Adrian  

@[email protected]
409 Followers
792 Following
203 Posts
Obviously my dragon's opinions ¦
Vulnerability Management by day ¦
{Red/Purple} Team by night ¦
#OSCP ¦ know nothing/here to learn!  ¦
Boost & Fav ≠ endorsements / only bookmarks for good content :)
Verifiedhttps://twittodon.com/share.php?t=NRG_03&[email protected]
Adrian  Jul 29, 2025
Kali LinuxJul 14, 2025
Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)
https://www.kali.org/blog/kali-linux-2025-2-release/
Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal) | Kali Linux Blog

We’re almost half way through 2025 already, and we’ve got a lot to share with you in this release, Kali 2025.2. The summary of the changelog since the 2025.1 release from March is: Desktop Updates - Kali-Menu refresh, GNOME 48 & KDE 6.3 updates BloodHound Community Edition - Major upgrade with full set of ingestors Kali NetHunter Smartwatch Wi-Fi Injection - TicWatch Pro 3 now able to de-authenticate and capture WPA2 handshakes Kali NetHunter CARsenal - Car hacking tool set! New Tools - 13 new shinny tools added (and various updates) Desktop Updates Kali Menu Refresh We’ve completely reworked the Kali Menu! It’s now reorganized to follow the MITRE ATT&CK framework structure – which means that finding the right tool for your task should now be a lot more intuitive for red and blue teams alike.

Kali Linux
Adrian  Jun 7, 2024
Dan GoodinJun 7, 2024

Researchers have discovered a critical RCE in PHP for Windows. CVE-2024-4577 allows unauthenticated people to bypass the protection for a previously fixed vulnerability (CVE-2012-1823) using specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.

https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability | DEVCORE 戴夫寇爾

While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.

DEVCORE 戴夫寇爾
Adrian  Apr 23, 2024
Mr. BitternessApr 22, 2024

Reminder:
It's never been safe to run a program out of a directory that contains other untrusted files.
https://insights.sei.cmu.edu/blog/carpet-bombing-and-directory-poisoning/

https://twitter.com/WithinRafael/status/1782213111296229776

Carpet Bombing and Directory Poisoning

Hey, it's Will. Earlier this year, details about carpet bombing attacks were released. Apple addressed the issue by prompting users before downloading files....

SEI Blog
Adrian  Jan 31, 2024
Kevin BeaumontJan 31, 2024

🚨 patch your Cisco AnyConnect boxes 🚨

For a 2020 vulnerability. Really.

Lots of ransomware cases coming in for Cisco AnyConnect/ASA recently and finally we know how - CVE-2020-3259

It was a vuln which allowed a CitrixBleed style memory dump, found by a Russian research org now under US sanctions. Ransomware operators have an exploit.

Sadly it looks like many orgs never patched.

https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259

#threatintel

Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259 - Truesec

In several recent incident response missions, the Truesec CSIRT team made forensic observations indicating that the old vulnerability CVE-2020-3259 is

Truesec
Adrian  Jan 16, 2024
Swissky Jan 16, 2024
DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation", a story on how to fail a red team assessment 🦖
https://swisskyrepo.github.io/Drink-Love-Share-Rump/
DLS 2024 - RedTeam Fails - “Oops my bad I ruined the operation”

Red Team Fails - “Oops my bad I ruined the operation”, a story on how to fail a red team assessment. TLDR: Recently I had the pleasure to give a rump during the “Drink Love Share” meet organized by TheLaluka. This blog post will delve deeper into the topic. This rump told the tale of a little Dino starting in the red team industries.

Swissky’s adventures into InfoSec World !
Adrian  Jan 11, 2024
Mr. BitternessJan 11, 2024
Let's use Ivanti VPN CVE-2024-21887 CVE-2023-46805 as an example of magical thinking.
If you think your web server was compromised, would you use a remote web browser to confirm whether this is true?
This is what the "external" ICT workflow does.
Thoughts and prayers to customers.
Adrian  Dec 14, 2023
Show threadKevin BeaumontDec 13, 2023

I'm not aware of any vendor product yet that allows anonymous users to upload files, and process the files insecurely. There probably is one somewhere, and I imagine exploitation will land on that specific vendor.

Greynoise blog is good btw. https://www.labs.greynoise.io/grimoire/2023-12-12-apache-struts-cve-2023-50164/

GreyNoise Labs - Talk-A-Blog: Apache Struts2 CVE-2023-50164, File Upload Vulnerability Analysis

A new vulnerability in Apache Struts has emerged! Follow us as we take a new twist on reviewing a vulnerability writeup.

Adrian  Oct 26, 2023
frycosOct 25, 2023
Inspired by @pyn3rd excellent JDBC research, I looked at Microsoft's JDBC driver. isAssignableFrom(javax.net.SocketFactory) prevented a quick-win. But at least I found ways to leak NTLM hashes 💪​
Adrian  Oct 13, 2023
@GossiTheDog Best of luck for the next career adventure Kevin!
Adrian  Aug 5, 2023
Andy RobbinsAug 5, 2023

We are releasing BloodHound CE on Tuesday August 8.

This 30 second video shows you the *dramatic* performance improvements over Legacy BloodHound: https://www.youtube.com/watch?v=bqMmYi7jaMI

BloodHound CE Performance Improvement Over Legacy BloodHound

YouTube