Blog

metasploit advisory exploit
LiderAhenk 0day - All your PARDUS Clients Belongs To Me (CVE-2021-3825)

LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network. In this blog post, you will see how bad it can get when you have a critical security vulnerability on your centralized client management system. Architecture and Our Target LiderAhenk software has 2 component. Lider and Ahenk. Lider is the main component where you manage your organization. It is the business layer of Lider A...

advisory 0day exploit linux
Pardus 21 Linux Distro - Remote Code Execution 0day 2021 CVE-2021-3806

A couple of days ago, I came up with news that Pardus will organize a report-bug contest. I love to contribute to open-source projects. So that was a pretty good chance to revisit one of my old friends, Pardus, and uncover security and/or privacy issues. What is Pardus ? Pardus is a Linux distribution developed with support from the government of Turkey. Pardus' main focus is office-related work including use in Turkish government agencies. Despite that, Pardus ships in several langua...

0day exploit php
Unexpected Journey #7 - GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425)

It has been a while since I haven't published a post on our beloved blog. Today I would like to share technical details and POC for a pretty funny vulnerability that I've found at GravCMS. As I've been saying since 2015, my pentest team and I love to chase after 0days during penetration test engagements. This time we come across a GravCMS during the external OSINT process. Grav is a Fast, Simple, and Flexible, file-based Web-platform. There is Zero installation required. Just extract...

Cyber Intelligence
OpBlueRaven: Unveiling Fin7/Carbanak - Part II : BadUSB Attacks

This article aims to provide its readers with the details about PRODAFT & INVICTUS Threat Intelligence (PTI) team’s latest operation on different threat actors; who have been detected to be working in cooperation with the notorious Fin7 APT group. We appreciate all your support after the first part of this series. Before disclosing the relationship between Fin7 and REvil groups, we are trying to reach the ransomware victims. Until reaching all necessary parties, we will continue to publis...

Cyber Intelligence
OpBlueRaven: Unveiling Fin7/Carbanak - Part I : Tirion

This article aims to provide its readers with the details about PRODAFT & INVICTUS Threat Intelligence (PTI) team’s latest operation on different threat actors; who have been detected to be working in cooperation with the notorious Fin7 APT group. Throughout this article, which is planned to be released in 6/7 successive parts (similar to other articles on our pentest blog (pentest.blog); we will approach different aspects of our operation, which had been continued for the last 3 months u...

metasploit 0day exploit
Vesta Control Panel Second Order Remote Code Execution 0day Step-by-Step Analysis

I believe that doing a security research is all about trying to understand high-level of architecture of the products and finding a creative attack vectors. I hope this blog post will show some the readers how to start doing security research. Installation You can install that software Debian/Ubuntu or CentOS. I’ve installed it on Ubuntu 18.10 x64 by following 3 steps at http://vestacp.com/install/. # Connect to your server as root via SSH ssh root@your.server # Download insta...

0day exploit nas rce research storage IOT
Advisory | Seagate Central Storage Remote Code Execution 0day

In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL: https://www.seagate.com/as/en/support/external-hard-drives/network-storage/seagate-central/Date of found: 19 Dec 2019 Technical Details Upon obtaining the latest device firmware from the Seagate download page i have started analyzing the firmware ZIP file. Inside the ZIP file there was a...

secure coding application
Why Secure Design Matters ? Secure Approach to Session Validation on Modern Frameworks (Django Solution)

I've been doing security researches on softwares for a quite long time. During these researchs, I often find myself in a situation where in I think about the state of mind of developers, problems that occur during developments and core problems of nature of software crafting teams. Thinking about these questions always lead me to realize possible software bugs. People developers are tend to make mistakes by the nature of human being. Mistakes made by developers usually end up with software...

Art of Anti Detection 4 - Self-Defense

Throughout the Art of Anti Detection series we have mainly looked at methods for bypassing automated security products, but in this part we will focus on several self-defense methods for protecting our foothold on the target machines against actual users. These users may be technically insufficient employees or they may be blue team members in a cyber incident division of a company. Our goal is to stay alive and hide our presence inside the target system without having any privileges. But bef...

malware android reverse
Android Malware Analysis : Dissecting Hydra Dropper

Hydra is another android bankbot variant. It uses overlay to steal information like Anubis . Its name comes from command and control panel. Through July 2018 to March 2019 there was atleast 8-10 sample on Google Play Store. Distribution of malware is similar to Anubis cases. Dropper apps are uploaded to Play Store. But unlike Anubis, Dropper apps extract dex file from png file with kinda stenography and downloads malicious app from command and control server with dropped dex. You can find the s...

CATEGORIES Network Operating System Application Security Database Tools Research Advisories Android Threat Intel
TAGS Cyber Intelligence Botnet Organized Cyber-Crime Cyber Espionage tunneling dns ssh icmp wireless wpa wep wpa2 ddos dos udp tcp flood network wpad netbios mitm responder windows llmnr pivoting routing metasploit advisory 0day malware fud crypter backdoors binary reversing patching antidetection privilege escalation shellcode encoder decoder EMET exploit bypass ransomware packer multi-stage stager in-memory reflective bof iat hook assembly self-defence burp sql injection sqlmap secure coding application php phishing word office exploit 1day alienvault nas rce research storage IOT linux siem securityonion android reverse