CVE-2021-20595: Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems https://www.aon.com/cyber-solutions/aon_cyber_labs/cve-2021-20595-unauthenticated-xxe-in-multiple-mitsubishi-electric-air-conditioner-control-systems/
Aon
CVE-2021-20595: Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems | Aon
Aon’s Cyber Solutions discovered a security vulnerability affecting over 20 Mitsubishi Electric Air Conditioner Control Systems leading to information disclosure and/or denial of service via unauthenticated XML External Entity Injection (XXE). For a complete…
Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers https://threatresearch.ext.hp.com/the-many-skins-of-snake-keylogger/
HP Wolf Security
Snake Keylogger's Many Skins: Analysing Code Reuse Among Infostealers | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Snake Keylogger's Many Skins: Analysing Code Reuse Among Infostealers, to learn more about cyber threats and cyber security.
Reverse Engineering the M6 Smart Fitness Bracelet https://rbaron.net/blog/2021/07/06/Reverse-engineering-the-M6-smart-fitness-band.html
rbaron.net
Reverse Engineering the M6 Smart Fitness Bracelet
A blog post on hacking the $6 M6 fitness tracker.
Adding a native sniffer to your implants: decomposing and recomposing PktMon https://adepts.of0x.cc/pktmon-dissection/
Adding a native sniffer to your implants: decomposing and recomposing PktMon |
Adding a native sniffer to your implants: decomposing and recomposing PktMon | AdeptsOf0xCC
Disecting PktMon.exe utility and building our own sniffer based on it
Microsoft Teams user enumeration
https://www.immunit.ch/blog/2021/07/05/microsoft-teams-user-enumeration/
https://www.immunit.ch/blog/2021/07/05/microsoft-teams-user-enumeration/
Hancitor Making Use of Cookies to Prevent URL Scraping https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hancitor-making-use-of-cookies-to-prevent-url-scraping/
McAfee Blog
Hancitor Making Use of Cookies to Prevent URL Scraping | McAfee Blog
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats get taken down, such as the
Alan Framework: post-exploitation framework https://securityonline.info/alan-framework-post-exploitation-framework/
good post >> High School Student to InfoSec Pro: An Old College Try https://cradersecurity.com/articles/high-school-to-infosec-pro-part-1/
Crader Security
High School Student to InfoSec Pro: An Old College Try
How to tell if a career in Information Security is right for you. A multi-part series detailing how to land your first position in the security field.
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits https://securityaffairs.co/wordpress/119845/cyber-crime/hacker-zero-day.html
Security Affairs
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits
A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members.
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/
Darknet - Hacking Tools, Hacker News & Cyber Security
LibInjection - Detect SQL Injection (SQLi) and XSS
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Tracking Cobalt Strike: A Trend Micro Vision One Investigation https://www.trendmicro.com/en_us/research/21/g/tracking_cobalt_strike_a_vision_one_investigation.html
Trend Micro
Tracking Cobalt Strike: A Trend Micro Vision One Investigation
Sneaky Malware Reconfigures Hive OS Wallet for Profit https://securehoney.net/blog/sneaky-malware-reconfigures-hive-os-wallet-for-profit.html
Secure Honey
Sneaky Malware Reconfigures Hive OS Wallet for Profit | Secure Honey
I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.
Conti Unpacked | Understanding Ransomware Development As a Response to Detection https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
PRINTNIGHTMARE NETWORK ANALYSIS https://labs.jumpsec.com/printnightmare-network-analysis/
JUMPSEC Labs
PRINTNIGHTMARE NETWORK ANALYSIS
DNSStager: hide and transfer your payload using DNS https://securityonline.info/dnsstager-hide-and-transfer-your-payload-using-dns/
Cybersecurity News
DNSStager v1.0 releases: hide and transfer your payload using DNS
DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html
Playing with PrintNightmare https://0xdf.gitlab.io/2021/07/08/playing-with-printnightmare.html
0xdf hacks stuff
Playing with PrintNightmare
CVE-2021-34527, or PrintNightmare, is a vulnerability in the Windows Print Spooler that allows for a low priv user to escalate to administrator on a local box or on a remote server. This is especially bad because it is not uncommon for Domain Controllers…
Page Tables, VAD and PEB https://resources.infosecinstitute.com/topic/finding-enumerating-processes-within-memory-part-2/
Infosec Resources
Page tables, VAD and PEB | Infosec Resources
In this part of the series, we will understand how the process can be enumerated within memory. Just as a refresher in part 1 of this series we had a look