From JavaScript to Kernel - Google CTF 2021 Quals "Full Chain" Writeup https://ptr-yudai.hatenablog.com/entry/2021/07/26/225308
CTFするぞ
From JavaScript to Kernel - Google CTF 2021 Quals "Full Chain" Writeup - CTFするぞ
I played Google CTF 2021 Quals in zer0pts and I worked on several tasks. In the 6 pwnable challenges I solved during the CTF I liked "Full Chain" the most. This…
Hunting IcedID and unpacking automation with Qiling https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html
VMware Security Blog
Hunting IcedID and unpacking automation with Qiling
In our previous blog post “Detecting IcedID” we provided a global overview of the IcedID threat, its multiple stages and capabilities. This new blog post is focused on how to be proactive and hunt for IcedID DLL components to extract network IOCs. It will…
Portable Executable Injection Study https://malwareunicorn.org/workshops/peinjection.html#0
malwareunicorn.org
Portable Executable Injection Study
This workshop will go over the reverse engineering steps for looking at Cryptowall malware for the purposes of extracting information on the code injection technique in order to replicate for red team operation use.
Winning the race: Signals, symlinks, and TOC/TOU https://blog.0xffff.info/2021/06/23/winning-the-race-signals-symlinks-and-toc-tou/
👾1
Nice translation summary of WinAPI to Sysmon events https://raw.githubusercontent.com/OTRF/API-To-Event/master/images/API-to-Sysmon.svg
HookHunter: Analyze patches in a process for investigation or repairment purposes https://github.com/mike1k/HookHunter
GitHub
GitHub - mike1k/HookHunter: Analyze patches in a process
Analyze patches in a process. Contribute to mike1k/HookHunter development by creating an account on GitHub.
Lateral Movement Detection with Windows Event Logs https://www.socinvestigation.com/lateral-movement-detection-with-windows-event-logs/
Security Investigation - Be the first to investigate
Lateral Movement Detection with Windows Event Logs - Security Investigation
Lateral movement refers to the behaviors of cyber attackers after gaining initial access to the assets and moves around the compromised network for sensitive data. The attacker will use different tools and techniques allowing them to move laterally through…
Fuzzing Windows RPC with RpcView https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
itm4n’s blog
Fuzzing Windows RPC with RpcView
The recent release of PetitPotam by @topotam77 motivated me to get back to Windows RPC fuzzing. On this occasion, I thought it would be cool to write a blog post explaining how one can get into this security research area.
Disclosure Dilemmas: Vulnerable Stalkerware https://www.immersivelabs.com/resources/blog/disclosure-dilemmas-vulnerable-stalkerware/
Immersivelabs
Disclosure Dilemmas: Vulnerable Stalkerware - Immersive Labs
Our Director of Cyber Threat Research, Kev Breen, recently discovered a vulnerability in a piece of stalkerware. What...
Code execution via the Windows Update client (wuauclt) https://dtm.uk/wuauclt/
@dtmsecurity
Code execution via the Windows Update client (wuauclt)
Its been a few months since my last post about uploading and downloading data with certreq.exe as a potential alternative to certutil.exe in LOLBIN land. I've been having a blast starting my new role in the MDSec ActiveBreach team.
Today I wanted to share…
Today I wanted to share…
Universal Privilege Escalation and Persistence – Printer https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/
Penetration Testing Lab
Universal Privilege Escalation and Persistence – Printer
The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of the Print Spooler service is not new and suc…
good summary of resources on macOS IR/forensics >> https://gist.github.com/0xmachos/6e8b813cffc2035914606bd4cda491d2
Gist
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
If someone wants to learn MacOS IR/forensics what’s the best resource for that? - macOS-IR-Forensics.md
Potential remote code execution in PyPI https://blog.ryotak.me/post/pypi-potential-remote-code-execution-en/
blog.ryotak.net
Potential remote code execution in PyPI
Preface
(日本語版も公開されています。)
While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1
This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…
(日本語版も公開されています。)
While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1
This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…
CyberDefenders- HoneyPot : WireShark PCAP Analysis https://digitalitskills.com/cyberdefenders-honeypot-wireshark-pcap-analysis/
Adaptation of Shortest Path Algorithms for Dynamic Routing Problems https://blog.qrator.net/en/adaptation-of-shortest-path-algorithms-for-dynamic_139/
Root Cause Analysis of a Printer’s Drivers Vulnerability CVE-2021-3438 https://voidsec.com/root-cause-analysis-of-cve-2021-3438/
VoidSec
Root Cause Analysis of a Printer's Drivers Vulnerability CVE-2021-3438 - VoidSec
Analysis and Exploitability of a buffer overflow vulnerability present in printer's drivers (CVE-2021-3438).
Kernel Pwning with eBPF: a Love Story https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow https://github.com/vp777/Windows-Non-Paged-Pool-Overflow-Exploitation
GitHub
GitHub - vp777/Windows-Non-Paged-Pool-Overflow-Exploitation: Techniques based on named pipes for pool overflow exploitation targeting…
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow - vp777/Windows-Non-...
Wow! waiting for that post eagerly :). Congrats @RicardoJRdez, @ailtonTT, and E. L. Feitosa for your new manuscript at ACM DTRAP, worth reading it! 👏👏 https://twitter.com/RicardoJRdez/status/1428748441509928966?s=20
Twitter
Ricardo J. Rodríguez
Our forthcoming paper is out! "Evasion and Countermeasures Techniques to Detect Dynamic Binary Instrumentation Frameworks" dl.acm.org/doi/abs/10.114…. A collaboration w. @ailtonTT and E. L. Feitosa [camera ready here: webdiis.unizar.es/~ricardo/files…] 🧵👇(1/6)
OSX.XLoader hides little except its main purpose: What we learned in the installation process https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/
Malwarebytes Labs
OSX.XLoader hides little except its main purpose: What we learned in the installation process
We dig into OSX.XLoader, also known as X Loader, which is the latest threat to macOS that bears some similarities to novice malware.
isoalloc: A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance https://github.com/struct/isoalloc
GitHub
GitHub - struct/isoalloc: A general purpose memory allocator that implements an isolation security strategy to mitigate memory…
A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance - struct/isoalloc