VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass #VMware #Pentesting #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
Try these to check bugs in PDF uploads:-
https://github.com/luigigubello/PayloadsAllThePDFs
π£ManasH4rsh
π@malwr
https://github.com/luigigubello/PayloadsAllThePDFs
π£ManasH4rsh
π@malwr
GitHub
GitHub - luigigubello/PayloadsAllThePDFs: PDF Files for Pentesting
PDF Files for Pentesting. Contribute to luigigubello/PayloadsAllThePDFs development by creating an account on GitHub.
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
π£nangaparbat
This is why I come to the sub. Thanks for posting!
π€One-Fan7214
> Due to the way cellular networks are designed, it is difficult to prevent Delivery Reports from being returned to the originator making it challenging to thwart this covert attack without making fundamental changes to the network architecture.
Bollocks. Our network blocks them by default. Source: guy that built it.
EDIT: And furthermore, enabling SMS Home Routing in non-Transparent mode will protect against timing attacks since the target's home SMS-R will respond to the incoming SRI-SM and FSM messages immediately no matter where the subscriber is located. It will also foil the delivery receipt by lying and reporting successful delivery regardless.
π€ExParrot1337
before you all freak out, the accuracy is pretty good but at the granularity of countries. Still a problem in many circumstances.
π€vjeuss
π@malwr
π£nangaparbat
This is why I come to the sub. Thanks for posting!
π€One-Fan7214
> Due to the way cellular networks are designed, it is difficult to prevent Delivery Reports from being returned to the originator making it challenging to thwart this covert attack without making fundamental changes to the network architecture.
Bollocks. Our network blocks them by default. Source: guy that built it.
EDIT: And furthermore, enabling SMS Home Routing in non-Transparent mode will protect against timing attacks since the target's home SMS-R will respond to the incoming SRI-SM and FSM messages immediately no matter where the subscriber is located. It will also foil the delivery receipt by lying and reporting successful delivery regardless.
π€ExParrot1337
before you all freak out, the accuracy is pretty good but at the granularity of countries. Still a problem in many circumstances.
π€vjeuss
π@malwr
Driver-Based Privilege Escalation and How to Catch This Threat
In this video, I show a driver-based privilege escalation. This can be used to stop protected processes or do other actions requiring kernel access. I will also show you how to detect this using the loldrivers.io feed MISP and Elastic SIEM.
Driver Installation Privilege Escalation and Detection
π£Infosecsamurai
π@malwr
In this video, I show a driver-based privilege escalation. This can be used to stop protected processes or do other actions requiring kernel access. I will also show you how to detect this using the loldrivers.io feed MISP and Elastic SIEM.
Driver Installation Privilege Escalation and Detection
π£Infosecsamurai
π@malwr
YouTube
Stolen Signed Drivers: The Privilege Escalation Threat You Need To Know About.
In this enlightening video, we dive deep into the realm of privilege escalation, uncovering the hidden dangers associated with stolen signed drivers. Join us as we explore the powerful toolsβMISP, Elastic SIEM, and loldrivers.ioβthat can help you detect andβ¦
Analysis of CVE-2023-29336 Win32k Privilege Escalation
π£wolfcod
Great thanks! Needs to be more of this stuff, would love to learn more about taking a CVE/Patch Tuesday vulnerability to a PoC. Not much around about it, obviously because it's fairly difficult.
π€jahwni
π@malwr
π£wolfcod
Great thanks! Needs to be more of this stuff, would love to learn more about taking a CVE/Patch Tuesday vulnerability to a PoC. Not much around about it, obviously because it's fairly difficult.
π€jahwni
π@malwr
Numen
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
Ghidra 10.3.1 released!
π£ryanmkurtz
Fun fact, if you use Windows 10's built-in LZX compression, you can reduce the program size down from 981MB to 371MB. It's absurd.
π€Dwedit
π@malwr
π£ryanmkurtz
Fun fact, if you use Windows 10's built-in LZX compression, you can reduce the program size down from 981MB to 371MB. It's absurd.
