Ethical Kev

01/15/2026

Critical SQL Server Privilege‑Escalation Flaw Patched

𝗖𝗩𝗘‑2026‑20803 is a critical elevation‑of‑privilege vulnerability in Microsoft SQL Server that lets attackers bypass authentication and gain high‑level system rights over a network. The issue, rated CVSS 7.2 and classified as Important, affects SQL Server 2022 and the newly released SQL Server 2025.

Exploiting the bug requires authorized access and network connectivity, but once successful, threat actors can obtain debugging privileges, perform memory dumping, and potentially extract encrypted data or credentials stored in RAM.

Microsoft issued security updates on January 13 2026. For SQL Server 2022, apply CU22 (build 16.0.4230.2) or the RTM GDR (build 16.0.1165.1). For SQL Server 2025, install the January GDR (build 17.0.1050.2).

Although the vulnerability’s exploitability is deemed “Less Likely,” organizations should prioritize patching, especially for internet‑facing servers or systems handling sensitive data.

Microsoft also advises reviewing deployment architectures and tightening administrative access controls to reduce risk while applying the updates.

11/23/2024

07/29/2024

🔒 Violation de Données de Trello : Plus de 15 millions d'utilisateurs affectés par une récente cyberattaque ! Découvrez les détails, les implications et comment protéger vos comptes. Restez informés et sécurisés. Lisez notre article détaillé :

Plus de 15 millions d'utilisateurs affectés par une récente cyberattaque de Trello ! Découvrez les détails, les implications et comment protéger vos comptes.

07/21/2024

Mise à jour d'incident // Incident update
Mise à jour #1 // Update #1

De la part de CrowdStrike

"Le 19 juillet 2024, un problème présent dans une seule mise à jour de contenu pour le capteur CrowdStrike ® ayant un impact sur les systèmes d'exploitation a été identifié et un correctif a été déployé.

a depuis observé que des acteurs de la menace ont profité de cet événement pour distribuer une archive ZIP malveillante nommée crowdstrike-hotfix.zip. L'archive ZIP contient une charge utile qui, lorsqu'elle est exécutée, charge . Notamment, les noms de fichiers et les instructions en espagnol dans l'archive ZIP indiquent que cette campagne vise probablement les clients de CrowdStrike basés en Amérique latine (LATAM)."

Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/

A likely eCrime actor is targeting LATAM-based CrowdStrike Customers with July 19, 2024 Falcon sensor issue using filenames. Learn more.

07/20/2024

🛑 Perturbations à l'échelle mondiale : une MAJ de sur Windows provoque des pannes et des écrans bleus de la mort (BSOD). Divers secteurs économiques sont impactés.

ℹ La cause du problème est un défaut dans la mise à jour de CrowdStrike qui perturbe des entreprises du monde entier. Inde, Japon, Australie, Allemagne, Belgique, Philippines...

Aux États-Unis, des vols d'American Airlines, Delta Air Lines et United Airlines sont annulés en raison de la panne. Même chose en Australie.

L'aéroport de Sydney signale que la panne affecte également les compagnies aériennes, ce qui pourrait entraîner des retards.

Des perturbations sont également à prévoir en France, et pas uniquement dans le secteur des transports.

🛡 CrowdStrike a identifié un déploiement de contenu lié à ce problème et a annulé ces modifications (23h27 Pacific Time).

Étapes de contournement :

1 Démarrez Windows en mode sans échec ou dans l'environnement de récupération Windows

2 Accédez au répertoire C:\Windows\System32\drivers\CrowdStrike

3 Recherchez le fichier correspondant à « C-00000291*.sys » et supprimez-le.

4 Démarrez l'hôte normalement.

05/20/2024

How to avoid attacks on Web server

An organization can adopt the following policy to protect itself against web server attacks.

Patch management– this involves installing patches to help secure the server. A patch is an update that fixes a bug in the software. The patches can be applied to the operating system and the web server system.

Secure installation and configuration of the operating system

Secure installation and configuration of the web server software

Vulnerability scanning system– these include tools such as Snort, NMap, Scanner Access Now Easy (SANE)

Firewalls can be used to stop simple DoS attacks by blocking all traffic coming the identify source IP addresses of the attacker.

Antivirus software can be used to remove malicious software on the server

Disabling Remote Administration

Default accounts and unused accounts must be removed from the system

Default ports & settings (like FTP at port 21) should be changed to custom port & settings (FTP port at 5069)

05/20/2024

How to protect your Website against hacks?

An organization can adopt the following policy to protect itself against web server attacks.

SQL Injection– sanitizing and validating user parameters before submitting them to the database for processing can help reduce the chances of been attacked via SQL Injection. Database engines such as MS SQL Server, MySQL, etc. support parameters, and prepared statements. They are much safer than traditional SQL statements

Denial of Service Attacks – firewalls can be used to drop traffic from suspicious IP address if the attack is a simple DoS. Proper configuration of networks and Intrusion Detection System can also help reduce the chances of a DoS attack been successful.

Cross Site Scripting – validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values can help reduce XSS attacks.

Cookie/Session Poisoning– this can be prevented by encrypting the contents of the cookies, timing out the cookies after some time, associating the cookies with the client IP address that was used to create them.

Form tempering – this can be prevented by validating and verifying the user input before processing it.

Code Injection – this can be prevented by treating all parameters as data rather than executable code. Sanitization and Validation can be used to implement this.

Defacement – a good web application development security policy should ensure that it seals the commonly used vulnerabilities to access the web server. This can be a proper configuration of the operating system, web server software, and best security practices when developing web applications.

02/25/2024

🔒Certifié Azure Cloud Security Engineer!

Prêt à relever de nouveaux défis dans le cloud avec expertise et détermination. 🚀💻

W/ Omerta Security

01/28/2024

2️⃣0️⃣2️⃣3️⃣

01/14/2024

[𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 - 𝐏𝐄𝐍𝐓𝐄𝐒𝐓 𝐓𝐎𝐎𝐋𝐒 - 𝐔𝐏𝐃𝐀𝐓𝐄𝐃]

There are many different tools for each phase of a pentest. But how to choose?

These resources can help you:

👉 𝗟𝗜𝗦𝗧 𝗢𝗙 𝗧𝗢𝗢𝗟𝗦
🌟Check out the tools section of my Pentips on C.S by G.B.
https://lnkd.in/eaiqsf_e

🌟Pentesting Tools Database A beautiful Notion with tools ordered according to PTES Stage, Type of tools and more!
By Christian Scott and Travis DeForge
https://lnkd.in/e7YjR2ti

🌟 You know the Nmap project? Well they have a list of the top 125 Network Security Tools:
https://sectools.org/

🌟Offsec tools to know about the latest tools by Gwendal Le Coguic
https://offsec.tools/

🌟RedTeam Tools by A-poc
https://lnkd.in/e2hdDRAD

🌟arch3rPro has an amazing amount of tools listed on github and categorized
https://lnkd.in/eA988c_k

🌟Want to know how your favorite tool ranks or get a new favorite? Security Tool - Ranking
https://lnkd.in/e4nNxbWn

👉 𝗢𝗣𝗘𝗡 𝗦𝗢𝗨𝗥𝗖𝗘 𝗢𝗥 𝗙𝗥𝗘𝗘 𝗢𝗥 𝗕𝗢𝗧𝗛
🌟Drew Robb shared a Top 24 on eSecurity Planet:
https://lnkd.in/ezNgTvfF

🌟And SANS Technology Institute has a list of tools including plenty of pentest tools (page 6&7):
https://lnkd.in/eHmusQYg