Search results for Java-based open-source

T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together with a set of rules defined for each exercise (optional) and a configuration that allows defining the parameters of the corresponding platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, etc.) that allows the events to present the events in the input channels as injects for each platform. In addition, the framework supports different use cases: "single organization, multiple areas", "multiple organization, single area" and "multiple organization, multiple areas". Getting Things Ready To use the framework with your desired platform, whether it's Slack or Discord, you will need to install the required modules for that platform. But don't worry, installing these modules is easy and straightforward. To do this, you can follow this simple step-by-step guide, or if you're already comfortable installing packages with pip, you can skip to the last step! # Python 3.6+ requiredpython -m venv .venv # We will create a python virtual environmentsource .venv/bin/activate # Let's get inside itpip install -U pip # Upgrade pip Once you have created a Python virtual environment and activated it, you can install the T3SF framework for your desired platform by running the following command: pip install "T3SF[Discord]" # Install the framework to work with Discord or pip install "T3SF[Slack]" # Install the framework to work with Slack This will install the T3SF framework along with the required dependencies for your chosen platform. Once the installation is complete, you can start using the framework with your platform of choice. We strongly recommend following the platform-specific guidance within our Read The Docs! Here are the links: Discord Slack Telegram WhatsApp Usage We created this framework to simplify all your work! Using Docker Supported Tags slack → This image has all the requirements to perform an exercise in Slack. discord → This image has all the requirements to perform an exercise in Discord. Using it with Slack $ docker run --rm -t --env-file .env -v $(pwd)/MSEL.json:/app/MSEL.json base4sec/t3sf:slack Inside your .env file you have to provide the SLACK_BOT_TOKEN and SLACK_APP_TOKEN tokens. Read more about it here. There is another environment variable to set, MSEL_PATH. This variable tells the framework in which path the MSEL is located. By default, the container path is /app/MSEL.json. If you change the mount location of the volume then also change the variable. Using it with Discord $ docker run --rm -t --env-file .env -v $(pwd)/MSEL.json:/app/MSEL.json base4sec/t3sf:discord Inside your .env file you have to provide the DISCORD_TOKEN token. Read more about it here. There is another environment variable to set, MSEL_PATH. This variable tells the framework in which path the MSEL is located. By default, the container path is /app/MSEL.json. If you change the mount location of the volume then also change the variable. Once you have everything ready, use our template for the main.py, or modify the following code: Here is an example if you want to run the framework with the Discord bot and a GUI. from T3SF import T3SFimport asyncioasync def main(): await T3SF.start(MSEL="MSEL_TTX.json", platform="Discord", gui=True)if __name__ == '__main__': asyncio.run(main()) Or if you prefer to run the framework without GUI and with Slack instead, you can modify the arguments, and that's it! Yes, that simple! await T3SF.start(MSEL="MSEL_TTX.json", platform="Slack", gui=False) If you need more help, you can always check our documentation here! Download T3SF

MSEL Slack

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering […]

