Top 16 Active Directory Vulnerabilities
π£dmchell
Bookmarking for later thanks
π€minecrater1
Nice!
π€biglib
π@malwr
π£dmchell
Bookmarking for later thanks
π€minecrater1
Nice!
π€biglib
π@malwr
InfosecMatter
Top 16 Active Directory Vulnerabilities - InfosecMatter
Practical steps on how to pentest Active Directory environments using a list of most common AD vulnerabilities. Tools and command examples for testing and exploitation of AD vulnerabilities.
Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
π£digicat
Iβm a simple man. I see root cause I upvote.
Wish more problems were discussed like that. Understanding problems os the key to not repeating them.
π€nkrgovic
Interesting read. This one was bad.
π€hazmatte
π@malwr
π£digicat
Iβm a simple man. I see root cause I upvote.
Wish more problems were discussed like that. Understanding problems os the key to not repeating them.
π€nkrgovic
Interesting read. This one was bad.
π€hazmatte
π@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
What are some good books for malware analysis?
I was thinking of buying both practical malware analysis and malware data science but, practical malware analysis came out 2012 and I is probably outdated.
Is there any other book you would recommend? Or should I just go with the two I have in my mind?
π£Enes_24
People tend to have the impression that books about security date quickly; in general this is not true.
Practical Malware Analysis and Malware Analyst's Cookbook are still quite useful. I might suggest The Art of Memory Forensics too.
π€thatwasntme806
The Malware Forensics Field Guide for Linux Systems (2014) is still a good read, covering a lot of what's out there. I think Windows has gotten significantly more complex in the interim since its publication, so you'll want something more current for Windows Malware.
π€Borne2Run
Not a book but checkout the malwareunicorn workshops. The Reverse Engineering 101 is a good place to start.
https://malwareunicorn.org/#/workshops
π€wonka_fans_only
π@malwr
I was thinking of buying both practical malware analysis and malware data science but, practical malware analysis came out 2012 and I is probably outdated.
Is there any other book you would recommend? Or should I just go with the two I have in my mind?
π£Enes_24
People tend to have the impression that books about security date quickly; in general this is not true.
Practical Malware Analysis and Malware Analyst's Cookbook are still quite useful. I might suggest The Art of Memory Forensics too.
π€thatwasntme806
The Malware Forensics Field Guide for Linux Systems (2014) is still a good read, covering a lot of what's out there. I think Windows has gotten significantly more complex in the interim since its publication, so you'll want something more current for Windows Malware.
π€Borne2Run
Not a book but checkout the malwareunicorn workshops. The Reverse Engineering 101 is a good place to start.
https://malwareunicorn.org/#/workshops
π€wonka_fans_only
π@malwr
reddit
What are some good books for malware analysis?
I was thinking of buying both practical malware analysis and malware data science but, practical malware analysis came out 2012 and I is probably...
Code analysis of CryCryptor Ransomware and its vulnerability that allowed to create a decryption tool
π£barakadua131
π@malwr
π£barakadua131
π@malwr
YouTube
Analysis of CryCryptor Android Ransomware and how I created decryptor | fake COVID-19 tracing app
Code and vulnerability analysis of CryCryptor Android Ransomware that was distributed via malicious websites as COVID-19 Tracing app in Canada.
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canadaβ¦
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canadaβ¦
ExAllocatePoolZero
π£FastInvite2k2
> you can see that check is made for build numbers later than 18362. The problem with that is that Windows 1909 isnβt build 18362, itβs 18363.
The off-by-one error strikes again, this time in kernel mode.
π€WonderfulNinja
π@malwr
π£FastInvite2k2
> you can see that check is made for build numbers later than 18362. The problem with that is that Windows 1909 isnβt build 18362, itβs 18363.
The off-by-one error strikes again, this time in kernel mode.
π€WonderfulNinja
π@malwr
OSR
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
Update: Late in December 2020 Microsoft issued an update to the WDK/EWDK that includes mitigations for this security issue. See our blog post describing these updates. tl;dr Last week (week of 5 Juβ¦
Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI - Securityinbits
π£anuraggawande
π@malwr
π£anuraggawande
π@malwr
Securityinbits
Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI - CVE-2020-1464 - Securityinbits
This article discusses an interesting tactic (CVE-2020-1464) actively used by different Java RAT malware authors like Ratty & Adwind to distribute malicious JAR appended to signed MSI files.
LibreHealth Version 2.0.0 - Multiple High-Risk CVEs
π£breach_house
Reading through the unmerged pull requests here, surely there's a point where this many "string concatenation straight into SQL" combines with "this was fixed years ago in the other product this was forked from", a vendor that got a 30 day disclosure extended to 90 days and still hasn't merged fixes, and you've got to consider whether the product can really be salvaged.
π€disclosure5
π@malwr
π£breach_house
Reading through the unmerged pull requests here, surely there's a point where this many "string concatenation straight into SQL" combines with "this was fixed years ago in the other product this was forked from", a vendor that got a 30 day disclosure extended to 90 days and still hasn't merged fixes, and you've got to consider whether the product can really be salvaged.
π€disclosure5
π@malwr
Bishopfox
LibreHealth Version 2.0.0
Bishop Fox advisory on five vulnerabilities in LibreHealth application 2.0.0 including SQL injection, cross-site scripting and cross-site request forgery.
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
π£digicat
We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who donβt patch promptly.
π€afwaller
Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
π€OnARedditDiet
π@malwr
π£digicat
We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who donβt patch promptly.
π€afwaller
Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
π€OnARedditDiet
π@malwr
TSK/Autopsy - Web Artifacts Opera
Hello,
i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
π£guyizda
As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.
Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py
Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
π€AnalyzeAllTheLogs
Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
π€FunkeDope
π@malwr
Hello,
i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
π£guyizda
As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.
Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py
Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
π€AnalyzeAllTheLogs
Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
π€FunkeDope
π@malwr
reddit
TSK/Autopsy - Web Artifacts Opera
Hello, i was wondering why the history of the opera web browser is not detected. I know that on the web page it says Firefox, Chrome and...