Randori Attack Team

96 posts

Randori Attack Team

@RandoriAttack

Trusted Adversary @RandoriSecurity | Exploit Development | Offensive Operations | #InfoSec tweets only | Managed by @syndrowm @pwnpnw @aaronportnoy

Katılım Mayıs 2019

60 Takip Edilen2.8K Takipçiler

Sabitlenmiş Tweet

Randori Attack Team@RandoriAttack·21 Nis

We've been able to trigger CVE-2023-21554 AKA #QueueJumper, a recently patched RCE in Microsoft’s Message Queueing Service reported by @_CPResearch_. We can confirm it appears exploitable. IOCs and more: randori.com/blog/vulnerabi…

English

116

56.8K

Randori Attack Team retweetledi

chompie@chompie1337·2 Ağu

In collaboration with @FabiusArtrel and @aaronportnoy we conducted a post mortem of the QueueJumper MSMQ RCE patch. We do an in depth RCA, identify variants, create exploit primitives, evaluate exploitability, and make some interesting new discoveries! securityintelligence.com/posts/msmq-que…

English

252

53.9K

Randori Attack Team@RandoriAttack·1 Kas

OpenSSL released details for CVE-2022-3602 & CVE-2022-3786. Due to the mitigating factors outlined in our post we do not believe these will be exploited for remote code execution in real-world scenarios: randori.com/blog/openssl-v…

English

Randori Attack Team@RandoriAttack·3 Haz

We have validated Rapid7’s analysis on CVE-2022-26134, an RCE in Atlassian Confluence. Randori recommends assuming compromise and investigating accordingly. Vendor guidance is available here: confluence.atlassian.com/doc/confluence…

Jacob Baines@Junior_Baines

Our technical analysis and curl based PoC for Confluence CVE-2022-26134 can be found here: rapid7.com/blog/post/2022…

English

Randori Attack Team@RandoriAttack·9 May

The Randori Attack Team developed a working exploit for #f5 BIG-IP CVE-2022-1388. To help the #infosec community assess their risk, we published our technical analysis and a bash one-liner that organizations can run to test exploitability. Details here: randori.com/blog/vulnerabi…

English

Randori Attack Team@RandoriAttack·31 Mar

CVE-2022-22965 has been assigned to the #SpringShell vulnerability. Spring framework 5.3.18 and 5.2.20 have been released to address the issue: spring.io/blog/2022/03/3…

English

Randori Attack Team@RandoriAttack·31 Mar

@springframework Clarification on the above: a 400 code is not the *only* positive indicator of susceptibility--just a definitive one.

English

Randori Attack Team@RandoriAttack·31 Mar

The following non-malicious request can be used to test susceptibility to the @springframework 0day RCE. An HTTP 400 return code indicates vulnerability. $ curl host:port/path?class.module.classLoader.URLs%5B0%5D=0 #SpringShell #Spring4Shell #infosec

English

195

538

Randori Attack Team@RandoriAttack·15 Mar

New high severity DoS in OpenSSL just released: openssl.org/news/secadv/20… CVE-2022-0778 was reported by @taviso and appears to affect systems that parse user-supplied certificates.

English

Randori Attack Team@RandoriAttack·16 Ara

@_mattata Cliff notes below #log4j

English

remy🐀@_mattata·15 Ara

Not able attend due to time constraints? The first slides in the recording includes "Bottom Line Up Front", get the high level info you need ASAP.

Randori Attack Team@RandoriAttack

Not able to attend our webinar on #Log4j with @GreyNoiseIO? Click to watch the recording and get expert insights into researching and remediating Log4Shell, with @HexadeciMoose @aaronportnoy @Andrew___Morris, and Remi. vital.wistia.com/medias/qo6vlom…

English

Randori Attack Team@RandoriAttack·15 Ara

English

Randori Attack Team@RandoriAttack·15 Ara

Thanks to @mubix doing great work dispelling myths and misinformation around #log4j twitter.com/mubix/status/1…

Rob Fuller@mubix

10 #Log4Shell Facts vs Fiction: a 🧵 1. 1.x is NOT vuln to this RCE. While it doesn't have another RCE, it requires access to send serialized data to a listener ON the log server. This is much MUCH harder to exploit and kind of rare for a Log4j server to be running.

English

Randori Attack Team@RandoriAttack·15 Ara

Heads up, expect to see a growing diversity of payloads as this evolves. Patching & Default-Deny still your best strategies.

Greg Linares (Laughing Mantis)@Laughing_Mantis

#log4J info stealing method: Just saw an info stealer payload that uses System.getenv(); to grab ALL variables and then send them back to the attacker. That's all it does. This means attackers do not have to know what env variables to guess in order to steal them.

English

Randori Attack Team@RandoriAttack·13 Ara

FYI: Join @Andrew___Morris @aaronportnoy @HexadeciMoose and @_mattata at 3pm EST for a live #log4j discussion hosted by @RandoriSecurity and @GreynoiseIO info.randori.com/log4j-log4shel…

English

Randori Attack Team@RandoriAttack·13 Ara

@GlennPegden We gained remote code execution on the Jamf Pro system, not just a callback.

English

Randori Attack Team@RandoriAttack·11 Ara

The Randori Attack Team can confirm the exploitability of unpatched Jamf Pro on-prem via "Log4Shell". Due to the severity of impact, we recommend organizations patch immediately. See: randori.com/blog/jamf-pro-…

English

Randori Attack Team@RandoriAttack·11 Ara

If impacted: 1. assume compromise and review logs for signs of malicious activity. 2. Configure firewalls to prevent outbound connections. 3. Look for updates from VMware on release of patches. 4. Read updated Log4Shell blog and follow @RandoriAttack for updates. 3/3

English

Randori Attack Team@RandoriAttack·11 Ara

We have validated exploitability with a working exploit, and anticipate widespread exploitation by threat actors imminently. Randori has been in contact with the VMWare team to assist their development of mitigations. 2/3

English

Randori Attack Team@RandoriAttack·11 Ara

The Randori Attack Team can confirm exploitability of VMWare products in live environments (VMSA-2021-0028) via Log4j (CVE-2021-44228) aka "Log4Shell". This is a critical vulnerability. Follow @RandoriAttack for updates: randori.com/blog/cve-2021-… 1/3

English

137

Randori Attack Team@RandoriAttack·10 Ara

We have been monitoring activity and neither Palo Alto Networks nor Randori’s threat intelligence sources have identified attempted exploitation. We hope to give defenders extra time through the end of the year to apply mitigations.

English

Randori Attack Team@RandoriAttack·10 Ara

We have been collaborating with Palo Alto on CVE-2021-3064 and have jointly decided to delay release of technical details as many customers have yet to apply protections due to the COVID-19 pandemic.

English

Keşfet

@FabiusArtrel @aaronportnoy @springframework @taviso @_mattata @GreyNoiseIO @Andrew___Morris @mubix