♥ LoLi Security Update ♥

[Other] Hardening Windows with AppLocker - Mitigate msbuild.exe

In this post I will cover how to go beyond the default rules in AppLocker and harden it to prevent msbuild.exe from working. I will explain different methods of mitigating using AppLocker. But before we dive into rule making, let me first explain the default rules in detail.

[Exploit] Exploiting Word: CVE-2017-11826

Coincidentially with the beggining of an APT simulation engagement in the Red Team, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office. The patch, which fixed a memory corruption bug, was first published on October 10th. On October 11th, Quihoo 360 Core Security reported having found malware exploiting said vulnerability during the previous month.

[Tool] wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms. WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version 2.1.

[Tool] Tiredful API - An intentionally designed broken web application based on REST API

Tiredful API is intentionally designed broken app. The aim of this web app is to teach developers, QA or security professionals about flaws present in webservices (REST API) due to insecure coding practice.

[Tool] ProcDump for Linux - A Linux version of the ProcDump Sysinternals tool

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers.

[Tool] QuasarRAT - Remote Administration Tool for Windows

Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.

[Windows] Securing Windows Defender Application Guard

David “dwizzzle” Weston Securing Windows Defender Application Guard Microsoft, Windows and Devices Device Security Group Manager Saruhan “manbun” Karademir Information Security Microsoft, Windows and Devices

[Tool] ADRecon - Active Directory and generates a report

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Copyright © 2018 LoLi Team.