https://gccybermonks.com/ Recent content on GC Cybermonks Hugo -- gohugo.io en-us GC Cybermonks © 2021 Sat, 27 Jul 2024 01:01:01 -0300 https://gccybermonks.com/posts/github/ Sat, 27 Jul 2024 01:01:01 -0300 https://gccybermonks.com/posts/github/ by Marlon Fabiano (Astrounder) English: Zeroday on Github Copilot Astrounder identified and reported two zero-day vulnerabilities in GitHub Copilot, which were subsequently rectified by GitHub. These flaws could potentially lead to alterations in the behavior of the Copilot model and the leakage of developers’ data. Direct Prompt Injection Vulnerability: This flaw allowed for the injection of malicious prompts that could modify Copilot’s responses and leak the source code the developer was working on. https://gccybermonks.com/posts/defectdojo/ Mon, 11 Mar 2024 08:01:01 -0300 https://gccybermonks.com/posts/defectdojo/ by Felipe Novais (crwl3y) OWASP DefectDojo (CVE-2023-48171) Introduction Have you ever imagined a cybersecurity tool having vulnerabilities? It may sound counterintuitive for people outside of cybersecurity. Yet, this was the case for DefectDojo 1.5.3.0 at the beginning of January 2019. We’ve implemented DefectDojo 1.5.3.0, the Open Source DevSecOps tool with application vulnerability management capabilities for manual and automated flows. You could do it in the traditional style or your CI/CD DevSecOps pipeline. https://gccybermonks.com/posts/pdfjira/ Mon, 23 Oct 2023 01:01:01 -0300 https://gccybermonks.com/posts/pdfjira/ by Rodrigo Gava LFI (Local File Inclusion) Issue found in Jira Server and Data Center “Better PDF Exporter” Plugin Our research group has identified a significant vulnerability in the widely used Better PDF Exporter plugin for Jira Server and Jira Data Center. It’s worth noting that this plugin is highlighted as a “Staff Pick” on the Atlassian Marketplace and has amassed thousands of installations. Vulnerability Details: CVE Identifier: CVE-2023-42361 Product: Better PDF Exporter for Jira Server and Jira Data Center (Note: Jira Cloud version is NOT affected) Version Affected: Up to 10. https://gccybermonks.com/posts/ssrfvision/ Mon, 06 Jun 2022 15:04:57 -0300 https://gccybermonks.com/posts/ssrfvision/ by @phor3nsic_br Summary For a long time, I tested SSRF failures to search for services and ports from the internal network and use the information to obtain interesting data or reach a RCE. But in the last few days, I came across situations where I didn’t have an internal scenario, I had a good flaw but its impact would be low. Until a great idea came up, I would like to share it with you! https://gccybermonks.com/posts/cve-2021-40822/ Tue, 17 May 2022 15:04:57 -0300 https://gccybermonks.com/posts/cve-2021-40822/ by @phor3nsic_br This article shows how it is possible to obtain a complete Server-side request forgery through the GeoServer application. GeoServer is an open-source server for sharing geospatial data. Introduction Analyzing the test functions available in all Geoservers by default, we noticed the existence of a “TestServlet”, when we saw this option, we immediately thought about the possibility of an SSRF, with that we used the knowledge mentioned below to bypass some checks and obtain a Full SSRF. https://gccybermonks.com/posts/falcon-bypass/ Thu, 17 Mar 2022 08:02:01 -0300 https://gccybermonks.com/posts/falcon-bypass/ by Samuel Pires (sunw4r) Recently on a Red Team Assessment, after achieving access on the internal network, we noticed that all servers and workstations were protected by Crowd Strike Falcon EDR. It is an awesome tool that actively prevents most known attacks. In this particular case, our mission was to dump all hashes from a local windows server (with local administrator privileges). Using the traditional ways of dump: C:\reg save hklm\sam c:\sam access denied. https://gccybermonks.com/posts/prototype-plist/ Thu, 17 Mar 2022 08:01:01 -0300 https://gccybermonks.com/posts/prototype-plist/ by Guilherme Keerok Plist is a NodeJS package to read plist files. Plist files are most commonly used in Apple systems and the lib at the time this post is written has 3.492.336 weekly downloads. There’s nothing new in this blog post, prototype pollution already has a lot of articles like this, so I will show just this vulnerability. Plist files intiate with <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1. https://gccybermonks.com/posts/winapibypass/ Fri, 15 Oct 2021 08:01:01 -0300 https://gccybermonks.com/posts/winapibypass/ by Marcelo Benesciutti Recently I started to do some researches on AV/EDR bypass and