#Offensive_security
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
#tools
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
GitHub
GitHub - redballoonsecurity/ofrak: OFRAK: unpack, modify, and repack binaries.
OFRAK: unpack, modify, and repack binaries. Contribute to redballoonsecurity/ofrak development by creating an account on GitHub.
#exploit
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
jhftss.github.io
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue.…
#Malware_analysis
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
Securelist
BlueNoroff introduces new methods bypassing MoTW
We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.
#reversing
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
objective-see.org
L’art de l’évasion
How Shlayer hides its configuration inside Apple proprietary DMG files
Malware_det_DL (1).pdf
4.1 MB
#Research
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
#𝑆𝑀𝑇𝑃𝑆 🟢🔥
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
❤1
Free WHM 🔟✔️
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
Россияне в третьем квартале текущего года вывели в другие страны рекордные 1,47 трлн рублей. Это почти в три раза больше, чем в первом и втором кварталах, и в 26 раз больше, чем в третьем квартале 2021 года.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Forwarded from Cyber security intelligent program
This media is not supported in your browser
VIEW IN TELEGRAM
❤1
#Cloud_Security
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
SANS Internet Storm Center
Playing with Powershell and JSON (and Amazon and Firewalls)
Playing with Powershell and JSON (and Amazon and Firewalls), Author: Rob VandenBrink
#exploit
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
#Malware_analysis
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
#Threat_Research
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation
#Offensive_security
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
Spice up your persistence: loading PHP extensions from memory |
Spice up your persistence: loading PHP extensions from memory | AdeptsOf0xCC
Load shared object (PHP extension) from memory
#Tech_book
#Hardware_Security
"A Noob's Guide To ARM Exploitation", 2022.
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation
#Hardware_Security
"A Noob's Guide To ARM Exploitation", 2022.
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation
ad2001.gitbook.io
About the book | A Noob's Guide To ARM Exploitation
#Malware_analysis
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
An advanced malware downloader named GuLoader has recently been exposed by cybersecurity researchers at CrowdStrike. This advanced downloader has the capability to evade the detection of security software by adopting a variety of techniques.