Ethical Hacker Philippines - EHPH

08/05/2024

08/05/2024

𝗥𝗲𝗱𝗧𝗲𝗮𝗺 𝗧𝗼𝗼𝗹𝘀 : 𝗔 𝗖𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻 𝗼𝗳 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺𝗶𝗻𝗴/𝗣𝗲𝗻𝗲𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 𝗧𝗼𝗼𝗹𝘀 𝗮𝗻𝗱 𝗧𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀

https://github.com/A-poc/RedTeam-Tools

08/05/2024

𝗚𝗿𝗮𝗽𝗵𝗦𝗽𝘆 : 𝗜𝗻𝗶𝘁𝗶𝗮𝗹 𝗔𝗰𝗰𝗲𝘀𝘀 𝗮𝗻𝗱 𝗣𝗼𝘀𝘁-𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝗧𝗼𝗼𝗹 𝗳𝗼𝗿 𝗔𝗔𝗗 𝗮𝗻𝗱 𝗢𝟯𝟲𝟱 𝘄𝗶𝘁𝗵 𝗮 𝗯𝗿𝗼𝘄𝘀𝗲𝗿-𝗯𝗮𝘀𝗲𝗱 𝗚𝗨𝗜

https://github.com/RedByte1337/GraphSpy

08/05/2024

𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴-𝗘𝗗𝗥-𝗮𝗻𝗱-𝗘𝗗𝗥_𝗘𝘃𝗮𝘀𝗶𝗼𝗻

https://github.com/reveng007/Learning-EDR-and-EDR_Evasion

08/05/2024

Excellent

https://twitter.com/fs0c131y/status/1787852663595454807

03/05/2024

𝗖𝗼𝗯𝗮𝗹𝘁 𝗦𝘁𝗿𝗶𝗸𝗲 𝗖𝗵𝗲𝗮𝘁𝘀𝗵𝗲𝗲𝘁

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cobalt%20Strike%20-%20Cheatsheet.md

03/05/2024

𝗪𝗲𝗮𝗸𝗽𝗮𝘀𝘀 𝗮 𝗰𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻 𝗼𝗳 𝘁𝗼𝗼𝗹𝘀 𝗳𝗼𝗿 𝗯𝗿𝘂𝘁𝗲𝗳𝗼𝗿𝗰𝗲 𝗮𝗻𝗱 𝗵𝗮𝘀𝗵𝗰𝗿𝗮𝗰𝗸𝗶𝗻𝗴

Better than rockyou 2024

𝗗𝗶𝗰𝗮𝘀𝘀𝗮𝘀𝘀𝗶𝗻
32.91 GB tar
23,109,038,633 lists
https://weakpass.com
https://weakpass.com/wordlist/1946

03/05/2024

𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿 𝘁𝗼 𝗨𝗻𝘃𝗲𝗶𝗹 𝟰 𝗢𝗽𝗲𝗻𝗩𝗣𝗡 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗮𝘁 𝗕𝗹𝗮𝗰𝗸 𝗛𝗮𝘁 𝗨𝗦𝗔 𝟮𝟬𝟮𝟰

https://securityonline.info/microsoft-researcher-to-unveil-4-openvpn-zero-day-vulnerabilities-at-black-hat-usa-2024/

29/04/2024

The 𝗟𝗮𝘇𝗮𝗿𝘂𝘀 𝗚𝗿𝗼𝘂𝗽 was caught impersonating Fenbushi Capital on LinkedIn to launch their phishing campaign. They are also targeting blockchain developers to spread their malware by initiating fake recruiting.

IoC
https://pastebin.com/2pz1iQFm

26/04/2024

🚨 𝗢𝗿𝗮𝗰𝗹𝗲 𝗩𝗶𝗿𝘁𝘂𝗮𝗹𝗕𝗼𝘅 𝟳.𝟬.𝟭𝟲 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲 𝘁𝗼 𝗟𝗣𝗘 🚨

Oracle VirtualBox Prior to 7.0.16 is vulnerable to Local Privilege Escalation via Symbolic Link Following leading to Arbitrary File Delete and Arbitrary File Move.

