UAC bypass through Trusted Folder abuse https://redteamer.tips/uac-bypass-through-trusted-folder-abuse/
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html
TRIDROID - Android Application Exploitation https://fineas.github.io/FeDEX/post/tridroid.html
Windows Command-Line Obfuscation https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
www.wietzebeukema.nl
Windows Command-Line Obfuscation
Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…
CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day https://www.sentinelone.com/blog/cve-2021-3122-how-we-caught-a-threat-actor-exploiting-ncr-pos-zero-day/
SentinelOne
CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day
Read how this IR team discovered a zero day in popular Aloha Point of Sale software while engaging with a threat actor compromising a live system.
A case against security nihilism https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/
A Few Thoughts on Cryptographic Engineering
A case against security nihilism
This week a group of global newspapers is running a series of articles detailing abuses of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth re…
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
Qualys
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) | Qualys
The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root…
CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
SentinelOne
CVE-2021-3438: 16 Years In Hiding - Millions of Printers Worldwide Vulnerable - SentinelLabs
A high severity flaw in HP, Samsung and Xerox printer drivers has existed since 2005 and could lead to an escalation of privilege.
Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained https://thalpius.com/2021/07/16/windows-print-spooler-elevation-of-privilege-vulnerability-cve-2021-1675-explained/
Microsoft Security Blog
Microsoft Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) explained
I guess most of you heard about the Windows Print Spooler Elevation of Privilege vulnerability (CVE-2021-1675) in the last couple of weeks. It is a vulnerability that gives an attacker high privile…
Utilizing .htaccess for exploitation purposes https://blog.0xffff.info/2021/06/23/utilizing-htaccess-for-exploitation-purposes/
0xFFFF@blog:~$
Utilizing .htaccess for exploitation purposes
This is the first of a two-part series regarding uses of htaccess for exploitation purposes. I will cover some basic and somewhat well-known methods here, along with a few lesser known me…
From JavaScript to Kernel - Google CTF 2021 Quals "Full Chain" Writeup https://ptr-yudai.hatenablog.com/entry/2021/07/26/225308
CTFするぞ
From JavaScript to Kernel - Google CTF 2021 Quals "Full Chain" Writeup - CTFするぞ
I played Google CTF 2021 Quals in zer0pts and I worked on several tasks. In the 6 pwnable challenges I solved during the CTF I liked "Full Chain" the most. This…
Hunting IcedID and unpacking automation with Qiling https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html
VMware Security Blog
Hunting IcedID and unpacking automation with Qiling
In our previous blog post “Detecting IcedID” we provided a global overview of the IcedID threat, its multiple stages and capabilities. This new blog post is focused on how to be proactive and hunt for IcedID DLL components to extract network IOCs. It will…
Portable Executable Injection Study https://malwareunicorn.org/workshops/peinjection.html#0
malwareunicorn.org
Portable Executable Injection Study
This workshop will go over the reverse engineering steps for looking at Cryptowall malware for the purposes of extracting information on the code injection technique in order to replicate for red team operation use.
Winning the race: Signals, symlinks, and TOC/TOU https://blog.0xffff.info/2021/06/23/winning-the-race-signals-symlinks-and-toc-tou/
👾1
Nice translation summary of WinAPI to Sysmon events https://raw.githubusercontent.com/OTRF/API-To-Event/master/images/API-to-Sysmon.svg
HookHunter: Analyze patches in a process for investigation or repairment purposes https://github.com/mike1k/HookHunter
GitHub
GitHub - mike1k/HookHunter: Analyze patches in a process
Analyze patches in a process. Contribute to mike1k/HookHunter development by creating an account on GitHub.
Lateral Movement Detection with Windows Event Logs https://www.socinvestigation.com/lateral-movement-detection-with-windows-event-logs/
Security Investigation - Be the first to investigate
Lateral Movement Detection with Windows Event Logs - Security Investigation
Lateral movement refers to the behaviors of cyber attackers after gaining initial access to the assets and moves around the compromised network for sensitive data. The attacker will use different tools and techniques allowing them to move laterally through…
Fuzzing Windows RPC with RpcView https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
itm4n’s blog
Fuzzing Windows RPC with RpcView
The recent release of PetitPotam by @topotam77 motivated me to get back to Windows RPC fuzzing. On this occasion, I thought it would be cool to write a blog post explaining how one can get into this security research area.