Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Jamf
Jamf Threat Labs | Blog
CVE-2021-22555: Turning \x00\x00 into 10000$ https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
security-research
CVE-2021-22555: Turning \x00\x00 into 10000$
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492) https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
Synacktiv
Exploitation of a double free vulnerability in Ubuntu shiftfs driver
How the Kaseya VSA Zero Day Exploit Worked https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit/
Truesec
How the Kaseya VSA Zero Day Exploit Worked - Trulysuper
Learn about the pre-auth remote code execution exploit against Kaseya VSA Server that was used in the mass Revil ransomware attack on July 2, 2021.
XLS Entanglement https://www.bc-security.org/post/xls-entanglement/
Introduction to Malware Analysis https://any.run/cybersecurity-blog/introduction-to-malware-analysis/
ANY.RUN's Cybersecurity Blog
Introduction to Malware Analysis - ANY.RUN's Cybersecurity Blog
Investigate malicious files with our guest writer. He will lead you through each step of Dridex and IcedID analysis, so you can repeat it by yourself.
How to spot and exploit postMessage vulnerablities? https://parshwa-fabaf.medium.com/how-to-spot-and-exploit-postmessage-vulnerablities-97a22dabea8a
Medium
How to spot and exploit postMessage vulnerablities?
Hey Hunters, I hope everyone is doing okay and able to use this time efficiently for self development and to self reflect. This corona…
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
Microsoft News
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a…
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1 https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
writeup for the paired Chrome sandbox escape for redpwnCTF 2021, Empires and Deserts: https://robertchen.cc/blog/2021/07/12/empires-and-deserts
robertchen.cc
Empires and Deserts
Abusing Mojo deserialization in the Chromium sandbox.
Issue 2182: XNU network stack kernel heap overflow due to out-of-bounds memmove in 6lowpan https://bugs.chromium.org/p/project-zero/issues/detail?id=2182
Aruba in Chains: Chaining Vulnerabilities for Fun and Profit https://alephsecurity.com/2021/07/15/aruba-instant/
Alephsecurity
Aruba in Chains: Chaining Vulnerabilities for Fun and Profit
Possible RCE vulnerability in mailing action using mailutils (mail-whois) https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
GitHub
Possible RCE vulnerability in mailing action using mailutils (mail-whois)
### Discovered-by
Jakub Żoczek
### Impact
Possible remote code execution vulnerability in mailing action mail-whois
### Summary
Command `mail` from mailutils package used in mail actions...
Jakub Żoczek
### Impact
Possible remote code execution vulnerability in mailing action mail-whois
### Summary
Command `mail` from mailutils package used in mail actions...
Guided tour inside WinDefender’s network inspection driver https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Quarkslab
Guided tour inside WinDefender’s network inspection driver - Quarkslab's blog
This article describes how Windows Defender implements its network inspection feature inside the kernel through the use of WFP (Windows Filtering Platform), how the device object’s security descriptor protects it from being exposed to potential vulnerabilities…
Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/
Unit 42
Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
The Gasket and MagicSocks tools were used in an attack that delivered the Mespinoza ransomware (also known as PYSA)...other tools were discovered to facilitate latter parts of the attacks.
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
Microsoft News
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining…
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
New PetitPotam attack allows take over of Windows domains https://www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/
BleepingComputer
New PetitPotam attack allows take over of Windows domains
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.
UAC bypass through Trusted Folder abuse https://redteamer.tips/uac-bypass-through-trusted-folder-abuse/