{"vulnerability": "CVE-2023-23399", "sightings": [{"uuid": "5d2e8753-4551-43a6-8e63-28649f164ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23399", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2902", "content": "Tools - Hackers Factory \n\n\u200b\u200bTrawler\n\nPowerShell script to help Incident Responders discover adversary persistence mechanisms.\n\nhttps://github.com/joeavanzato/Trawler\n\n#blueteam #infosec #malware\n\n\u200b\u200bLDAP shell\n\nThis project is a fork of ldap_shell.\n\nhttps://github.com/PShlyundin/ldap_shell\n\n#infosec #pentesting #redteam\n\n\u200b\u200bGraphSense Maltego Transform\n\nQuery GraphSense clusters, details and attribution tag-packs directly in Maltego. By an initial idea of our Swiss Federal Police colleagues.\n\nhttps://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform\n\n#OSINT #recon #infosec\n\n\u200b\u200bNanoDump\n\nA flexible tool that creates a minidump of the LSASS process.\n\nhttps://github.com/fortra/nanodump\n\n#infosec #pentesting #redteam\n\n\u200b\u200bhrekt\n\nA really fast http prober.\n\nhttps://github.com/ethicalhackingplayground/hrekt\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bIPED Digital Forensic Tool\n\nIt is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.\n\nhttps://github.com/sepinf-inc/IPED\n\n#cybersecurity #infosec #forensic\n\n\u200b\u200bAbove 2.0\n\nNetwork Vulnerability Scanner by Caster\n\nAutomates the search for network vulnerabilities, designed for pentesters, Red Team operators, and network security engineers.\n\nhttps://github.com/c4s73r/Above\n\n#infosec #pentesting #redteam\n\n\u200b\u200bMoriarty Project\n\nA powerful web based phone number investigation tool. It has 6 features and it allows you to choose either all features, or the features you like. You can visit documentation page to learn more about features.\n\nhttps://github.com/AzizKpln/Moriarty-Project\n\n#OSINT #recon #infosec\n\n\u200b\u200bGhostbuster\n\nGhostbuster helps eliminate dangling AWS Elastic IPs by analyzing resources across all your accounts, including Route53 DNS records and public IPs from Network Interfaces. Detect subdomains pointing to IPs you no longer own with a complete picture of your DNS records and owned IPs.\n\nhttps://github.com/assetnote/ghostbuster\n\n#cybersecurity #infosec\n\n\u200b\u200bsubnerium\n\nA fast passive subdomain enumeration tool that uses various sources to gather data. All requests are made through yaml templates, to see more see the documentation:\n\nhttps://github.com/d3f1ne/subnerium\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2023-23399\n\nMS Excel 365 MSO 2302 Build 16.0.16130.20186 RCE\n\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399\n\n#cve #infosec #exploit\n\n\u200b\u200bmsmq_re\n\nThis is one of the vulnerabilities fixed in MSMQ.\n\nhttps://github.com/omair2084/msmq_re\n\nDetails:\nhttps://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/\n\n\u200b\u200bfaulTPM - Artifacts\n\nThis repository aims to reproduce the results of our fTPM attack without any hardware access. Where physical steps and access to real hardware would be required, we provide sample data from a Lenovo Ideapad 5 Pro 16ACH6 laptop.\n\nhttps://github.com/PSPReverse/ftpm_attack\n\n\u200b\u200bBitLocker Attacks\n\nA list of public attacks on BitLocker. Any public attack with the potential to attack BitLocker but where the exact method is still not public (like baton drop) is out of scope.\n\nhttps://github.com/Wack0/bitlocker-attacks\n\n\u200b\u200bEagleEye\n\nTo filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. \n\nhttps://github.com/whalebone7/EagleEye\n\n\u200b\u200bAIMOD2\n\nAdversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.\n\nhttps://github.com/darkquasar/AIMOD2\n\n\n\u200b\u200bAdvanced SQL Injection Cheatsheet\n\nThis repository contains a advanced methodology of all types of SQL Injection.\n\n\u2022 Find injection point\n\u2022 Understand the website behaviour\n\u2022 Send queries for enumeration\n\u2022 Understanding WAF & bypass it\n\u2022 Dump the database\n\nhttps://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-02T14:28:30.000000Z"}, {"uuid": "d2590985-ef5d-41ca-a8c5-af94af31f176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23399", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8220", "content": "#exploit\n1. CVE-2023-27322, CVE-2023-27324, CVE-2023-27325:\nBash Privileged-Mode Vulnerabilities in Parallels Desktop/CDPath Handling in MacOS\nhttps://www.zerodayinitiative.com/blog/2023/4/5/bash-privileged-mode-vulnerabilities-in-parallels-desktop-and-cdpath-handling-in-macos\n\n2. CVE-2023-23399:\nMS Excel 365 MSO 2302 Build 16.0.16130.20186 RCE\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399", "creation_timestamp": "2023-05-01T21:08:55.000000Z"}, {"uuid": "2f79416d-5d77-4ac5-9d5e-cd0a2eddf5bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23399", "type": "seen", "source": "https://t.me/cibsecurity/59999", "content": "\u203c CVE-2023-23399 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T19:23:35.000000Z"}]}