Default password lists

I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:

* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.

Always available CTF Labs

I have identified the following CTF labs which are 24/7 and most if not all are free:

To everyone that made me aware of these thank you!

The next generation Direct Kernel Object Manipulation techniques

Direct Kernel Object Manipulation (DKOM) is a technique that allows for software to “hook” in with the Windows operating system at the kernel level. This video is from the INFILTRATE 2019 conference and is titled “DKOM 3.0: Hiding and Hooking with Windows Extension Hosts.” Where they take advantage of a Windows subsystem introduced in Windows 7 to hook the kernel.

Links:

ADV200006: Yet more bugs in the Windows font subsystem

Microsoft announced on Monday March 23rd that they observed two exploits being used in the wild that target the font rendering subsystem in Windows. There is NO patch for these vulnerabilities as of this posting. These require the user to open up a document or a web page that has a font in it that will then exploit the Adobe Type Manager subsystem in Windows (all versions) to gain remote code execution. Typically these types of vulnerabilities gain execution in the Windows kernel where the font subsystem code is run. This means a hacker would have SYSTEM access to a Windows target, which, you know, is not good!

Links:

SMBGhost: New unauthenticated RCE SMB v3 bug found in modern Windows

CVE-2020-0796, better known as SMBGhost, was accidentally announce by Microsoft during March 2020’s Patch Tuesday. This bug is in their implementation of compression in SMB v3 and is both unauthenticated and remote and will result in remote code execution on the target machine with no user interaction. This gives it potential to be turned into a worm that will spread through a Windows Active Directory network like wild fire.

Links:

Pentagon, FBI, DHS jointly expose North Korea hacking efforts

What make this news so significant is this is the first time that the DoD has publicly attributed hacking activity to North Korea. Their motives are seemingly to steal money (most likely to help fund their military), but they also allegedly hacked into a nuclear power plan in India. They attribute two APT groups to North Korea:

    1. Hidden Cobra
    2. Lazarus Group

They also name the malware they used in their hacking efforts.

Links:

Persistence via device firmware

I was reading an article published by SANS, which lead me down a rabbit hole of modifying firmware to have a persistent implant and all the research that has been done on the topic. Firmware runs on a majority of the devices in a modern day computer systems, ranging from a laptop to a cell phone. This includes components such as the track pad, HDD/SSD, network card, USB hubs, GPUs, etc. Doing this research I stumbled on the fact that PCI devices can directly talk to one another with NO OS supervision. So things like antivirus programs or even host based firewalls won’t be able to observe what is going on. This is due to the device directly communication across the PCI/PCIe bus and by modifying the firmware you can achieve persistence and could potentially be platform agnostic.

Links:

New bug found in sudo discovered

CVE-2019-18634 is bug affects the tool named “sudo” versions less than 1.8.26 on both Linux and macOS that gives non-root users the ability to run commands as though they are root. The feature of sudo that has the stack overflow is the password feedback, which is thankfully disabled on a majority of Linux distributions, such as Ubuntu. However Mint and Elementary are two distros that have enabled this feature. macOS has this feature enabled, but Apple already has a patch for it.

Links: