CVE-2023-34362

CVE-2023-34362-IOCs. More information on Deep Instinct's blog site.

MOVEit CVE-2023-34362 IOCs More information on Deep Instinct's blog site Disclaimer The code provided is offered as-is and is intended for educational or informational purposes only The user assumes all responsibility for the use of this code and any consequences that may arise from its use The creator of this code and its affiliates cannot be held liable for any damage

Scraper for daily renewal of the Known Exploited Vulnerabilities Catalog by CISA

Daily scaraping of Known Exploited Vulnerabilities @ CISA Mirroring wwwcisagov/sites/default/files/feeds/known_exploited_vulnerabilitiesjsondaily and stores it on GitHub, since CISA restricts access and applys rate limites This simply helps to keep everything at one place, and my automation up and running How it works The magic is done with the help of this GitHub

A National Vulnerability Database (NVD) API query tool

nvdsearch - v10 - @h0useh3ad A National Vulnerability Database (NVD) API query tool Install Clone from repo $ go mod init nvdsearch $ go mod tidy $ go build Tested with Go version 1191+ Usage nvdsearch has multiple options: cpelookup, cveid, product, cpe $ /nvdsearch -h _ _

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a full technical description of the vulnerability and exploitation, please read our AttackerKB Analysis Usage ruby CVE-2023-34362rb <TARGET_IP> Note: The deserialization gadget is configured to spawn 'notepadexe' Example >ruby poc-cve-2023-34362rb

Exercise for searching CVE's in Metasploit

How to search for a CVE in metasploit Use the following steps to search for a CVE manually, using msfconsole Building & Running a metasploit container To do this we will use the debian-msf-local docker container image Steps for Running: run the build script - /buildsh run the container execute script /runsh A Dockerfile and build script (buildsh) has been incl

CVE-2023-34362 POCs for credential dumping, reverse shells, and playing music by abusing a command injection, CVE-2023-26067, affecting Lexmark Printers Technical Analysis A technical root cause analysis of the vulnerability can be found on our blog: wwwhorizon3ai/lexmark-command-injection-vulnerability-zdi-can-19470-pwn2own-toronto-2022 Summary This POC abuses a com

This shellscript given the OrgKey 0 will parse the header of the base64 artifacts found in MOVEit Logs and decrypt the Serialized object used a payload

moveit-payload-decrypt-CVE-2023-34362 This shellscript given the OrgKey 0 will parse the header of the base64 artifacts found in MOVEit Logs and decrypt the Serialized object used a payload

POC for CVE-2023-34362 affecting MOVEit Transfer

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfer Technical Analysis A technical root cause analysis of the vulnerability can be found on the blog: Summary This POC abuses an SQL injection to obtain a sysadmin API access token and then uses that access to abuse a deserialization call to obtain remote code execution This POC needs to reach out to an Identity P

Repository with everything I have tracking the impact of MOVEit CVE-2023-34362

MOVEit-CVE-2023-34362 Repository with everything I have tracking the impact of MOVEit CVE-2023-34362 Includes possibly affected organizations and domains utilizing SFTP header and cookie discovery methods I've also built a news ticker which tracks new stories about MOVEit, available at firehosekenbucklercom/moveit

an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer

MOVEit Exploit an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer Note this project is done Our instagram page Our youtube chanel Our twitter page CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfer Disclaimer This software has been created purely for the purposes of academic researc

MOVEit CVE-2023-34362

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfer Technical Analysis A technical root cause analysis of the vulnerability can be found on our blog: wwwhorizon3ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ Summary This POC abuses an SQL injection to obtain a sysadmin API access token and then use that access to abuse a deserial

Information about Progress MoveIT CVE

Progress MOVEit vulnerability (CVE-2023-34362) This repo contains operational information regarding Progress MoveIT Transfer vulnerability For more information see: NCSC-NL advisory (NL) Progress MOVEit Transfer Critical Vulnerability (May 2023) TrustedSec: Critical Vulnerability in Progress Moveit Transfer: Technical Analysis and Recommendations Huntress Labs: MOVEit Transfe

Lexmark CVE-2023-26067

CVE-2023-34362 POCs for credential dumping, reverse shells, and playing music by abusing a command injection, CVE-2023-26067, affecting Lexmark Printers Technical Analysis A technical root cause analysis of the vulnerability can be found on our blog: wwwhorizon3ai/lexmark-command-injection-vulnerability-zdi-can-19470-pwn2own-toronto-2022 Summary This POC abuses a com

Quick OSINT checks for IPs and Domains during triage and investigations.

Python Hunt Quick OSINT checks for IPs and Domains during triage and investigations About This script queries APIs for various freely-available intelligence platforms in order to gain important context and reputation data for IP addresses and/or domains Platforms Used WHOIS VirusTotal AlienVault OTX BGPView IBM X-Force Shodan ipinfoio API Keys Required for: VirusTotal I

Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv)

Lesson Learned from �Security Breaches Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv) Rapid7's full technical analysis of the exploit chain for CVE-2023-34362 attackerkbcom/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis?referrer=etrblog A strong IOC may be present in the log file C:\MOVEitTransfer\Logs\DMZ_WebApilog Ref 1 MOVEit

Description of project: Understanding and analyzing a recent Cyber Security breach The goal is to find a solution through a tool, protocol/policy, and to discuss vulnerability protection behaviors that can be demonstrated to prevent these attacks The breach of choice: The type of breach I chose was SQL injection and this breach occurred on a common managed file transfer softw

A video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project)

MOVEit-CVE-2023-34362 A video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project) Video Link : youtube/EsyWXNcmNQY

A curated list of my GitHub stars!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Adblock Filter List Assembly Awk Batchfile Brainfuck C C# C++ CMake CSS Clojure Common Lisp Crystal Cython Dart Dhall Dockerfile Earthly Elixir Emacs Lisp Erlang Fennel GDScript Go HTML Handlebars Haskell Inno Setup Java JavaScript Jupyter Notebook Kotlin LLVM Lua M4 MDX Makefile NCL Nim Nix Nun