database exposing Fortune-telling spiritual orientation WeMystic exposes

How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----

encrypt strings Encrypted Strings Macro Encrypted Recognize Macro Strings

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app

Asia Cybersecurity

Aladdin is a payload generation technique based on the work of James Forshaw (@tiraniddo) that allows the deseriallization of a .NET payload and execution in memory. The original vector was documented on https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html. By spawning the process AddInProcess.exe with arguments /guid:32a91b0f-30cd-4c75-be79-ccbd6345de99 and /pid:, the process will start a named pipe under \.pipe32a91b0f-30cd-4c75-be79-ccbd6345de99 and will wait for a .NET Remoting object. If we generate a payload that has the appropiate packet bytes required to communicate with a .NET remoting listener we will be able to trigger the ActivitySurrogateSelector class from System.Workflow.ComponentModel. and gain code execution. Originally, James Forshaw released a POC at https://github.com/tyranid/DeviceGuardBypasses/tree/master/CreateAddInIpcData. However this POC will fail on recent versions of Windows since Microsoft went ahead and patched the vulnerable System.Workflow.ComponentModel (https://github.com/microsoft/dotnet-framework-early-access/blob/master/release-notes/NET48/dotnet-48-changes.md). Nick Landers (@monoxgas) however, identified a way to disable the check that Microsoft introduced and wrote a detailed article at https://www.netspi.com/blog/technical/adversary-simulation/re-animating-activitysurrogateselector/ . The bypass is documented at pwntester/ysoserial.net#41 . Aladdin is a payload generation tool, which using the specific bypass as well as the necessary header bytes of the .NET remoting protocol is able to generate initial access payloads that abuse the AddInProcess as originally documented. The provided templates are: * HTA* VBA* JS* CHM Notes In order for the attack to be successfull the .NET assembly must contain a single public class with an empty constructor to act as the entry point during deserialization. An example assembly has been included in the project. Usage Usage: -w, --scriptType=VALUE Set to js / hta / vba / chm. -o, --output=VALUE The generated output, e.g: -o C:UsersNettitudeDesktoppayload -a, --assembly=VALUE Provided Assembly DLL, e.g: -a C:UsersNettitudeDesktoppopcalc.dll -h, --help Help OpSec The user supplied .NET binary will be executed under the AddInProcess.exe that gets spawned from the HTA / JS payload. The spawning of the processes currently happens using the 9BA05972-F6A8-11CF-A442-00A0C90A8F39 COM object (https://dl.packetstormsecurity.net/papers/general/abusing-objects.pdf) which will launch the process as a child of Explorer.exe process. The GUID supplied in the process parameters of AddInProcess.exe can be user controlled. At the moment the guid is hardcoded in the template and the code. CHM executes the JScript through XSLT transformation Defensive Considerations Addinprocess.exe will always launch with /guid and /pid. Baseline your environment for legitimate uses - monitor the rest Useful References: * https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html* https://www.netspi.com/blog/technical/adversary-simulation/re-animating-activitysurrogateselector/ Readme / Credits Code is based on the following repos: * https://github.com/tyranid/DeviceGuardBypasses/tree/master/CreateAddInIpcData* https://github.com/pwntester/ysoserial.net Shouts to: @m0rv4i for helping with C# nuances @ace0fspad3s for troubleshooting @ Nettitude RT for being awesome Download Aladdin

Aladdin Generation Technique Payload Generation

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two issues are: CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides […]

Chrome vulnerabilities

HWB, for a better world in cyberspace. Hackers Without Borders is an international humanitarian association that provides emergency assistance to non-governmental institutions in the event of crises and disasters related to cyberattacks.

Register today to be a part of the coolest Cybersecurity conference and end 2023 on a bang!Hello hackers!IWCon 2023 — the internet's biggest virtual cybersecurity conference and networking event is happening on 16–17 December 2023.It's a wonderful opportunity for cybersecurity professionals, bug bounty hunters, and students from all over the world to learn, connect, and network. The best part? The entry ticket is just (INR 800 if you're from India)!We have some amazing speakers sharing their cutting-edge research and unique experiences of how they established themselves in Infosec.Be a part of this cool bunch, and book your spot here.Check out our amazing speaker sessionsJason Haddix, BuddoBot CISO & Hacker in Charge will speak on “Recon Like an Adversary.”This is a live workshop where we select an organization and demonstrate how adversaries can use open-source tools and methods to conduct reconnaissance on web infrastructure.Date: December 16, 2023Time: 09:30–10:00 PM ISTSaikrishna Budamgunta, Ex-IRS | Founder @ Saptang Labs, Divsight Intelligence, Maitravaruna & Pinaca Technologies, will speak on “Understanding Chinese Cyber Threats.”Date: December 17, 2023Time: 7:30–8:00 PM ISTDylan Ayrey, Security researcher, public speaker and founder of Truffle Security will speak on “Google Oauth is broken; keep access after leaving..”Talk description: When an Oauth vulnerability is documented, is it still a vulnerability? I think it is, but you can decide for yourselfDate: December 16, 2023Time: 10:30–11:00 PM ISTRenzon Cruz, Principal IR/Forensic Consultant @Unit42_Intel | Co-Founder @guidemtraining will speak on “Navigating the RaaS Threat Landscape: Effective Detection and Response Techniques”Talk description: In this talk, Renzon will cover the latest tactics, techniques, and procedures (TTPs) of ransomware threat actors, delving into essential forensic artifact collection and analysis, detection strategies across ransomware incident phases, and insights into the critical process of ransomware negotiation from his daily experience.Date: December 17, 2023Time: 7:30–11:00 PM ISTCheck the full speaker line-up here.All the sessions will be followed by 20 minutes of Q&A, and value-packed networking sessions where you can match up with cool peeps in Infosec from all over the world.Are you excited?Save your seat today.Got any questions? We're here to address them.If you have any questions, doubts, or blockers stopping you from being a part of IWCON 2023, we'll be happy to answer them.Leave a reply to this email (or drop a comment below) and we'll get back to you as soon as possible.Looking forward to seeing you at IWCON 2023.Book your seat today.Best,Editorial teamInfosec Writeups.Announcing IWCON 2023 Speakers Final Batch was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

