#Threat_Research
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html
#Threat_Research
CVE-2022-27510, CVE-2022-27518 - Measuring Citrix ADC & Gateway version adoption on the Internet
https://blog.fox-it.com/2022/12/28/cve-2022-27510-cve-2022-27518-measuring-citrix-adc-gateway-version-adoption-on-the-internet
CVE-2022-27510, CVE-2022-27518 - Measuring Citrix ADC & Gateway version adoption on the Internet
https://blog.fox-it.com/2022/12/28/cve-2022-27510-cve-2022-27518-measuring-citrix-adc-gateway-version-adoption-on-the-internet
Fox-IT International blog
CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet
Authored by Yun Zheng Hu Recently, two critical vulnerabilities were reported in Citrix ADC and Citrix Gateway; where one of them was being exploited in the wild by a threat actor. Due to these vul…
#Threat_Research
1. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022
https://pytorch.org/blog/compromised-nightly-dependency
2. Google Home Vulnerability: Eavesdropping on Conversations
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html#poc-1-spy-on-victim
1. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022
https://pytorch.org/blog/compromised-nightly-dependency
2. Google Home Vulnerability: Eavesdropping on Conversations
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html#poc-1-spy-on-victim
PyTorch
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).
NASim.pdf
1.7 MB
#Threat_Research
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
Open_CyKG.pdf
1.5 MB
#Research
#Threat_Research
"Open-CyKG: An Open Cyber Threat Intelligence Knowledge Graph", 2021.
]-> https://github.com/IS5882/Open-CyKG
#Threat_Research
"Open-CyKG: An Open Cyber Threat Intelligence Knowledge Graph", 2021.
]-> https://github.com/IS5882/Open-CyKG
#Threat_Research
1. Prototype Pollution in Python
https://blog.abdulrah33m.com/prototype-pollution-in-python
2. Pre-Auth RCE in Liferay Portal CE (CVE-2019-16891)
https://y4tacker.github.io/2023/01/03/year/2023/TetCTF2023-Liferay-CVE-2019-16891-Pre-Auth-RCE
1. Prototype Pollution in Python
https://blog.abdulrah33m.com/prototype-pollution-in-python
2. Pre-Auth RCE in Liferay Portal CE (CVE-2019-16891)
https://y4tacker.github.io/2023/01/03/year/2023/TetCTF2023-Liferay-CVE-2019-16891-Pre-Auth-RCE
Abdulrah33m's Blog - Just another security researcher motivated by "why"s
Prototype Pollution in Python - Abdulrah33m's Blog
> TL;DR The main objective of this research is to prove the possibility of having a variant of Prototype Pollution in other programming languages, including those that are class-based by showing Class Pollution in Python. ⚠️ Warning: This is a topic that…
Forwarded from Deadly malware xp
#Threat_Research
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…
Forwarded from Deadly malware xp
Java_Card_Security.pdf
1.3 MB
#Threat_Research
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
Forwarded from Deadly malware xp
Text_to_SQL_Models.pdf
7.4 MB
#Threat_Research
1. RCE bug in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529
2. Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic
3. Navigating the Vast Ocean of Sandbox Evasions
https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection
1. RCE bug in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529
2. Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic
3. Navigating the Vast Ocean of Sandbox Evasions
https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.