A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
👍1
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
🔥3
Windows Wi-Fi Driver #RCE Vulnerability - CVE-2024-30078 - Crowdfense
https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
Crowdfense
Windows Wi-Fi Driver RCE Vulnerability - CVE-2024-30078 - Crowdfense
Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.
Infiltrax - post-exploitation tool to capture screenshots, retrieve clipboard contents, log keystrokes, and install AnyDesk for persistent remote access
https://github.com/alexdhital/Infiltrax
https://github.com/alexdhital/Infiltrax
GitHub
GitHub - alexdhital/Infiltrax: Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed…
Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyD...
🔥2
Exploiting CI / CD Pipelines for fun and profit
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/
👍2
How to intercepting #Android at runtime on non-rooted devices using frida-gadget
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
Stavro's Android Blog
Intercepting Android on runtime on non-rooted devices
Interestingly enough, Frida tool has its place on non-rooted devices as well. It can be used directly or with the help of another tool called Objection...
👍3
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…
Kali Linux 2024.3 Release (Multiple transitions) | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2024-3-release/
https://www.kali.org/blog/kali-linux-2024-3-release/
Kali Linux
Kali Linux 2024.3 Release (Multiple transitions)
With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm…
Android Bytecode Exploitation
Introduction (Part 1): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_0/
Fundamentals (Part 2): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_1/
Bytecode Injection (Part 3): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_2/
Bytecode Reuse Attack (Part 4): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_3/
Introduction (Part 1): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_0/
Fundamentals (Part 2): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_1/
Bytecode Injection (Part 3): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_2/
Bytecode Reuse Attack (Part 4): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_3/
lolcads tech blog
Introduction to Android Bytecode Exploitation (Part 1)
Introduction to Android Bytecode Exploitation (Part 1) Android resides among the most popular operating systems for mobile devices, which causes Android to also be among the most popular targets for exploitation. While Android is frequently updated to fix…
👍3
Veeam Backup & Response — RCE (CVE-2024-40711)
A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions 12.1.2.172 and earlier.
Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
Source:
https://github.com/watchtowrlabs/CVE-2024-40711
A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions 12.1.2.172 and earlier.
Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
Source:
https://github.com/watchtowrlabs/CVE-2024-40711
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…
👍2🔥1🤨1
Using AI-assisted decompilation of Radare2
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
Medium
Using AI-assisted decompilation of Radare2
A few months ago, Radare2 (aka r2), an open source disassembler which can be entirely used by command line, started implementing AI plugins…
👍1
Exploiting Android Client WebViews with Help from HSTS
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Blogspot
Exploiting Android Client WebViews with Help from HSTS
TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...
🔥2
Splinter: New Post-Exploitation Red Team Tool
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
Unit 42
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation…
👍3
#AI has potential to automate threat detection, transform cybersecurity
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
SiliconANGLE
AI has potential to automate threat detection, transform cybersecurity
The fanfare around artificial intelligence may be dying down but according to security experts, its impact on defense strategy, red teaming and other aspects of cybersecurity could be long lasting.
🔥3
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
Alfie CG
A step-by-step guide to writing an iOS kernel exploit
Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM
👍2
ATTACKING UNIX SYSTEMS VIA CUPS, PART I
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
evilsocket
Attacking UNIX Systems via CUPS, Part I
🔥3
How hackers can exploit Wi-Fi Captive Portals to distribute Android malware all from a smartphone using WifiPumpkin on NetHunter
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
Mobile Hacker
WiFiPumpkin3 integrated into NetHunter: Powerful Duo allows malware distribution via Captive Portal Mobile Hacker
WiFiPumpkin3 is a powerful framework designed for rogue access point attacks and network security testing. It allows security researchers, and red teamers to create fake Wi-Fi networks, custom captive portals, intercept traffic, and deploy phishing attacks.…
👍1🔥1
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
ProjectDiscovery
Zimbra - Remote Command Execution (CVE-2024-45519) — ProjectDiscovery Blog
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute…
👍2