CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1 https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
writeup for the paired Chrome sandbox escape for redpwnCTF 2021, Empires and Deserts: https://robertchen.cc/blog/2021/07/12/empires-and-deserts
robertchen.cc
Empires and Deserts
Abusing Mojo deserialization in the Chromium sandbox.
Issue 2182: XNU network stack kernel heap overflow due to out-of-bounds memmove in 6lowpan https://bugs.chromium.org/p/project-zero/issues/detail?id=2182
Aruba in Chains: Chaining Vulnerabilities for Fun and Profit https://alephsecurity.com/2021/07/15/aruba-instant/
Alephsecurity
Aruba in Chains: Chaining Vulnerabilities for Fun and Profit
Possible RCE vulnerability in mailing action using mailutils (mail-whois) https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
GitHub
Possible RCE vulnerability in mailing action using mailutils (mail-whois)
### Discovered-by
Jakub Żoczek
### Impact
Possible remote code execution vulnerability in mailing action mail-whois
### Summary
Command `mail` from mailutils package used in mail actions...
Jakub Żoczek
### Impact
Possible remote code execution vulnerability in mailing action mail-whois
### Summary
Command `mail` from mailutils package used in mail actions...
Guided tour inside WinDefender’s network inspection driver https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Quarkslab
Guided tour inside WinDefender’s network inspection driver - Quarkslab's blog
This article describes how Windows Defender implements its network inspection feature inside the kernel through the use of WFP (Windows Filtering Platform), how the device object’s security descriptor protects it from being exposed to potential vulnerabilities…
Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/
Unit 42
Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
The Gasket and MagicSocks tools were used in an attack that delivered the Mespinoza ransomware (also known as PYSA)...other tools were discovered to facilitate latter parts of the attacks.
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
Microsoft News
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining…
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
New PetitPotam attack allows take over of Windows domains https://www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/
BleepingComputer
New PetitPotam attack allows take over of Windows domains
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.
UAC bypass through Trusted Folder abuse https://redteamer.tips/uac-bypass-through-trusted-folder-abuse/
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html
TRIDROID - Android Application Exploitation https://fineas.github.io/FeDEX/post/tridroid.html
Windows Command-Line Obfuscation https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
www.wietzebeukema.nl
Windows Command-Line Obfuscation
Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…
CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day https://www.sentinelone.com/blog/cve-2021-3122-how-we-caught-a-threat-actor-exploiting-ncr-pos-zero-day/
SentinelOne
CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day
Read how this IR team discovered a zero day in popular Aloha Point of Sale software while engaging with a threat actor compromising a live system.
A case against security nihilism https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/
A Few Thoughts on Cryptographic Engineering
A case against security nihilism
This week a group of global newspapers is running a series of articles detailing abuses of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth re…
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
Qualys
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) | Qualys
The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root…
CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
SentinelOne
CVE-2021-3438: 16 Years In Hiding - Millions of Printers Worldwide Vulnerable - SentinelLabs
A high severity flaw in HP, Samsung and Xerox printer drivers has existed since 2005 and could lead to an escalation of privilege.