Microsoft Warns of New Windows Zero-Day Exploit

 

Microsoft has warned of a new Windows zero-day exploit that is being actively exploited by attackers. The exploit affects all supported versions of Windows, including Windows 10 and Windows 11.

The exploit is a remote code execution vulnerability that allows attackers to execute arbitrary code on a victim's computer. This could allow attackers to steal data, install malware, or take control of the victim's computer.

The vulnerability is tracked as CVE-2023-29336 and is a heap buffer overflow in the Win32k kernel driver. The vulnerability can be exploited by sending a specially crafted packet to a vulnerable system.

Microsoft has released a security update to address the exploit. The update is available for Windows 10 and Windows 11. It is important to install the update as soon as possible to protect yourself from the exploit.

Here are some tips for staying safe:

• Keep your software up to date. Microsoft releases security updates regularly to address vulnerabilities such as this one. It is important to install these updates as soon as they are available.
• Use a security solution. A security solution can help to protect your computer from malware and other threats.
• Be careful about what you click on. Do not click on links in emails or on websites that you do not trust.
• Use strong passwords. Use strong passwords and change them regularly.
• Back up your data regularly. In the event that your computer is infected with malware, you will be able to restore your data from a backup.

By following these tips, you can help to protect yourself from the new Windows zero-day exploit.

If you think that you have been infected with malware, there are a few things that you can do:

• Run a virus scan. A virus scan can help to identify and remove malware from your computer.
• Change your passwords. Change your passwords for all of your online accounts.
• Monitor your credit report. Monitor your credit report for any unauthorized activity.

By taking these steps, you can help to minimize the damage caused by a malware infection.

MOVEit Transfer Zero-Day Vulnerability Exposes Organizations to Data Theft

 

A critical zero-day vulnerability has been discovered in MOVEit Transfer, a popular file transfer software used by organizations of all sizes. The vulnerability, tracked as CVE-2023-34362, allows attackers to execute arbitrary code on the victim's system, which can then be used to steal data, install malware, or take other actions.

The vulnerability has been actively exploited by hackers in a number of data theft attacks. In one recent attack, hackers used the vulnerability to steal terabytes of data from a healthcare organization, including sensitive patient data. In another attack, hackers used the vulnerability to steal financial data from a financial services company.

Progress Software, the developer of MOVEit Transfer, has released a security advisory and a patch for the vulnerability. However, it is likely that some organizations are still vulnerable to the attack.

Organizations that use MOVEit Transfer should immediately patch the vulnerability to protect themselves from attack. They should also monitor their systems for signs of compromise, such as unauthorized access, unusual activity, or changes to system settings.

Here are some additional tips for protecting yourself from the MOVEit Transfer zero-day vulnerability:

• Use strong passwords and two-factor authentication. Strong passwords and two-factor authentication can help to protect your accounts from unauthorized access.
• Use a firewall and antivirus software. A firewall and antivirus software can help to protect your system from attack.
• Keep your software up to date. Software updates often include security patches that can help to protect your system from attack.

By following these tips, you can help to protect yourself from the MOVEit Transfer zero-day vulnerability and other security threats.

 

How to Patch the MOVEit Transfer Zero-Day Vulnerability

To patch the MOVEit Transfer zero-day vulnerability, you should follow these steps:

1. Download the patch from the Progress Software website.
2. Install the patch on all of your MOVEit Transfer servers.
3. Restart your MOVEit Transfer servers.

After you have patched the vulnerability, you should monitor your systems for signs of compromise. If you see any suspicious activity, you should investigate immediately.

 

How to Monitor Your Systems for Signs of Compromise

To monitor your systems for signs of compromise, you should:

• Use a security information and event management (SIEM) system. A SIEM system can help you to collect and analyze security logs from your systems. This can help you to identify suspicious activity, such as unauthorized access or unusual network traffic.
• Use a vulnerability scanner. A vulnerability scanner can help you to identify security vulnerabilities on your systems. This can help you to prioritize your security efforts and patch vulnerabilities before they can be exploited by attackers.
• Monitor your system logs. You should regularly monitor your system logs for signs of compromise. This includes looking for unauthorized access, unusual activity, or changes to system settings.

By following these steps, you can help to protect your systems from attack and detect any compromise that does occur.

How to create a ESP8266 Wi-Fi Deauthenticator in just $4

 

The ESP8266 is designed to work with microcontroller boards like Arduino and Raspberry Pi, making it easy to integrate into existing projects with minimal overhead. The ESP8266 is a low-cost microcontroller that can be programmed to operate as a stand-alone system or as an embedded part of a larger product. It has built-in Wi-Fi connectivity, which allows it to connect to other devices and send/receive data from them.

This project is to build a simple ESP8266 Universal Wifi Deauthenticator. The esp8266 can simply deauthenticate other networks that are connected to your router and disconnect them, causing the connected network to reconnect slowly over time. This method can be used to delay an attacker's time in the network so they cannot compromise it. ESP8266 will send a packet requesting that it connected to the protected network. As soon as this happens, all clients will shut down immediately so they won't create any traffic on WiFi network.

In this post, we're going to create esp8266 wifi jammer or deauthenticator in simple steps.

 

Requirements - 

1) An ESP8266 module

2) USB data cable

 

Installation -

1) First we need to install drivers according to chipset. There are 2 types of chipset - CH34x and CP210x. So identify chipset and install drivers according to your module.

