How I discovered and chained and RCE and an XSS on CHAOS RAT v5.01, allowing an attacker to takeover the RAT server. Taking inspiration from
https://x.com/ACEResponder/status/1687214024247615488, I also added exploit functionality to rickroll RAT operators.
https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/https://github.com/chebuya/CVE-20
ACE Responder (@ACEResponder) on X
Introducing RogueSliver. A tool to disrupt offensive campaigns that use the Sliver C2 framework.
• Hijack beacons
• Send memes to the attacker
• Flood C2 servers
#DFIR #RedTeam
https://t.co/DeJq1P8byd
I found a pre-auth path traversal vulnerability in the Jasmin Ransomware panel allowing an attacker to deanonymize panel operators and dump decryption keys. Jasmin ransomware was observed in a recent TeamCity exploitation campaign (
https://twitter.com/brody_n77/status/1765145148227555826)
https://github.com/chebuya/CVE-20
Brody (@brody_n77) on X
Multiple cases of JetBrains TeamCity exploitation (CVE-2024-27198, CVE-2024-27199) being followed up by deployments of (suspected modified) Jasmin Ransomware.
https://t.co/3zgKhY8fi1
https://t.co/IYP2Ls19WS
https://t.co/SE8YvgjchR
