- rwth-security - lists.rwth-aachen.de

chainsaw: Hunt, search, and extract event log records
by Jens Hektor 20 Sep '22

20 Sep '22

Hallo, Windows Eventlogs mit den Bordmitteln zu lesen, macht ja meistens keinen großen Spaß. Ich kann mir vorstellen (benutze und betreibe ja selbst kein Windows), dass dieses beim Internet Storm Center vorgestellte Tool hilfreich sein kann: https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+… Gruß, Jens Hektor -- Dipl.-Phys. Jens Hektor, Security Operations RWTH Aachen University, IT Center RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22100 http://www.itc.rwth-aachen.de - hektor(a)itc.rwth-aachen.de

1 0

YARA - Stopping Vulnerable Driver Attacks
by Bernd Kohler 20 Sep '22

20 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Stopping Vulnerable Driver Attacks" VG Bernd [0] https://www.elastic.co/security-labs/stopping-vulnerable-driver-attacks -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CATS - REST API fuzzer and negative testing tool
by Bernd Kohler 19 Sep '22

19 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CATS" - REST API fuzzer and negative testing tool. VG Bernd [0] https://github.com/Endava/cats -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Trojanized versions of PuTTY utility being used to spread backdoor
by Bernd Kohler 19 Sep '22

19 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Trojanized versions of PuTTY utility being used to spread backdoor" VG Bernd [0] https://arstechnica.com/information-technology/2022/09/trojanized-versions-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Relaying YubiKeys
by Bernd Kohler 19 Sep '22

19 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Relaying YubiKeys" "... We are not relaying actual physical YubiKeys, we are relaying the APDU packets ... VG Bernd [0] https://cube0x0.github.io/Relaying-YubiKeys/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

LDAP Nom Nom
by Bernd Kohler 18 Sep '22

18 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "LDAP Nom Nom" --> "... Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) ..." VG Bernd [0] https://github.com/lkarlslund/ldapnomnom -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

TLS-Anvil - an automated test suite for TLS
by Bernd Kohler 15 Sep '22

15 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] und [1] FYI "TLS-Anvil" VG Bernd [0] https://tls-anvil.com/ [1] https://github.com/tls-attacker/TLS-Anvil -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Microsoft Teams stores auth tokens as cleartext in Windows, Linux,
by Bernd Kohler 14 Sep '22

14 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs" VG Bernd [0] https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CloudFox
by Bernd Kohler 14 Sep '22

14 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CloudFox" (siehe dazu auch [1]) ... helps you answer the following common questions (and many more): What regions is this AWS account using and roughly how many resources are in the account? What secrets are lurking in EC2 userdata or service specific environment variables? What actions/permissions does this [principal] have? What roles trusts are overly permissive or allow cross-account assumption? What endpoints/hostnames/IPs can I attack from an external starting point (public internet)? What endpoints/hostnames/IPs can I attack from an internal starting point (assumed breach within the VPC)? What filesystems can I potentially mount from a compromised resource inside the VPC? VG Bernd [0] https://github.com/BishopFox/cloudfox [1] https://bishopfox.com/blog/introducing-cloudfox -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New PsExec spinoff lets hackers bypass network security defenses
by Bernd Kohler 13 Sep '22

13 Sep '22

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New PsExec spinoff lets hackers bypass network security defenses" --> "... Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135 ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/new-psexec-spinoff-lets-hack… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0