Download Drivers for CH340

Download Drivers for CP210x 

2) After this, download flasher tool from Github link. 

Download N2D2 Flasher Tool 

 

3) Now Extract zip file and launch N2D2 tool

4) Now connect ESP8266 using USB Data Cable to Laptop / Desktop

5) The tool will automatically detects drivers and you device

6) Select 'Get the latest image from internet'

7) Now select software version for your device. We need software which ends with 'DSTIKE_DEAUTHER_V1'. You can choose V2 or V3. After this, it will download latest software from Github.

8) Now Select 'Allow software installation'

9)  After successful installation, close the tool.

How to use -

1) Connect your device to esp8266 using wifi. You can see the network name 'pwned'. Use password "deauther" to connect to the esp8266.

2) When device connects, Open you browser and go to this address -

192.168.4.1

 

3) Click on "I have read and understood the notice above"

4) Now you will get all wi-fi networks available near to you. Select any one or multiple networks from list

 

5) Now goto the topmost navbar and select 'Attack' option. You will be redirected to attack page. You will get 3 options. Select any option of your choice

How these 3 options works -

1] Deauth

Closes the connection of WiFi devices by sending deauthentication frames to access points and client devices you selected.
This is only possible because a lot of devices don't use the 802.11w-2009 standard that offers a protection against this attack.
Please only select one target! When you select multiple targets that run on different channels and start the attack, it will quickly switch between those channels and you have no chance to reconnect to the access point that hosts this web interface.
 

2] Beacon

Beacon packets are used to advertise access points. By continuously sending beacon packets out, it will look like you created new WiFi networks.
You can specify the network names under SSIDs.
 

3] Probe

Probe requests are sent by client devices to ask if a known network is nearby.
Use this attack to confuse WiFi trackers by asking for networks that you specified in the SSID list.
It's unlikely you will see any impact by this attack with your home network.

That's it. Don't use this for illegal purposes.

TAGS -

#wifi-jammer #wifi-deauthenticator #esp8266 #nodemcu

Also Read -

Useful OSINT tool for bug hunters - Photon

Enable monitor mode in linux without disconnecting wifi 

 

How to do rogue AP attack in Linux using WifiPumpkin3

 

A rogue access point (or AP) is a wireless access point that is not managed by your network administrator because it is installed on your network without your permission. Rogue APs do not have the same security settings as other access points. These APs are physically located behind a network firewall. This means that anyone who has access to the AP has access to a wider network.  A rogue AP is a wireless access point installed on a wired network infrastructure without the permission of the network administrator or owner to provide rogue wireless access to the network's wired infrastructure. There is likely to be. Anyway, rogue access points can be used in a variety of attacks, including denial of service, data theft, and other malware implementations.
In this post we are going to use WifiPumpkin tool. Wifipumpkin3 is a powerful framework for rogue access point attacks which is written in Python that allows security researchers, red teams, and reverse engineers to set up wireless networks to carry out man-in-the-middle attacks.


Features -
 

• Creates rogue access point attack

• Good for Man-in-the-middle attacks   

• Plenty module for deauthentication attacks

• Provides Rogue Dns Server

• Can intercept, inspect, modify and replay web traffic        

• Provides DNS monitoring service

• Can harvest credentials

 
 
Installation


1) Update packages

$ sudo apt-get update 

2) Install required packages

$ sudo apt-get install hostapd python3.9-dev libssl-dev libffi-dev build-essential python3.9 python3-pyqt5

3) Install wifipumpkin3

$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
$ cd wifipumpkin3
$ sudo python3 setup.py install

4) Now just run this tool by typing -

$ sudo wifipumpkin3

If you have any problems regrading this, please comment below.


Also Read -

Top 5 Subdomain Takeover Tools for Linux [2021]

How to install kali linux repo in any debian based distro 

 

Top 5 Subdomain Takeover Tools of Github for Linux [2024]

 

Obtaining a subdomain is an attack in which an attacker has complete control over the subdomain. This happens when the provider deletes the web content on the domain but forgets to delete the DNS record.
This error could allow an attacker to gain control of a subdomain, which could allow an attacker to perform any type of attack using that subdomain, including phishing and mapping.
To find out which subdomain is easier to control, you need some tools to find that particular subdomain. That way, you can prevent such attacks. Here are some tools to help you identify subdomains that are easy to adopt.
This will help you find that subdomain. These tools are free to use and display results in less than a minute.

Here are some tools to takover subdomains -


1) subzy

Subzy is a golang tool which helps you to find which subdomain is ready to takeover.

 

Link - https://github.com/LukaSikic/subzy


2) SubOver

SubOver is likewise a Go language based tool. It can undoubtedly identify and report vulnerable subdomain that can easily takeover.

Link - https://github.com/Ice3man543/SubOver


3) takeover

takeover is a Python based tool which recognize a subdomain which is not difficult to takeover.

Link - https://github.com/m4ll0k/takeover


4) subdomain-takeover

This tool also a python based which helps you to find which subdomain is ready to takeover.

Link - https://github.com/antichown/subdomain-takeover


5) subdover

Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3, Which has more than 70+ Fingerprints of potentially vulnerable services. Uses CNAME record for verification of findings.

Link - https://github.com/PushpenderIndia/subdover


If you have any query, please comment below.


Also read -

How to do phishing attacks in termux using SocialFish

How to create metasploit payload easily in linux & termux

How to install gui in termux