Mangle, a tool 🔧 that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
https://github.com/optiv/Mangle
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
Cyber-Attack amid Cyber-War by Russia 🇷🇺 as apparently for about 12 hours Rostelecom hijacked part of the traffic destinated to Apple 🍎
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
MANRS
For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom? - MANRS
For a little over 12 hours on 26-27 July, a network operated by Russia’s Rostelecom started announcing routes for part of Apple’s network. The effect was that Internet users in parts of the Internet trying to connect to Apple’s services may have been redirected…
Data-Leak: 4TB of proprietary data from Israel 🇮🇱 based Cellebrite (Cellebrite Mobilogy & Cellebrite TFS backup) leaked by anonymous source.
Notably, Cellebrite Mobilogy shares code with Cellebrite Universal Forensics Extraction Device or Cellebrite UFED, used by law enforcement agencies. Source: Soufiane.
Notably, Cellebrite Mobilogy shares code with Cellebrite Universal Forensics Extraction Device or Cellebrite UFED, used by law enforcement agencies. Source: Soufiane.
Zero-Day: Paracosme (CVE-2022-33318) is the zero-click remote code execution memory corruption exploit to compromise ICONICS Genesis64 on stage at Pwn2Own2022 Miami.
https://www.zerodayinitiative.com/advisories/ZDI-22-1041/
https://www.zerodayinitiative.com/advisories/ZDI-22-1041/
Zerodayinitiative
ZDI-22-1041
(Pwn2Own) ICONICS GENESIS64 genbroker64 Use-After-Free Remote Code Execution Vulnerability
Zero-Day used to access 5.4M user data from Twitter (confirmed by company).
https://hackerone.com/reports/1439026
https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html
https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/
https://hackerone.com/reports/1439026
https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html
https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/
HackerOne
X / xAI disclosed on HackerOne: Discoverability by phone...
**Summary:** By using this vulnerability an attacker can find a twitter account by it's phone number/email even if the user has prohibited this in the privacy options.
**Description:** The...
**Description:** The...
Zero-Day: 3 in-the-wild 0-days patched in the last two days:
* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen & twitter.com/0xbadcafe1 of Google TAG
* CVE-2022-32893 in Safari
* CVE-2022-32894 in iOS/macOS kernel
https://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764
* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen & twitter.com/0xbadcafe1 of Google TAG
* CVE-2022-32893 in Safari
* CVE-2022-32894 in iOS/macOS kernel
https://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764
DPRK state-sponsored actors are using cryptographically signed MacOS (Apple 🍎) executables to impersonate coinbase and lure potential jobseekers in installing their spyware.
FBI claims responsibility for taking down rf.ws (RaidForums darknet marketplace).
On 31st Jan, the owner of RF, a citizen of Portugal 🇵🇹 was detained in United Kingdom 🇬🇧
https://youtu.be/Sl9S0XZJgw0
On 31st Jan, the owner of RF, a citizen of Portugal 🇵🇹 was detained in United Kingdom 🇬🇧
https://youtu.be/Sl9S0XZJgw0
YouTube
#1 Hacker Forum: Pwned By FBI
Altium 👉 https://www.altium.com/yt/seytonic
Follow me on INSTA: https://www.instagram.com/jhonti/
0:00 Intro
0:48 The Rise Of RaidForums
3:00 'Humble' Beginnings
4:08 Omni Is Not Very Clever
5:06 Scamming The FBI
6:31 The RaidForums Honeypot
7:44 Omni…
Follow me on INSTA: https://www.instagram.com/jhonti/
0:00 Intro
0:48 The Rise Of RaidForums
3:00 'Humble' Beginnings
4:08 Omni Is Not Very Clever
5:06 Scamming The FBI
6:31 The RaidForums Honeypot
7:44 Omni…
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling.
https://portswigger.net/research/browser-powered-desync-attacks
https://portswigger.net/research/browser-powered-desync-attacks
PortSwigger Research
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib