Default password lists

I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:

* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.

Always available CTF Labs

I have identified the following CTF labs which are 24/7 and most if not all are free:

To everyone that made me aware of these thank you!

The next generation Direct Kernel Object Manipulation techniques

Direct Kernel Object Manipulation (DKOM) is a technique that allows for software to “hook” in with the Windows operating system at the kernel level. This video is from the INFILTRATE 2019 conference and is titled “DKOM 3.0: Hiding and Hooking with Windows Extension Hosts.” Where they take advantage of a Windows subsystem introduced in Windows 7 to hook the kernel.

Links:

ADV200006: Yet more bugs in the Windows font subsystem

Microsoft announced on Monday March 23rd that they observed two exploits being used in the wild that target the font rendering subsystem in Windows. There is NO patch for these vulnerabilities as of this posting. These require the user to open up a document or a web page that has a font in it that will then exploit the Adobe Type Manager subsystem in Windows (all versions) to gain remote code execution. Typically these types of vulnerabilities gain execution in the Windows kernel where the font subsystem code is run. This means a hacker would have SYSTEM access to a Windows target, which, you know, is not good!

Links:

SMBGhost: New unauthenticated RCE SMB v3 bug found in modern Windows

CVE-2020-0796, better known as SMBGhost, was accidentally announce by Microsoft during March 2020’s Patch Tuesday. This bug is in their implementation of compression in SMB v3 and is┬áboth unauthenticated and remote and will result in remote code execution on the target machine with no user interaction. This gives it potential to be turned into a worm that will spread through a Windows Active Directory network like wild fire.

Links:

Pentagon, FBI, DHS jointly expose North Korea hacking efforts

What make this news so significant is this is the first time that the DoD has publicly attributed hacking activity to North Korea. Their motives are seemingly to steal money (most likely to help fund their military), but they also allegedly hacked into a nuclear power plan in India. They attribute two APT groups to North Korea:

    1. Hidden Cobra
    2. Lazarus Group

They also name the malware they used in their hacking efforts.

Links: