1.3
  • no longer reliant on OpenSSL.
  • enumerate server key exchange groups.
  • enumerate server signature algorithms.
  • can use docker.

tlsscan

  • TLS/SSL protocol scanner
  • support newer protocols and ciphers scan via upstream OpenSSL project.

tls-scan

  • single threaded asynchronous/event-based program.
  • track/test/debug certificate and TLS configuration.
  • Scan for TLS-based server, collect X.509 certs and ciphers.
  • Support TLS and StartTLS protocols.
  • produces output in JSON.


Links:


Jul 1, 2022

Patch_Tuesday Utils

Tags: , , , , ,

A step-by-step how I generate patch_tuesday.exe from python script. You can download the python script or the executable directly (at GitHub).


c:\home> pip install colorama

c:\home> pip install pyfiglet

c:\home> pip install pyinstaller

 

Method 1:

c:\home> pyinstaller --onefile --add-data "C:\Python3\Lib\site-packages\pyfiglet";./pyfiglet   patch_tuesday.py

Method 2:

c:\home> pyinstaller --onefile --collect-all pyfiglet patch_tuesday.py


c:\home> cd dist

c:\home\dist> patch_tuesday.exe -h

patch_tuesday.exe -h

c:\home\dist> patch_tuesday.exe -k 2022-jun -v

patch_tuesday.exe -k 2022-jun -v

Tips: Try "patch_tuesday.exe -k 2022-jun -vc" for chart output.


Links:



Subscribe to: Posts (Atom)