git-vuln-finder v1.3 released - a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability.
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
Release git-vuln-finder v1.3 released - bug fixes release Β· cve-search/git-vuln-finder
git-vuln-finder v1.3 released - bug fixes released.
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
Cronos: PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners - leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - Idov31/Cronos: PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners. - Idov31/Cronos
π1
List of Free Cybersecurity Services and Tools curated by CISA
https://www.cisa.gov/free-cybersecurity-services-and-tools
π£apes_2gether_strong
π@malwr
https://www.cisa.gov/free-cybersecurity-services-and-tools
π£apes_2gether_strong
π@malwr
Cybersecurity and Infrastructure Security Agency CISA
No-Cost Cybersecurity Services & Tools | CISA
BumbleBee: Round Two - In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector to deploy Cobalt Strike and Meterpreter.
π£digicat
π@malwr
π£digicat
π@malwr
The DFIR Report
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. β¦
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV [PDF+EXPLOIT](https://github.com/Wh04m1001/ZoneAlarmEoP)
π£soupcreamychicken
π@malwr
π£soupcreamychicken
π@malwr
GitHub
GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV - GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Microsoft Shift F10 bypass + Autopilot privilege escalation
π£k4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
π€Bl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
π€HankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
π€Pl4nty
π@malwr
π£k4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
π€Bl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
π€HankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
π€Pl4nty
π@malwr
K4M1Ll0
Shift F10 bypass and Autopilot privilege escalation - Microsoft
Shift + F10 bypass and privilege escalation
π1
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger (OALABS Tutorial)
π£herrcore
π@malwr
π£herrcore
π@malwr
YouTube
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger [ Patreon Unlocked ]
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httβ¦
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httβ¦
Poseidonβs Offspring: Charybdis and Scylla - The attacks target a number of advertising SDKs within apps available via both Googleβs Play Store and Appleβs App Store.
π£digicat
π@malwr
π£digicat
π@malwr
HUMAN Security
Poseidonβs Offspring: Charybdis and Scylla - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.
Tips and tricks for reversing foreign architecture games
π£jeandrew
Um, no, the 6809 is not the same as m68k. The latter is the later 68000 series.
π€ohmantics
π@malwr
π£jeandrew
Um, no, the 6809 is not the same as m68k. The latter is the later 68000 series.
π€ohmantics
π@malwr
mahaloz.re
Tips and tricks for reversing foreign architecture games
Some common techniques used while reversing unknown architectures seen through the lens of an 80's game hacking challenge from 0CTF22
Hardware encrypted usb suggestions??
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
π£dfzachary
Iβve used Aegis and SiForce. I much prefer the latter as they are more reliable and less prone to disconnection due to power consumption issues.
π€ucfmsdf
Apricorn Aegis Padlock drives are the best!
π€no_sushi_4_u
π@malwr
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
π£dfzachary
Iβve used Aegis and SiForce. I much prefer the latter as they are more reliable and less prone to disconnection due to power consumption issues.
π€ucfmsdf
Apricorn Aegis Padlock drives are the best!
π€no_sushi_4_u
π@malwr
reddit
Hardware encrypted usb suggestions??
What products are we using for hardware encrypted drives to move data around and store forensic data securely?
Whatβs In A Bit β Designing, Using And Reverse-engineering Binary File Formats - Peter Bindels
π£mttd
π@malwr
π£mttd
π@malwr
YouTube
Whatβs In A Bit β Designing, Using And Reverse-engineering Binary File Formats - Peter Bindels
C++ on Sea Website: https://cpponsea.uk/
C++ on Sea Twitter: https://twitter.com/cpponsea
---
Whatβs in a Bit β Peter Bindels - C++ on Sea 2022
Slides: https://github.com/philsquared/cpponsea-slides/tree/master/2022
Ever tried to create a .COM program byβ¦
C++ on Sea Twitter: https://twitter.com/cpponsea
---
Whatβs in a Bit β Peter Bindels - C++ on Sea 2022
Slides: https://github.com/philsquared/cpponsea-slides/tree/master/2022
Ever tried to create a .COM program byβ¦