Detection opportunity #1 for the existing CVE-2021-1675 POCs: spoolsv.exe writing (Sysmon Event 11) and deleting (Sysmon Event 23) .dll files on C:\Windows\System32\spool\drivers\x64\* #printspooler

zhiniang peng tweeted out a proof of concept exploit and explainer recently, and then quickly deleted it. This exploit and discussion…

CVE-2021-1675 Detection Info. Contribute to LaresLLC/CVE-2021-1675 development by creating an account on GitHub.

by Mitja Kolsek, the 0patch Team Update 8/11/2021: August 2021 Windows Updates brought a fix for PrintNightmare that has the same default ef...

Thanks to @_f0rgetting_ we have an explanation about why we have an Elevated Token (allowing #PrintNightmare on patched domain controllers): legacy If you remove "Authenticated users" from "Builtin\Pre-Windows 2000 Compatible Access", the original Microsoft…

Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM - ant4g0nist/ManuFuzzer

On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical security advisory for VMWare vCenter Server addressing two vulnerabilities. One of them was a remote code execution (RCE) in the vSphere Client (CVE-2021-21985) that exists due…

Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on

The use of novel disk image files to encapsulate malware distributed via spam has been a theme that we have highlighted over the past couple of years. As anticipated, we have seen more disk image file formats being used, in addition to .ISO, .IMG, and .DAA…

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent - irsl/gcp-dhcp-takeover-code-exec

A classic buffer overflow challenge

The creators of Meow hash made security claims; we break them all.

In the chapter on "Mutation-Based Fuzzing", we have seen how to use extra hints – such as sample input files – to speed up test generation. In this chapter, we take this idea one step further, by providing a specification of the legal inputs to a program.…

What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?

Overview of Crackonosh Malware

This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means

In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.

By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was discovered by Mark Vincent Yason, who reported it to the Zero Day Initiative…

FRIDA-DEXDump support fuzzy search broken header dex, fix struct data of dex-header, compatible with all android version(frida supported).