Bypassing DEP with gap restrictions
π£CarelessOne7933
Like it is a new technique... It's basically what everyone is doing since ever to prevent shellcode corruption
π€Void_Sec
π@malwr
π£CarelessOne7933
Like it is a new technique... It's basically what everyone is doing since ever to prevent shellcode corruption
π€Void_Sec
π@malwr
divyanshu-mehta.gitbook.io
Bypassing DEP - Increasing the Gap
This blog talks about how to use WriteProcessMemory API Call for executing shellcode in a scenario where there is very less gap between shellcode and WriteProcessMemory call skeleton
Our team from @Unit42_Intel released a blog related to 3CXDesktopApp supply chain attack. Enjoy!
https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/
#dfir #supplychainattack #Unit42
π£r3nzsec
π@malwr
https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/
#dfir #supplychainattack #Unit42
π£r3nzsec
π@malwr
#sslpinning #frida #mitm #android
New video up on YouTube showcasing the concepts of SSL pinning and how to bypass different types of SSL pinning in android.
@fridadotre @mobilesecurity_
https://youtu.be/iooYH0S2Y3o
π£SecFatal
π@malwr
New video up on YouTube showcasing the concepts of SSL pinning and how to bypass different types of SSL pinning in android.
@fridadotre @mobilesecurity_
https://youtu.be/iooYH0S2Y3o
π£SecFatal
π@malwr
YouTube
How to Bypass Multiple SSL Pinning on Android
#android #sslpinning #frida #pentest #mobilesecurity #mitm
Hey Guys, in this video i have explained about capturing the HTTPS traffic from a very well obfuscated android application. Since the app is obfuscated and using SSL Pinning even if an attacker triesβ¦
Hey Guys, in this video i have explained about capturing the HTTPS traffic from a very well obfuscated android application. Since the app is obfuscated and using SSL Pinning even if an attacker triesβ¦
https://github.com/ggerganov/kbd-audio
this tool lets you extract text from an audio recording of keyboard strokes, right now, for free
i am not making this shit up, you can potentially steal a password from an audio recording in an office
π£f4micom
π@malwr
this tool lets you extract text from an audio recording of keyboard strokes, right now, for free
i am not making this shit up, you can potentially steal a password from an audio recording in an office
π£f4micom
π@malwr
π€2
πIf you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow!π₯I'll update as soon as the analysis progresses. Stay tuned for the MacOS edition! #cybersecurity #infosec #supplychainattack #3CXpocalypse
π£fr0gger_
π@malwr
π£fr0gger_
π@malwr
π1
Proofpoint researchers have observed recent espionage-related activity by TA473 (Winter Vivern). TA473 has continuously leveraged an unpatched Zimbra vulnerability to target webmail portals of NATO-aligned governments in Europe. https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet researchers have observed several attack bursts targeting Cacti & Realtek vulnerabilities, spreading ShellBot & Moobot malware. In an article they examine the payloads of these two attacks and the resulting malware behaviour. https://www.fortinet.com/blog/threat-research/moobot-strikes-again-targeting-cacti-and-realtek-vulnerabilities
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Multiple security vendors have released articles sharing information about an ongoing campaign that trojanizes the #3CX DesktopApp in a supply chain attack:
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
π£virusbtn
Continue...π
π@malwr
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
π£virusbtn
Continue...π
π@malwr
π₯1
https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
https://blog.talosintelligence.com/3cx-softphone-supply-chain-compromise/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack
https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check-point-customers-remain-protected/
https://www.zscaler.com/security-research/coverage-advisory-3cx-supply-chain-attack-march-2023
https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
π£virusbtn
π@malwr
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
https://blog.talosintelligence.com/3cx-softphone-supply-chain-compromise/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack
https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check-point-customers-remain-protected/
https://www.zscaler.com/security-research/coverage-advisory-3cx-supply-chain-attack-march-2023
https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
π£virusbtn
π@malwr
Unit 42
Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)
This threat brief details a supply chain attack involving a software-based phone application 3CXDesktopApp that installs two malicious libraries.
π₯1
SonicWall researchers analyse a recent AsyncRAT malware variant, finding additional commands support from the C2, a clipper module, a cryptostealer module, a keylogger module, and the ability to prevent the system from going to sleep. https://securitynews.sonicwall.com/xmlpost/asyncrat-variant-includes-cryptostealer-capabilites/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Twitter has open-sourced their recommendation algorithm.
https://github.com/twitter/the-algorithm
π£vxunderground
π@malwr
https://github.com/twitter/the-algorithm
π£vxunderground
π@malwr
GitHub
GitHub - twitter/the-algorithm: Source code for the X Recommendation Algorithm
Source code for the X Recommendation Algorithm. Contribute to twitter/the-algorithm development by creating an account on GitHub.
How to avoid the aCropalypse
π£Gallus
βBuy an iPhoneβ
π€nikanjX
i thought they were all fixed already? shouldn't the answer be just "update yo shit"?
π€run_out_of_cake
I am a little confused. Does this only affect PNG? Don't most pixel phones shoot in jpg? Is that also affected?
π€digitalend
π@malwr
π£Gallus
βBuy an iPhoneβ
π€nikanjX
i thought they were all fixed already? shouldn't the answer be just "update yo shit"?
π€run_out_of_cake
I am a little confused. Does this only affect PNG? Don't most pixel phones shoot in jpg? Is that also affected?
π€digitalend
π@malwr
The Trail of Bits Blog
How to avoid the aCropalypse
The aCropalypse is upon us! Last week, news about CVE-2023-21036, nicknamed the βaCropalypse,β spread across Twitter and other media, and I quickly realized that the underlying flaw could be detected by our tool, PolyTracker. Iβll explain how PolyTrackerβ¦
β€1
Announcing Fibratus 1.10.0 - a modern Windows kernel tracing and threat detection engine
π£rabbitstack
π@malwr
π£rabbitstack
π@malwr
GitHub
Release v1.10.0 Β· rabbitstack/fibratus
Release Notes
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
π οΈ .NET malware decompiling challenges: Obfuscations of strings/constants can be tedious. Automate w/ IDA Pro's Python π interface for MSIL binary patching, even for simple cases: https://threatcat.ch/blog/undo-dotnet-constant-obfuscation-in-ida-pro/
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
YARA is for detection, analysis, IR, TI & more. Its an automation vehicle, a conduit to help you test, store your insights & *applied* to data. Its accessible & fun & can make your hard work & analyses more durable and lasting at scale.
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
GitHub
GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
Rules Shared by the Community from 100 Days of YARA 2023 - GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
π¦Reverse Engineering a Native Desktop Application (Tauri App)
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
A lot of things to learn in this series by greenluigi1 on car Infotainment system hacking
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
π₯1