Daily REDTeam’s Post

FortiAnalyzer has the capability of forwarding logs to an external syslog server (e.g. Splunk or any SIEM server). Instead of forwarding all logs, having the ability to control which logs to forward, helps not to overwhelm the external syslog server or (e.g.) forward logs of a specific policy. Generic free-text filter in FortiAnalyzer gives an admin full control to filter the forwarding using information from the raw logs. It uses regex library for values with operators (~,!~), using the POSIX standard. Filter string syntax is parsed by FortiAnalyzer, and both upper and lower case characters are supported (for example, "and" is the same as "AND"). Check out my article in Fortinet Community on how to use such generic filters: #fortinet #analytics #siem #cybersecurity

It's been a while since I post a cybersecurity posting 😅 From Threat Landscape persepctive, an overview of ransom group activities are essential in providing input and next step for strategy and reaction formulation I am impressed with this initiative and should be made known to others Ransomwatch is a link [https://lnkd.in/giTGixqW) provides detailed information about the Ransom group, it monitors ransomware groups' extortion sites. Go and bookmark the link https://lnkd.in/gqr49HCx; It's a good resource for tracking all ransom group activities Motivated with their crawling methods, and seeing that my Github is long abandon (banyak projek hot hot chicken shit) and I have some free time and some caffeine at my disposal; Created a powershell to assist in data extraction (json) and to obtain specific information on specific group https://lnkd.in/g_RcqvPK; This PowerShell script fetches a JSON file from the specified URL and saves it to a specified directory; and filters and displays posts from a JSON file based on user input for group name and year.

log4j-scan A fully #automated, #accurate, and #extensive #scanner for finding vulnerable log4j #hosts #Description We have been researching the #Log4J #RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are #open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE #CVE-2021-44228 #vulnerability. This shall be used by security teams to #scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achieving code execution on the organization's environment. It supports DNS OOB callbacks out of the box, there is no need to set up a #DNS callback server. #Features Support for lists of URLs. #Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools). Fuzzing for HTTP POST Data parameters. Fuzzing for JSON data parameters. Supports DNS callback for vulnerability discovery and validation. #WAF Bypass payloads. link 🔗 https://lnkd.in/eMrraVFU

The last post from my backlog is from the Osquery room. This room goes over Osquery's interactive mode, the various options found from the help command, listing tables, understanding schema, how to change how output is displayed, the Osquery documentation, and creating queries in SQL formatted language. These new skills are put to the test in a practical section at the end of the room. The documentation came in handy for this part. Try it for yourself here: https://lnkd.in/dA8mfhwd

The new Website Categorization Database is now available! We enriched it with critical WHOIS and Autonomous System (AS) data and improved its classification model to allow hyper-targeted web categorization necessary for accurate web filtering. Learn more about our new improvement: https://lnkd.in/dEiySFqd #webfiltering #threatintelligence #cybersecurity

Rash - Cyber Threat Intelligence Advisory Threat Name: SolarWinds Serv-U vulnerability. Threat type: vulnerability Date: 21-Jun-2024 Severity: High Executive Summary: SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately: A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 HF 1. Impacted versions: The list of products susceptible to CVE-2024-28995 is below - Serv-U FTP Server 15.4 Serv-U Gateway 15.4 Serv-U MFT Server 15.4, and Serv-U File Server 15.4 Preventive Recommendations: Its recommended to upgrade vulnerable version to latest version Immediately which is is fixed in SolarWinds Serv-U 15.4.2 HF 2. References:

🔐🚀 Exciting News! 🚀🔐 I’m thrilled to share that I have successfully completed the "Headless" machine on HackTheBox! This challenge was a fantastic opportunity to hone my cybersecurity skills, and I wanted to take a moment to reflect on the experience. Key Learnings and Tools Used: 🕵️ Reconnaissance (Recon): The first step was all about gathering information. Using nmap, I performed a network scan to identify open ports and services running on the target machine. dirb was instrumental in discovering hidden directories and files on the web server. 💻 Gaining Initial Access: The journey began with playing around with the contact form. By injecting XSS payloads, I exploited the form and gained initial access to the system. BurpSuite was invaluable here, allowing me to intercept and manipulate the HTTP requests and responses. 🔐 Maintaining Access: After gaining a foothold, it was crucial to maintain access without getting detected. I ensured to cover my tracks and maintain a persistent connection. 🔝 Privilege Escalation: This is where things got even more interesting. Through careful analysis and using a Bash script, I escalated my privileges from a regular user to root, giving me full control over the machine. 🕶️ Escaping Without a Trace: Finally, I made sure to clean up any traces of my presence on the system, ensuring that the system's integrity remained intact and leaving no evidence behind. Tools Highlight: nmap: Network scanning to identify open ports and services. dirb: Directory buster to find hidden directories. BurpSuite: Web vulnerability scanner and proxy tool. Bash: Scripted commands for privilege escalation. This challenge was a great way to understand and implement the 5 critical steps of hacking: Recon Gaining Initial Access Maintaining Access Privilege Escalation Escaping Without a Trace I'm excited to apply these skills in real-world scenarios and continue growing in the field of cybersecurity. Huge thanks to HackTheBox for creating such engaging and educational challenges! For those who might wanna dive more into how I hacked the machine, I have written a medium article which can be found here - https://lnkd.in/grneYtYm #HackTheBox #CyberSecurity #EthicalHacking #XSS #PrivilegeEscalation #Infosec #CTF #LearningByDoing #TechSkills #NetworkSecurity #WebSecurity

Rethinking Your SAST Tool? Here's How to Choose the Right One for Your Organization Ever revisit an old post that feels even more relevant today? That's me with Shiftleft/Qwiet's fantastic guide on picking the right Static Application Security Testing (SAST) tool. https://lnkd.in/dWkwgkj4 In today's threat landscape, choosing the right SAST tool is critical. It's not just about finding any tool; it's about finding the one that perfectly aligns with your unique needs and development process. Shiftleft/Qwiet's guide dives deep into the key factors to consider: Accuracy and completeness of findings: Does it catch the vulnerabilities that matter most to your organization? False Positive %, signal to noise ratio are parameters that you want to evaluate. Reachability and Exploitability: Whether the tool can detect "reachable" and "exploitable" vulnerabilities. Integration with your development workflow: How seamlessly does it fit into your CI/CD pipeline? Scalability and performance: Can it handle your codebase size and complexity? Ease of use and manageability: Is it user-friendly for your developers and security team? Vendor support and expertise: Do they offer the guidance and resources you need? Remember, the right SAST tool is an investment, not just a cost. It should empower your developers to write secure code from the start, streamline your security processes, and ultimately, mitigate the risk of costly breaches.

📌 CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 🌐 https://lnkd.in/emqUUU5P #Pentesting #Hacking #Hacker #OffensiveSecurity #Pentest #RedTeam #BugBounty #Vulnerability #Testing #devsecops #OffensiveOperations #window_internals #PenetrationTesting #exploit #blueteam #infosec #cybersecurity #informationsecurity #security