If a website allows you to upload ZIP files it might be vulnerable to a #ZipSlip #vulnerability leading to #RCE.
Watch this explanation video from @gregxsunday on how he got $5.5k #BugBounty from GitHub & built a #CodeQL query to detect this bug:
#AppSec
https://youtu.be/F95U912u7OQ
🗣securestep9
🎖@malwr
Watch this explanation video from @gregxsunday on how he got $5.5k #BugBounty from GitHub & built a #CodeQL query to detect this bug:
#AppSec
https://youtu.be/F95U912u7OQ
🗣securestep9
🎖@malwr
YouTube
CodeQL query to detect RCE via ZipSlip - $5,500 bounty from GitHub Security Lab
📧 Subscribe to BBRE Premium: https://bbre.dev/premium
📰 Article about writing this query and more practical tips: https://members.bugbountyexplained.com/how-to-write-a-new-codeql-query-and-maximise-payout-rce-via-zipslip-query/
✉️ Sign up for the mailing…
📰 Article about writing this query and more practical tips: https://members.bugbountyexplained.com/how-to-write-a-new-codeql-query-and-maximise-payout-rce-via-zipslip-query/
✉️ Sign up for the mailing…
Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
🗣panscanner
Hey everyone - thought I would share a tool some of you may find useful. The GitHub readme has most of the information you'd want but basically it scans Windows for possible persistence mechanisms and reports on them in a CSV format (JSON soon).
The difference between this and something like PersistenceSniper is my attempt to add built-in allow-lists, risk assignments and the capability to 'snapshot' a system (such as a golden image) then use that snapshot as a dynamic runtime allow-list. Most functionality also supports 'drive-retargeting' if you are analyzing a mounted image.
Feel free to DM me/reply with any questions/comments/ideas/etc for improving it! This wouldn't exist without the amazing InfoSec community and I'm just trying to give back.
👤panscanner
🎖@malwr
🗣panscanner
Hey everyone - thought I would share a tool some of you may find useful. The GitHub readme has most of the information you'd want but basically it scans Windows for possible persistence mechanisms and reports on them in a CSV format (JSON soon).
The difference between this and something like PersistenceSniper is my attempt to add built-in allow-lists, risk assignments and the capability to 'snapshot' a system (such as a golden image) then use that snapshot as a dynamic runtime allow-list. Most functionality also supports 'drive-retargeting' if you are analyzing a mounted image.
Feel free to DM me/reply with any questions/comments/ideas/etc for improving it! This wouldn't exist without the amazing InfoSec community and I'm just trying to give back.
👤panscanner
🎖@malwr
GitHub
GitHub - joeavanzato/Trawler: PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
PowerShell script helping Incident Responders discover potential adversary persistence mechanisms. - joeavanzato/Trawler
🔥1
APC by Schnieder Easy UPS Online Monitoring Software vulnerabilities - Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
🔥1
Frida 16.0.19 is out! 🎊 We're excited to share that @bezjaje and @hsorbo solved two high-impact reliability issues 🔥
https://frida.re/news/2023/04/27/frida-16-0-19-released/
🗣fridadotre
🎖@malwr
https://frida.re/news/2023/04/27/frida-16-0-19-released/
🗣fridadotre
🎖@malwr
Frida • A world-class dynamic instrumentation toolkit
Frida 16.0.19 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Check Point researchers discuss various infection chains and lures used by APT37 in their recent attacks & the resulting payloads of ROKRAT and Amadey. The lures used are largely focused on South Korean foreign and domestic affairs. https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
❤1🔥1
Debugging with IDA: Understanding how user mode API hooks work and how to detect them in IDA.
https://youtu.be/spsRgAKv6SE
🗣allthingsida
🎖@malwr
https://youtu.be/spsRgAKv6SE
🗣allthingsida
🎖@malwr
YouTube
Debugging with IDA: Understanding and detecting API hooks
In this episode, we will do a brief introduction into API hooks (how they work), then we will show how to use IDA to detect the hooks in a live process or a crash dump file.
SentinelOne's Phil Stokes (@philofishal) takes a close look at how macOS Atomic Stealer works and describes a previously unreported second variant. https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
My colleague Elias Bachaalany (@0xeb) has kept an excellent channel about IDA Pro (@allthingsida) with videos about its advanced features. No doubts, it's worth subscribing and following it.
https://www.youtube.com/@allthingsida
#idapro #reverseengineering
🗣ale_sp_brazil
🎖@malwr
https://www.youtube.com/@allthingsida
#idapro #reverseengineering
🗣ale_sp_brazil
🎖@malwr
Binary Ninja 3.4 released. They are getting scary good at C++ decompilation. Can't wait for @vector35 to get scary-good at Go, Rust, and other compiled languages https://binary.ninja/2023/05/03/3.4-finally-freed.html
🗣OpenMalware
🎖@malwr
🗣OpenMalware
🎖@malwr
Binary Ninja
Binary Ninja - 3.4: Finally Freed
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Zero Trust Architecture (NIST Special Publication 800-207)
Download Link in PDF:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
Download Link in PDF:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
Security Researcher @BushidoToken shares an overview of the Raspberry Robin (DEV-0856/Storm-0856) USB malware campaign providing access to ransomware operators. https://blog.bushidotoken.net/2023/05/raspberry-robin-global-usb-malware.html
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
Added EA information dumping tool.
https://github.com/daem0nc0re/TangledWinExec/commit/9beabf2ea1bb465aa65421f97e76028d103cddb1
🗣daem0nc0re
🎖@malwr
https://github.com/daem0nc0re/TangledWinExec/commit/9beabf2ea1bb465aa65421f97e76028d103cddb1
🗣daem0nc0re
🎖@malwr
dracon: Security scanning orchestration and results enrichment framework - The purpose of this project is to provide a scalable and flexible framework to execute arbitrary security scanning tools on code and infrastructure while processing the results in a versatile way.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - ocurity/dracon: Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon
Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon - ocurity/dracon
Clean Rooms, Nuclear Missiles, and SideCopy, Oh My! - file is named “DRDO-K4-Missile-Clean-room.zip”.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Fortinet Blog
Clean Rooms, Nuclear Missiles, and SideCopy, Oh My! | FortiGuard Labs
The FortiGuard Labs team highlights threat actors conducting a targeted campaign that takes the time to create a lure relevant enough for the target to pursue.…
攻撃キャンペーンDangerousPasswordに関連する攻撃動向 - Attack trends related to the attack campaign DangerousPassword - continues to carry out attacks against cryptocurrency exchange operators in Japan. This attack group may contact the target from LinkedIn, so be careful when using SNS.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
JPCERT/CC Eyes
攻撃キャンペーンDangerousPasswordに関連する攻撃動向 - JPCERT/CC Eyes
JPCERT/CCは、2019年6月から継続して攻撃キャンペーンDangerou...