Windows internals (shoutout to my friend Thiago Peixoto on this part, who have helped me alot). On my studies I have stumbled on a very common detection method employed by most AV/EDR solutions, Windows API hooking. Basically, the solutions hook common functions used on malicious code, such as OpenProcess, VirtualAllocEx, WriteProcessMemory, CreateRemoteThread, among others, and if an unknown PE makes use of these functions, it will be potentially flagged as malicious. https://gccybermonks.com/posts/mxss/ Wed, 22 Sep 2021 08:01:01 -0300 https://gccybermonks.com/posts/mxss/ by Guilherme Keerok This is another bug that was discovered during @duphouse, and was the result of a collaboration with @lbherrera. It was found on Kitsune, which is an open-source software that runs SUMO (support.mozilla.org), and provides support for Firefox and other Mozilla software. It works similarly to a wiki, containing several functionalities for users to create, read or edit articles. During the tests, the preview functionality caught our attention, as it allowed users to preview their changes to the article before submitting it - and more interestingly - it was also allowing a small subset of HTML tags to be included that got rendered inside the page. https://gccybermonks.com/posts/msstore/ Thu, 24 Jun 2021 08:54:47 -0300 https://gccybermonks.com/posts/msstore/ Author: Marlon Fabiano Description of the 3 vulnerabilities: “Generating invoices in the Microsoft Store without making purchases”, “Adding money in the Microsoft Store Wallet” and “Buying Definitive / Deluxe / Ultimate games for the price of a standard game”. The summary of the steps of the two Bypass (purchases of infinite games and subscriptions within Microsoft’s sandbox) can be found at the link: https://github.com/smarlonfabiano/xbox_xpl Vulnerability 1 Understanding the vulnerability that allows you to generate invoices for Xbox games without buying them and the possibility to profit through the Nota Fiscal Paulista. https://gccybermonks.com/posts/msstorebypass/ Thu, 24 Jun 2021 07:54:47 -0300 https://gccybermonks.com/posts/msstorebypass/ Author: Marlon Fabiano First bypass - Free Vulnerability Purchases Microsoft has an extensive BugBounty program. I have already participated a few times and received some acknowledgements on the MSRC (Microsoft Security Response Center) portal, so I identified a great bug in Microsoft’s payment method. A failure that allowed me to buy products from the store and not paying anything for it. It is important to mention that when I reported the failure to the MSRC it was not that simple, because the triage team ended up discrediting even with the PoCs (Proof Of Concept) of someone who said: “Hey Microsoft, I can subscribe to Xbox Live for free. https://gccybermonks.com/posts/popups/ Fri, 04 Jun 2021 08:01:01 -0300 https://gccybermonks.com/posts/popups/ by Guilherme Keerok Introduction This research was fun to do and I believe it addresses some cool and theoretically interesting techniques, some things have already been reported, and others, due to the format that these technologies were made, don’t need to be reported, as several techniques here are considered by design in browsers. One of the main themes that I tried to focus on this research was not to use CSRF so I tried to do something similar, maybe a “CSWF” (Cross-Site Window Forgery), this is just a joke, but yes, without CSRF but with a little bit of Clickjacking. https://gccybermonks.com/posts/obji2sqli/ Wed, 26 May 2021 16:54:47 -0300 https://gccybermonks.com/posts/obji2sqli/ by Walleson Moura (@phor3nsic_br) NodeJS + Sqlstring In this section, we will explain a curious case of sql injection, a possible scenario, details of the issue, possible impacts and mitigations. What is Object Injection? Object Injection is an application-level vulnerability that could allow an attacker to execute different types of malicious methods, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when the input required by the user is not properly sanitized… (OWASP). https://gccybermonks.com/posts/xss-mozilla/ Fri, 19 Mar 2021 18:01:01 -0300 https://gccybermonks.com/posts/xss-mozilla/ by Guilherme Keerok In the last month, some friends and I have founded @duph0use, a house where we spent the last month doing bug bounties, researching, and working. At some point during the time I was there, I started searching for bugs in Mozilla, which led me to find 3 XSSes. In this post I will only be showing one of these findings. While I navigated through Mozilla products, I ended up finding chat.