Brutkey

cR0w
@cR0w@infosec.exchange
cR0w
@cR0w@infosec.exchange

Ha ha ha... HONK!

An ASCII goose saying "fuck peace. and quiet. let's start a riot."
cR0w
@cR0w@infosec.exchange

@cryptomoose@infosec.exchange

Screenshot of filenames with dates in their names that are only a few months old
cR0w
@cR0w@infosec.exchange

L3Harris was published. Only about 500MB. Looks like it was just one workstation looted. I haven't dug through it but I probably won't at this point.

#ransomware

cR0w
@cR0w@infosec.exchange

https://ofac.treasury.gov/recent-actions/20250813_33

The Department of the Treasury's Office of Foreign Assets Control (OFAC) is issuing Russia-related General License 125, "Authorizing Transactions Related to Meetings Between the Government of the United States of America and the Government of the Russian Federation in Alaska."

cR0w
@cR0w@infosec.exchange

https://support.hp.com/us-en/document/ish_12878449-12878471-16/hpsbhf04043

sev:HIGH 7.3 - CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

A potential security vulnerability has been identified in the System BIOS for some HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2024-5477

cR0w
@cR0w@infosec.exchange

https://aws.amazon.com/security/security-bulletins/AWS-2025-017/

We identified CVE-2025-8904, an issue in the Amazon EMR Secret Agent component. The Secret Agent component securely stores secrets and distributes secrets to other Amazon EMR components and applications. When using Amazon EMR clusters with one or more Lake Formation, Apache Ranger, runtime role, or Identity Center feature that uses this component, Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.

cR0w
@cR0w@infosec.exchange

Okay, that was kind of a big reaction. But:

Using ysoserial.exe, the BinaryFormatter deserialization payload is generated with the gadget TypeConfuseDelegate to trigger Remote Code Execution on the server. As a proof of concept, the command provided will have the remote server execute the “whoami” command locally and store the command output of the account currently running the service into the file located at “C:\temp\whoami.txt”.ysoserial.exe -f BinaryFormatter -g TypeConfuseDelegate -c 'whoami > c:\temp\whoami.txt' -o base64Using ExploitRemotingService.exe, the generated base64 encoded payload from ysoserial.exe is passed as an argument and sent as a raw deserialization payload to the .NET Remoting TCP Channel on port 6031 with the known URI endpoint TimerServer that was registered inside Hyland.Core.Timers.dll.ExploitRemotingService.exe tcp://<onbase-server>:6031/TimerServer raw <ysoserial-payload>

cR0w
@cR0w@infosec.exchange

Holy fucking shit this perfect 10 in Hyland Software OnBase. 🥳🥳

https://gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dc

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

https://www.cve.org/CVERecord?id=CVE-2025-34153

cR0w
@cR0w@infosec.exchange

Story time from @nattothoughts@infosec.exchange

https://nattothoughts.substack.com/p/few-and-far-between-during-chinas

#threatIntel

cR0w
@cR0w@infosec.exchange

Petition to rename GlobalProtect to sudo since all it does is provide PrivEsc.