Final Batch Speakers Final

Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided. Notepad++ is a simple text editor for Windows with many more capabilities and can be used to open or […] The post Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability appeared first on Cyber Security News.

Validation Flaws

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in "revenue generation and missile-related technology procurement that support the DPRK's

The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here's what we found and what you can do to better protect your own smart home. The post Securing our home labs: Home Assistant code review appeared first on The GitHub Blog.

Assistant code

WinDiff is an open-source web-based tool that allows browsing and comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to include information from the latest Windows updates (including Insider Preview). It was inspired by ntdiff and made possible with the help of Winbindex. How It Works WinDiff is made of two parts: a CLI tool written in Rust and a web frontend written in TypeScript using the Next.js framework. The CLI tool is used to generate compressed JSON databases out of a configuration file and relies on Winbindex to find and download the required PEs (and PDBs). Types are reconstructed using resym. The idea behind the CLI tool is to be able to easily update and regenerate databases as new versions of Windows are released. The CLI tool's code is in the windiff_cli directory. The frontend is used to visualize the data generated by the CLI tool, in a user-friendly way. The frontend follows the same principle as ntdiff, as it allows browsing information extracted from official Microsoft PEs and PDBs for certain versions of Microsoft Windows and also allows comparing this information between versions. The frontend's code is in the windiff_frontend directory. A scheduled GitHub action fetches new updates from Winbindex every day and updates the configuration file used to generate the live version of WinDiff. Currently, because of (free plans) storage and compute limitations, only KB and Insider Preview updates less than one year old are kept for the live version. You can of course rebuild a local version of WinDiff yourself, without those limitations if you need to. See the next section for that. Note: Winbindex doesn't provide unique download links for 100% of the indexed files, so it might happen that some PEs' information are unavailable in WinDiff because of that. However, as soon as these PEs are on VirusTotal, Winbindex will be able to provide unique download links for them and they will then be integrated into WinDiff automatically. How to Build Prerequisites Rust 1.68 or superior Node.js 16.8 or superior Command-Line The full build of WinDiff is "self-documented" in ci/build_frontend.sh, which is the build script used to build the live version of WinDiff. Here's what's inside: # Resolve the project's root folderPROJECT_ROOT=$(git rev-parse --show-toplevel)# Generate databasescd "$PROJECT_ROOT/windiff_cli"cargo run --release "$PROJECT_ROOT/ci/db_configuration.json" "$PROJECT_ROOT/windiff_frontend/public/"# Build the frontendcd "$PROJECT_ROOT/windiff_frontend"npm cinpm run build The configuration file used to generate the data for the live version of WinDiff is located here: ci/db_configuration.json, but you can customize it or use your own. PRs aimed at adding new binaries to track in the live configuration are welcome. Download Windiff

Windiff Windows Binaries