good summary of resources on macOS IR/forensics >> https://gist.github.com/0xmachos/6e8b813cffc2035914606bd4cda491d2
Gist
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
If someone wants to learn MacOS IR/forensics what’s the best resource for that? - macOS-IR-Forensics.md
Potential remote code execution in PyPI https://blog.ryotak.me/post/pypi-potential-remote-code-execution-en/
blog.ryotak.net
Potential remote code execution in PyPI
Preface
(日本語版も公開されています。)
While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1
This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…
(日本語版も公開されています。)
While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1
This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…
CyberDefenders- HoneyPot : WireShark PCAP Analysis https://digitalitskills.com/cyberdefenders-honeypot-wireshark-pcap-analysis/
Adaptation of Shortest Path Algorithms for Dynamic Routing Problems https://blog.qrator.net/en/adaptation-of-shortest-path-algorithms-for-dynamic_139/
Root Cause Analysis of a Printer’s Drivers Vulnerability CVE-2021-3438 https://voidsec.com/root-cause-analysis-of-cve-2021-3438/
VoidSec
Root Cause Analysis of a Printer's Drivers Vulnerability CVE-2021-3438 - VoidSec
Analysis and Exploitability of a buffer overflow vulnerability present in printer's drivers (CVE-2021-3438).
Kernel Pwning with eBPF: a Love Story https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow https://github.com/vp777/Windows-Non-Paged-Pool-Overflow-Exploitation
GitHub
GitHub - vp777/Windows-Non-Paged-Pool-Overflow-Exploitation: Techniques based on named pipes for pool overflow exploitation targeting…
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow - vp777/Windows-Non-...
Wow! waiting for that post eagerly :). Congrats @RicardoJRdez, @ailtonTT, and E. L. Feitosa for your new manuscript at ACM DTRAP, worth reading it! 👏👏 https://twitter.com/RicardoJRdez/status/1428748441509928966?s=20
Twitter
Ricardo J. Rodríguez
Our forthcoming paper is out! "Evasion and Countermeasures Techniques to Detect Dynamic Binary Instrumentation Frameworks" dl.acm.org/doi/abs/10.114…. A collaboration w. @ailtonTT and E. L. Feitosa [camera ready here: webdiis.unizar.es/~ricardo/files…] 🧵👇(1/6)
OSX.XLoader hides little except its main purpose: What we learned in the installation process https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/
Malwarebytes Labs
OSX.XLoader hides little except its main purpose: What we learned in the installation process
We dig into OSX.XLoader, also known as X Loader, which is the latest threat to macOS that bears some similarities to novice malware.
isoalloc: A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance https://github.com/struct/isoalloc
GitHub
GitHub - struct/isoalloc: A general purpose memory allocator that implements an isolation security strategy to mitigate memory…
A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance - struct/isoalloc
Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques https://www.microsoft.com/security/blog/2021/07/27/combing-through-the-fuzz-using-fuzzy-hashing-and-deep-learning-to-counter-malware-detection-evasion-techniques/
Microsoft News
Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques
A new approach for malware classification combines deep learning with fuzzy hashing. Fuzzy hashes identify similarities among malicious files and a deep learning methodology inspired by natural language processing (NLP) better identifies similarities that…
004: Free API testing and securing guide https://thexssrat.podia.com/free-api-testing-and-securing-guide
The Linux Kernel Module Programming Guide https://sysprog21.github.io/lkmpg/
DLL hijacking vulnerabilities in Nirsoft tools https://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/
Born's Tech and Windows World
DLL hijacking vulnerabilities in Nirsoft tools
[German]The Nirsoft tools are probably known to many Windows users. What is less known: The tools come along with nasty DLL hijacking vulnerabilities and should rather be avoided. The topic has been…
Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication https://www.rumble.run/blog/research-dcerpc/
Rumble Network Discovery
Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication
Correctly identifying and categorizing network-connected systems without credentials is a tricky challenge and one of the fun parts of working at Rumble. This process of “fingerprinting” uses thousands of rules, pattern matches, and internal databases to…
EasyAntiCheat Exploit to inject unsigned code into protected processes https://back.engineering/10/08/2021/
Rotten Apples: MacOS Codesigning Translocation Vulnerability https://occamsec.com/rotten-apples-macos-codesigning-translocation-vulnerability/
www.occamsec.com
MacOS Codesigning Translocation Vulnerability - OccamSec
Mistuned Part 1: Client-side XSS to Calculator and More https://blog.chichou.me/2021/08/04/mistuned-part-i/
CodeColorist
Mistuned Part 1: Client-side XSS to Calculator and More
Ever since Pointer Authentication Code (PAC) has been introduced, iPhone remained standing for more than two years on various pwn contests until TianfuCup 2020 (Project Zero has reported a remote zero click exploit in 2019). Ant Security and Qihoo 360 used…
Automated Detection of Obfuscated Code https://synthesis.to/2021/08/10/obfuscation_detection.html
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273) https://adepts.of0x.cc/proftpd-cve-2020-9273-exploit/
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273) |
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273) | AdeptsOf0xCC
Development of a PoC for CVE-2020-9273 (Use-After-Free in ProFTPd)