Snir Karat’s Post

📌 Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks 🌐 https://lnkd.in/eabT99tr #Pentesting #Hacking #Hacker #OffensiveSecurity #Pentest #RedTeam #BugBounty #Vulnerability #Testing #devsecops #OffensiveOperations #window_internals #PenetrationTesting #exploit #blueteam #infosec #cybersecurity #informationsecurity #security

A critical security flaw in the Rust standard library has been discovered, and it could be used to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0. To learn more about the flaw, check out this article: https://lnkd.in/g8CpxiMz. You can also find additional details on the CVE here: https://lnkd.in/gVXAwYXE. Stay vigilant, and make sure your systems are up-to-date and secure.

Quick adopt rust for memory security....and expose your system with maximum CVE vulnerability ! lol, the irony "Critical Rust flaw enables Windows command injection attacks" connected=hacked Make sure you patch : All Rust versions before 1.77.2 on Windows are affected if a program's code or one of its dependencies invokes and executes batch files with untrusted arguments. #cybersecurity #rust #patchmanagement #vulnerabilitymanagement https://lnkd.in/eBNhX-e2

HACKSUDO: THOR Vulnhub CTF Walkthrough Welcome to the HACKSUDO walkthrough of THOR, a captivating Vulnhub CTF challenge. In this concise guide, we'll unravel the mysteries of THOR, highlighting key steps to conquer its vulnerabilities and claim the flags. So, join us on this thrilling journey as we navigate through the depths of THOR's security landscape. Let's dive in! Razz Security Academy Mahesh Razz

⚠ A critical vulnerability in the Rust standard library prior to version 1.77.2 has been uncovered recently this week, exposing Windows systems to the risk of arbitrary code execution. Our next #CVEOfTheWeek, tracked as CVE-2024-24576, goes to this flaw, which could potentially be exploited by attackers to gain unauthorized control of a system. This vulnerability has been categorized as critical and has a CVSS score of 10/10. ❌ Exploitation let attackers to: ▶ Run arbitrary code on the vulnerable machine ▶Install malware ▶Steal sensitive data ▶Launch further attacks on the network 💣 The Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. However on Windows, the implementation of this is more complex and there is an exception though, which is cmd.exe. It has its own argument splitting logic that forces the standard library to implement custom escaping for arguments passed to batch files. Currently Rust foundation hasn't identified a solution that would correctly escape arguments in all cases. A temporary change has been implemented to this part of the library: when the Command API cannot safely escape an argument, it returns an InvalidInput error. All Rust versions before 1.77.2 on Windows are affected, if the code or any dependencies executes batch files with untrusted arguments. Other platforms or other uses on Windows are not affected. 🛡 ⚙ Security advisory on Rust blog: 👉 https://lnkd.in/etxnudQY #WhiteHatSeries #informationsecurity

New: Here's what you need to know about the new #CUPS vulnerabilities: impacted components, attack mechanisms, and more (via Christopher Sasarak).

blog on HACKSUDO: THOR vulnhub CTF Walkthrough done by our intern Meghana U At Razz Security Academy, we've developed a Cyber Security and Ethical Hacking foundation course to provide essential insights into offensive security practices and diverse developed cybersecurity domains, thereby equipping individuals with valuable knowledge for cybersecurity roles. These are the modules that will be provided in the course: 1. Introduction to Ethical Hacking & Cyber Security 2. Networking Fundamentals 3. Basics on Linux 4. Information Gathering 5. Wi-Fi Hacking 6. Android Hacking 7. HackLab Setup 8. Nmap and Metasploit 9. System Hacking 10. Man In The Middle Attack 11. Cryptography 12. Google Hacking Database(GHDB) or Google Dorking 13. Steganography 14. Burp Suite 15. Content and Sub-Domain Discovery 16. Web Application Hacking This will further help you Explore core concepts such as SOC (Security Operations Center), VAPT (Vulnerability Assessment and Penetration Testing), and other cybersecurity concepts that will further enhance your understanding and expertise in cybersecurity. we are providing courses in 3 different modes: 1. offline (weekdays/weekends) 2. online 3. self-paced. To join the course and further queries +91 8618710868 contact@razzsecurity.com Follow Razz Security Academy for updates on jobs. ( Note: Kindly join on both apps and new job updates will be there ) Discord group: https://lnkd.in/gmV6UmsX Whatsapp group: https://lnkd.in/gzvWmVqk VAPT Jobs, SOC Analyst (ICSA), CyberSecurity Jobs, SIEM & SOC CyberSecurity Jobs, Cybersecurity Jobs , CSOC Analyst - Cyber Security Operations Center , Splunk Security Operations Center Analyst QRadar Security Operations Center Analyst SOCAnalyst Penetration Testing Penetration Tester (ICPT) Penetration Tester Redfox Security - Penetration Testing Services #jobsearch #cybersecurityjobs #jobhiring #hiring #jobalert #jobforfresher #Discord #community #securityanalyst #socanalyst #cybersecurityanalyst #applicationsecurityengineer #networksecurityengineer #vulnerabilityassessment #penetrationtesting

Hi everyone. Here is my writeup about Block, a new (2d) medium room on TryHackMe: https://lnkd.in/dQbeZiKp #TryHackMe #Wireshark #NTLM #Windows #CyberSecurity #Pentesting #pypykatz #NTLM #Cracking #Forensics

A critical security vulnerability in the Rust standard library (CVE-2024-24576) has been identified, posing a significant threat to Windows systems by enabling command injection attacks. Full post: https://lnkd.in/dCUfaUV4 #rust #vulnerability #windows #commandinjection #shell #hacking #informationsecurity #infosec

I've been experimenting with malware and offensive tooling for a while now, but I thought I'd do something a bit different by developing my own C2 server from scratch. Right now, it's a basic setup where the server sends commands to the client (or beacon), executes them, and relays the output back. Honestly, it hasn’t been bad so far. It works, and the code is quite clean (I could do with making it a bit easier to understand though).  My next objective is to handle sequential commands effectively—ensuring the server can maintain the session state across multiple commands (e.g., running cd .. and then dir while persisting the working directory context between executions). I'm sure I'll fix it eventually; I just need to give it a proper look! Excited to push this project further! 🔧👨💻 Here is the code: https://lnkd.in/e6iSs5Ch #cybersecurity #redteam #C2Server #malwaredev #infosec #programming #learning