π€Dwedit
π@malwr
GitHub
Release Ghidra 10.3.1 Β· NationalSecurityAgency/ghidra
What's New
Change History
Installation Guide
SHA-256: 0413b679436039cc136b950a6d8c24e80ce79da0a0a48993dfacee671b1c7974
Change History
Installation Guide
SHA-256: 0413b679436039cc136b950a6d8c24e80ce79da0a0a48993dfacee671b1c7974
Google Ads: An effective phishing delivery mechanism for over a decade.
π£Seaerkin2
They got me the other day through sponsored search results. Fake Amazon game link. At least I had 2fa on the account. Was an annoying hour or so while the scammers kept hammering the account.
π€routerg0d
Dang. Glad I use an ad blocker routinely now. :O
π€alvarkresh
Iβve seen drive by malware attacks served up by ad networks more than once.
π€vabello
π@malwr
π£Seaerkin2
They got me the other day through sponsored search results. Fake Amazon game link. At least I had 2fa on the account. Was an annoying hour or so while the scammers kept hammering the account.
π€routerg0d
Dang. Glad I use an ad blocker routinely now. :O
π€alvarkresh
Iβve seen drive by malware attacks served up by ad networks more than once.
π€vabello
π@malwr
Guardyourdomain
DomainGuard | Threat Visibility Platform
We guard your domain, so you have peace of mind. Threat Visibility Platform.
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
π£wolfcod
π@malwr
π£wolfcod
π@malwr
Eclecticiq
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
EclecticIQ researchers identified a malicious web server very likely operated by a Chinese threat actor used to target Taiwanese government entities.
Reverse Engineering Terminator aka Zemana AntiMalware Driver to achieve LPE - VoidSec
π£Void_Sec
π@malwr
π£Void_Sec
π@malwr
VoidSec
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver - VoidSec
Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write.
Can we use large language models (LLMs) with IDA? Let's cover ChatGPT, Bard, the Gepetto plugin and the upcoming ask_ida plugin! https://youtu.be/bK80Bt9uRvo
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
LLMs, ChatGPT, Bard, Gepetto and ask_ida!
In this video we show how you can use tools like ChatGPT or Bard to increase our reverse engineering productivity.
We then mention the Gepetto IDA plugin (by JusticeRage) that uses the OpenAI API to explain functions and rename local variables in the pseudoβ¦
We then mention the Gepetto IDA plugin (by JusticeRage) that uses the OpenAI API to explain functions and rename local variables in the pseudoβ¦
Team Cymru's S2 Research Team present a short update report providing insight into the operation of Vidar, demonstrating the evolution of its management infrastructure and evidence of steps taken by the threat actors to potentially cover their tracks. https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase http://www.kitploit.com/2023/06/forensia-anti-forensics-tool-for-red.html
π£Dinosn
π@malwr
π£Dinosn
π@malwr
KitPloit - PenTest & Hacking Tools
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
List of awesome reverse engineering resources
https://github.com/wtsxDev/reverse-engineering
π£Dinosn
π@malwr
https://github.com/wtsxDev/reverse-engineering
π£Dinosn
π@malwr
GitHub
GitHub - wtsxDev/reverse-engineering: List of awesome reverse engineering resources
List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.
Excellent blog post on reverse engineering and pwning a Google Home Mini smart speaker.
A must read for anyone interested in embedded device security and vulnerability research.
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
#iot #embedded #infosec #cybersecurity
π£0xor0ne
π@malwr
A must read for anyone interested in embedded device security and vulnerability research.
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
#iot #embedded #infosec #cybersecurity
π£0xor0ne
π@malwr
"Run in Sandbox: a quick way to run/extract files in Windows Sandbox from a right-click":
https://github.com/damienvanrobaeys/Run-in-Sandbox
π£VessOnSecurity
π@malwr
https://github.com/damienvanrobaeys/Run-in-Sandbox
π£VessOnSecurity
π@malwr
GitHub
GitHub - damienvanrobaeys/Run-in-Sandbox: Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandboxβ¦
Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandbox very quickly just from a right-click - damienvanrobaeys/Run-in-Sandbox
π2