PoC
https://github.com/mansk1es/CVE-2024-21111

Sploitscan
https://github.com/xaitax/SploitScan
$ python3 sploitscan.py CVE-2024-21111 -e JSON

23/04/2024

𝗠𝗮𝗹𝘄𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄 : 𝗮 𝗳𝗶𝗿𝘀𝘁 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝘁𝗼𝗼𝗹 𝘂𝘀𝗲𝗱 𝗳𝗼𝗿 𝘁𝗵𝗿𝗲𝗮𝘁 𝗵𝘂𝗻𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗼𝗳𝗳𝗲𝗿𝘀 𝗶𝗻𝘁𝗲𝗹 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 𝗩𝗶𝗿𝘂𝘀 𝗧𝗼𝘁𝗮𝗹, 𝗛𝘆𝗯𝗿𝗶𝗱 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀, 𝗨𝗥𝗟𝗛𝗮𝘂𝘀, 𝗣𝗼𝗹𝘆𝘀𝘄𝗮𝗿𝗺, 𝗠𝗮𝗹𝘀𝗵𝗮𝗿𝗲, 𝗔𝗹𝗶𝗲𝗻 𝗩𝗮𝘂𝗹𝘁, 𝗠𝗮𝗹𝗽𝗲𝗱𝗶𝗮, 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗕𝗮𝘇𝗮𝗮𝗿, 𝗧𝗵𝗿𝗲𝗮𝘁𝗙𝗼𝘅, 𝗧𝗿𝗶𝗮𝗴𝗲, 𝗜𝗻𝗤𝘂𝗲𝘀𝘁 𝗮𝗻𝗱 𝗶𝘁 𝗶𝘀 𝗮𝗯𝗹𝗲 𝘁𝗼 𝘀𝗰𝗮𝗻 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀 𝗮𝗴𝗮𝗶𝗻𝘀𝘁 𝗩𝗧.

Malwoverview performs an initial and quick triage of malware samples, URLs, IP addresses, domains, malware families, IOCs and hashes. Additionally, Malwoverview is able to get dynamic and static behavior reports, submit and download samples from several endpoints. In few words, it works as a client to main existing sandboxes.

1. Determine similar executable malware samples (PE/PE+) according to the import table (imphash) and group them by different colors (pay attention to the second column from output). Thus, colors matter!

2. Show hash information on Virus Total, Hybrid Analysis, Malshare, Polyswarm, URLhaus, Alien Vault, Malpedia and ThreatCrowd engines.

3. Determining whether the malware samples contain overlay and, if you want, extract it.

4. Check suspect files on Virus Total, Hybrid Analysis and Polyswarm.

5. Check URLs on Virus Total, Malshare, Polyswarm, URLhaus engines and Alien Vault.

6. Download malware samples from Hybrid Analysis, Malshare, URLHaus, Polyswarm and Malpedia engines.

7. Submit malware samples to VirusTotal, Hybrid Analysis and Polyswarm.

8. List last suspected URLs from URLHaus.

9. List last payloads from URLHaus.

10. Search for specific payloads on the Malshare.

https://github.com/alexandreborges/malwoverview

20/04/2024

🚨 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗔𝗹𝗲𝗿𝘁 🚨 : A threat actor is currently selling a new zero-day (LPE) Local Privilege Escalation exploit affecting all Windows systems. It was priced at $250,000 yesterday but now dropped to $150,000. The threat actor also claims that the vulnerability is not linked to any CVE.

LPE is a security flaw exploited by threat actors to gain higher privileges. They can then install malware, access sensitive data, modify system settings, and do lateral movement to compromise other networks.

Reference:
https://gbhackers.com/windows-lpe-zero-day/