{"uuid": "edb37f86-0cea-4395-8ee9-667a8d64c2f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2639", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2840", "content": "Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-2639\n\nLinux kernel openvswitch local privilege escalation.\n\nhttps://github.com/veritas501/CVE-2022-2639-PipeVersion\n\n#exploit #linux\n\n\u200b\u200bConnect\n\nCommand and Control Framework\n\nConnect is a tool for testing the security posture of internal environments by simulating real world tactics performed by threat actors. It features an extensible command set and server architecture to deploy and maintain agents for multiple languages and platforms. This extensibility provides operators the ability to rapidly conduct and repeat specific scenarios.\n\nConnect is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.\n\nhttps://github.com/skylerknecht/connect\n\n\u200b\u200bColorDataProxyUACBypass\n\nExploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.\n\nhttps://github.com/hackerhouse-opensource/ColorDataProxyUACBypass\n\n\u200b\u200bPackMyPayload\n\nEmerging Threat of Containerized Malware\n\nThis tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers.\n\nCurrently Threat Actors are known to smuggle their malware archived in various container file formats, to name a few:\n\n\u25ab\ufe0f 7zip\n\u25ab\ufe0f zip\n\u25ab\ufe0f ISO\n\u25ab\ufe0f IMG\n\nThey do that to get their payloads pass file content scanners, but more importantly to avoid having Mark-Of-The-Web flag on their files. There're various motives on why adversaries don't want MOTW on their files: Protected View in Microsoft Office was always among them.\n\nShould they provide container file to their victims, a foundation for disabling VBA macros in Internet-originated Office documents might be bypassed.\n\nhttps://github.com/mgeeky/PackMyPayload\n\n\u200b\u200bSubEvil\n\nAn advanced open source intelligence framework (OSINT) for grouping subdomains.\n\nhttps://github.com/Evil-Twins-X/SubEvil\n\n\u200b\u200bCheeseOunce\n\nThis Simple POC make windows machines auth to another via MS-EVEN.\n\nhttps://github.com/evilashz/CheeseOunce\n\n\u200b\u200bNoFaxGiven\n\nA fax routing extension is a DLL that adds routing functionality to the fax service\n\nhttps://github.com/hackerhouse-opensource/NoFaxGiven\n\n\u200b\u200bAura \n\nA static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI.\n\nProject goals:\n\n\u25ab\ufe0f provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code\n\u25ab\ufe0f enable an organization to conduct automated security audits of the source code and implement secure coding practices with a focus on auditing 3rd party code such as python package dependencies\n\u25ab\ufe0f allow researches to scan code repositories on a large scale, create datasets and perform analysis to further advance research in the area of vulnerable and malicious code dependencies\n\nhttps://github.com/SourceCode-AI/aura\n\n\u200b\u200bScoutSuite\n\nScout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, \n\nScout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.\n\n\u25ab\ufe0f https://github.com/nccgroup/ScoutSuite\n\u25ab\ufe0f https://github.com/nccgroup/sadcloud\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\n#Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2024-02-26T04:21:48.000000Z"}