Excaliat (Pvt.) Ltd’s Post

Exploiting the Heap based vulnerability is tricky and things get more complicated due to different PCPU active slabs for each cache. Here are some clever techniques you can implement while exploiting the heap-based bug in the Linux kernel

#Day19 #100DayChallengeCybersecurity #SLUBStick 💻⛓️New Exploit On Linux Kernal SLUBStick 💻Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. "Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably," a group of academics from the Graz University of Technology said [PDF]. "Concretely, exploiting the side-channel leakage pushes the success rate to above 99% for frequently used generic caches." Memory safety vulnerabilities impacting the Linux kernel have limited capabilities and are a lot more challenging to exploit owing to security features like Supervisor Mode Access Prevention (SMAP), Kernel address space layout randomization (KASLR), and kernel control flow integrity (kCFI). The core idea behind the approach is to offer the ability to modify kernel data and obtain an arbitrary memory read-and- write primitive in a manner that reliably surmounts existing defences like KASLR. However for this to work, the threat model assumes the presence of a heap vulnerability in the Linux kernel and that an unprivileged user has code execution capabilities. "SLUBStick exploits more recent systems, including v5.19 and v6.2, for a wide variety of heap vulnerabilities," the researchers said. 💻⛓️🔐

This Pentesting room from tryhackme gives a good exposure on how to exploit the vulnerabilities of the smb services running on ports 139 and 445, privilege escalation and usage of tools like #enum4linux #johntheripper #ssh2john #linpeas #hydra

My customers are very concerned about security, and exploits... with Oracle Linux, Ksplice can be your first line of detecting an attack - Red Hat doesn't have this. Take a look at this blog - and up your security game.

Hello to all security and hacking fans ⁉ How we can execute C# codes without compiling!    In today's post, I delve into the intriguing world of running C# codes within PowerShell without the need for compiling.   PowerShell is truly a powerhouse, especially for offensive tasks, offering a plethora of functionalities. One such gem is the Add-Type feature, enabling the execution of C# codes as scripts directly in PowerShell - how cool is that?! Let me walk you through a scenario: I crafted a simple undetectable Reverse Shell in C#, bypassing Kaspersky's AV. Instead of compiling it into a PE file, I leveraged the Add-Type feature to transform the C# code into a PowerShell script, successfully obtaining command execution on the victim's machine without arousing suspicion! Imagine the possibilities - from Keyloggers to Screenshotters, this technique opens up a realm of opportunities tailored to specific targets and security landscapes. The beauty lies in executing our "malware" in-memory without leaving traces on disk, providing a stealthy approach to offensive operations.   But the crucial question emerges: how can we detect such abuse within our network? Music: Necessary Evil (The Dark Knight Rises _ Hans Zimmer) #Add_type #powershell

A silly programming error in the CrowdStrike driver running at kernel level that incomprehensibly got past all verification processes. There seems to me that there is scope for improving OS resilience to such silly vulnerabilities. Unprotected kernel extension patching mechanisms continue to be an Achiles heel in widely deployed OS, surprisingly. "The update to the channel file triggered a logic error which caused a memory allocation error. Furthermore, there was a flaw with the validation logic for memory allocations. Since the validation logic also did not detect anything wrong with the memory allocation logic, the driver simply proceeded to operate as usual. Owing to improper memory allocation, this caused the driver to crash with PAGE_FAULT_IN_NONPAGED_AREA error."

It’s inevitable the increase of vulnerabilities in most used OS https://lnkd.in/eqgNZV9u

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. https://lnkd.in/gbCPxEnz

Vulnerabilities in Docker, other container engines enable host OS access Security researchers have found four vulnerabilities in Docker components that could allow attackers to access host operating systems from within containers. One of those vulnerabilities is in runc, a command-line tool for spawning and running containers on Linux that underpins multiple container engines, not just Docker. https://lnkd.in/eUGie-kU