๐จ CVE-2022-34502
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
๐@cveNotify
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
๐@cveNotify
GitHub
heap-buffer-overflow in WASM name handling after 5.7.0 release ยท Issue #20336 ยท radareorg/radare2
Environment Mon Jun 20 03:01:00 PM CST 2022 radare2 5.7.0 28296 @ linux-x86-64 git.5.7.0 commit: 09569c1d5c324df7f23bdc9ad864ac1c25925745 build: 2022-06-20__11:48:07 Linux x86_64 Description After ...
IDA Pro 8.0 released!
โน๏ธ Golang 1.18
โน๏ธ iOS 16 dyld shared cache support
โน๏ธ ARC decompiler
โน๏ธ Better firmware analysis
โน๏ธ FLAIR pattern generator (makepat)
https://hex-rays.com/products/ida/news/8_0/
๐@cveNotify
โน๏ธ Golang 1.18
โน๏ธ iOS 16 dyld shared cache support
โน๏ธ ARC decompiler
โน๏ธ Better firmware analysis
โน๏ธ FLAIR pattern generator (makepat)
https://hex-rays.com/products/ida/news/8_0/
๐@cveNotify
Hex-Rays
IDA 8.0 | Hex-Rays Docs
๐คฎ4๐3
How does AV know when a process is malicious if it doesnt have a known hash?
๐ฃDiesl
All AVs have a database of known malicious code and extensions. If the hash is unrecognized it may get quarantined.
๐คlatnGemin616
๐@malwr
๐ฃDiesl
All AVs have a database of known malicious code and extensions. If the hash is unrecognized it may get quarantined.
๐คlatnGemin616
๐@malwr
Culbert Report
How AV Hooks NTDLL
How Does AV Know? Have you ever wondered how AV knows what that the application youโre trying to run is malicious when it doesnโt have a known signature? NTDLL is the answer.
๐1
Image displays its own MD5 hash
๐ฃASIC_SP
Absolute noob question incoming... What are some practical uses for this?
๐คWhatArghThose
There's a mathematical function (maybe in parametric form) whose graph is the "picture of the algebraic equation" of the function itself. I can't find it right now. [not exactly correct, see below\]
EDIT:
Tupper's self-referential formula:
https://en.wikipedia.org/wiki/Tupper%27s_self-referential_formula
๐คAcrobatic-Cause-4925
See also: This PDF is an NES ROM that prints its own MD5 hash!
๐คcbarrick
๐@malwr
๐ฃASIC_SP
Absolute noob question incoming... What are some practical uses for this?
๐คWhatArghThose
There's a mathematical function (maybe in parametric form) whose graph is the "picture of the algebraic equation" of the function itself. I can't find it right now. [not exactly correct, see below\]
EDIT:
Tupper's self-referential formula:
https://en.wikipedia.org/wiki/Tupper%27s_self-referential_formula
๐คAcrobatic-Cause-4925
See also: This PDF is an NES ROM that prints its own MD5 hash!
๐คcbarrick
๐@malwr
๐1
Downrange: A Survey of Chinaโs Cyber Ranges - Center for Security and Emerging Technology
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Center for Security and Emerging Technology
Downrange: A Survey of Chinaโs Cyber Ranges | Center for Security and Emerging Technology
China is rapidly building cyber ranges that allow cybersecurity teams to test new tools, practice attack and defense, and evaluate the cybersecurity of a particular product or service. The presence of these facilities suggests a concerted effort on the partโฆ
git-vuln-finder v1.3 released - a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
Release git-vuln-finder v1.3 released - bug fixes release ยท cve-search/git-vuln-finder
git-vuln-finder v1.3 released - bug fixes released.
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
Cronos: PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners - leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - Idov31/Cronos: PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners. - Idov31/Cronos
๐1
List of Free Cybersecurity Services and Tools curated by CISA
https://www.cisa.gov/free-cybersecurity-services-and-tools
๐ฃapes_2gether_strong
๐@malwr
https://www.cisa.gov/free-cybersecurity-services-and-tools
๐ฃapes_2gether_strong
๐@malwr
Cybersecurity and Infrastructure Security Agency CISA
No-Cost Cybersecurity Services & Tools | CISA
BumbleBee: Round Two - In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector to deploy Cobalt Strike and Meterpreter.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
The DFIR Report
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. โฆ
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV [PDF+EXPLOIT](https://github.com/Wh04m1001/ZoneAlarmEoP)
๐ฃsoupcreamychicken
๐@malwr
๐ฃsoupcreamychicken
๐@malwr
GitHub
GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV - GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Microsoft Shift F10 bypass + Autopilot privilege escalation
๐ฃk4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
๐คBl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
๐คHankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
๐คPl4nty
๐@malwr
๐ฃk4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
๐คBl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
๐คHankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
๐คPl4nty
๐@malwr
K4M1Ll0
Shift F10 bypass and Autopilot privilege escalation - Microsoft
Shift + F10 bypass and privilege escalation
๐1