{"uuid": "b287b5f2-0ebc-4832-b02b-8c07cbb67373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2859", "content": "Tools - Hackers Factory \n\nVigil\n\nFirewall/IDS Project.\n\nFeatures:\n\u25ab\ufe0f Packet capturing using the libpcap library\n\u25ab\ufe0f Basic rules for signature based attack identification\n\u25ab\ufe0f Logging\n\u25ab\ufe0f Remote login shell\n\u25ab\ufe0f Statistics\n\nhttps://github.com/raging-loon/Vigil\n\nbadkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\nhttps://github.com/badkeys/badkeys\n\nPersistBOF \n\nTool To Help Automate Common Persistence Mechanisms.\n\nA tool to help automate common persistence mechanisms. Currently supports Print Monitor (SYSTEM), Time Provider (Network Service), Start folder shortcut hijacking (User), and Junction Folder (User)\n\nhttps://github.com/IcebreakerSecurity/PersistBOF\n\n\u200bIRIS\n\nWeb collaborative platform aiming to help incident responders sharing technical details during investigations.\n\nhttps://github.com/dfir-iris/iris-web\n\n\u200b\u200bThrough the Wire\n\nThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions <= 7.13.6 LTS and <= 7.18.0 \"Latest\". This was originally a zero-day exploited in-the-wild.\n\n\u25ab\ufe0f Vendor advisory\n\u25ab\ufe0f Volexity \"in-the-wild\" write-up\n\u25ab\ufe0f Rapid7 write-up\n\nThrough the Wire implements two different exploits. The reverse shell will shell out to bash and therefore be more likely to be detected. The file reader executes from memory and is therefore unlikely to be detected. The exploits only work on Linux installs of Confluence. They could work on Windows but I'm also lazy.\n\nhttps://github.com/jbaines-r7/through_the_wire\n\nmitigate-folina\n\nMitigates the \"Folina\"-ZeroDay (CVE-2022-30190)\n\nThis script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190). If parameterized with \"-revert\" the script will reimport the key. This can be used when Microsoft releases a patch.\n\nScript must be run as administrator or NT-AUTHORITY\\SYSTEM (can be deployed via GPP as a startscript or scheduled task)\n\nhttps://github.com/derco0n/mitigate-folina\n\n\u200bFollinaScanner\n\nA tool written in Go that scans files & directories for the #Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u200bUnlicense\n\nA #Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.\n\nWarning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.\n\nFeatures:\n\u25ab\ufe0f Handles Themida/Winlicense 2.x and 3.x\n\u25ab\ufe0f Handles 32-bit and 64-bit PEs (EXEs and DLLs)\n\u25ab\ufe0f Handles 32-bit and 64-bit .NET assemblies (EXEs only)\n\u25ab\ufe0f Recovers the original entry point (OEP) automatically\n\u25ab\ufe0f Recovers the (obfuscated) import table automatically\n\nhttps://github.com/ergrelet/unlicense\n\n\u200bChainsaw\n\nRapidly Search and Hunt through Windows Event Logs\n\nChainsaw provides a powerful \u2018first-response\u2019 capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.\n\nFeatures:\nSearch and extract event log records by event IDs, string matching, and regex patterns\nHunt for threats using Sigma detection rules and custom built-in detection logic\nLightning fast, written in rust, wrapping the EVTX parser library by OBenamram\nDocument tagging (detection logic matching) provided by the TAU Engine Library\nOutput in an ASCII table format, CSV format, or JSON format\n\nhttps://github.com/Countercept/chainsaw\n\n\u200bADeleg\n\nIs an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:\n\n\u25ab\ufe0f Objects owned by users\n\u25ab\ufe0f Objects with ACEs for users\n\u25ab\ufe0f Non canonical ACL\n\u25ab\ufe0f Disabled ACL inheritance\n\u25ab\ufe0f Default ACL modified in schema\n\u25ab\ufe0f Deleted delegation trustees\n\nhttps://github.com/mtth-bfft/adeleg\n\n#cybersecurity #infosec #cybersec", "creation_timestamp": "2023-04-05T13:06:20.000000Z"}