Defense Evasion Series Part 1 AMSI Bypass https://dazzyddos.github.io/posts/AMSI-Bypass/
Dazzy Ddos
Defense Evasion Series Part 1 AMSI Bypass
Introduction
Introducing GoKart, a Smarter Go Security Scanner https://www.praetorian.com/blog/introducing-gokart/
Praetorian
Introducing GoKart, a Smarter Go Security Scanner | Praetorian
At Praetorian, we’re committed to promoting and contributing to open source security projects and radically focused on developing technologies to enhance the overall state of cybersecurity. We love when our passions and business commitments overlap so today…
Reverse Engineering the Austrian ID-Card Verification App https://yepoleb.github.io/blog/2021/08/18/reverse-engineering-the-check-at-android-app/
Convert Apple NeuralHash model for CSAM Detection to ONNX https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX
GitHub
GitHub - AsuharietYgvar/AppleNeuralHash2ONNX: Convert Apple NeuralHash model for CSAM Detection to ONNX.
Convert Apple NeuralHash model for CSAM Detection to ONNX. - AsuharietYgvar/AppleNeuralHash2ONNX
Detecting Embedded Content in OOXML Documents https://www.fireeye.com/blog/threat-research/2021/08/detecting-embedded-content-in-ooxml-documents.html
Dissecting the last version of Conti Ransomware using a step-by-step approach https://cybergeeks.tech/dissecting-the-last-version-of-conti-ransomware-using-a-step-by-step-approach/
Write-up of CVE-2021-30656 https://jsherman212.github.io/CVE-2021-30656/
mobile Audit: performs SAST and Malware Analysis for Android APKs https://securityonline.info/mobile-audit-performs-sast-and-malware-analysis-for-android-apks/
Cybersecurity News
mobile Audit v3.0 releases: performs SAST and Malware Analysis for Android APKs
Mobile Audit - SAST and Malware Analysis for Android Mobile APKs. Django Web application for performing Static Analysis, detecting malware in Android APKs
HID simulation for DRAKVUF https://www.cert.pl/en/posts/2021/08/hid-simulation-for-drakvuf/
cert.pl
HID simulation for DRAKVUF
Guest post by our Google Summer of Code student, Jan Gruber Project proposal: https://summerofcode.withgoogle.com/projects/#6703931754807296 Overview My project for GSoC 2021 was to realize an undetectable simulation of human behaviour in the VMI-based sandbox…
Exploiting CVE-2021-21225 and disabling W^X https://tiszka.com/blog/CVE_2021_21225_exploit.html
Report on QNX BadAlloc vulnerability, which affects embedded devices like control systems https://media.defense.gov/2021/Apr/29/2002630479/-1/-1/0/CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF
Automating security assessments using Cloud Katana https://www.microsoft.com/security/blog/2021/08/19/automating-security-assessments-using-cloud-katana/
Microsoft Security Blog
Automating security assessments using Cloud Katana | Microsoft Security Blog
Today, we are open-sourcing Cloud Katana, a cloud-native tool under development, to automate simulation steps on-demand in multi-cloud and hybrid cloud environments. This tool is an event-driven, serverless compute application built on the top of Azure Functions…
Firmware Supply Chain is Hard(coded) https://www.binarly.io/posts/Firmware_Supply_Chain_is_Hard(coded)/index.html
Understanding Network Access in Windows AppContainers https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html
projectzero.google
Understanding Network Access in Windows AppContainers
Posted by James Forshaw, Project ZeroRecently I've been delving into the inner workings...
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium
Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities
These vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March.
From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Zero Day Initiative
Zero Day Initiative — From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell!
In April 2021, Orange Tsai from DEVCORE Research Team demonstrated a remote code execution vulnerability in Microsoft Exchange during the Pwn2Own Vancouver 2021 contest. In doing so, he earned himself $200,000. Since then, he has disclosed several other…
ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.zerodayinitiative.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref
Zero Day Initiative
Zero Day Initiative — ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
You can find me on Twitter at @HexKitchen , and follow the team for the latest in exploit techniques and security patches.
ChaosDB: Critical Vulnerability in Microsoft Azure Cosmos DB https://chaosdb.wiz.io/
Wiz
ChaosDB: Unauthorized Privileged Access to Microsoft Azure Cosmos DB
A critical vulnerability in Azure's flagship Cosmos DB service affecting thousands of customers. Mitigation requires customers' manual actions.
SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak https://ssd-disclosure.com/ssd-advisory-samsung-s10-s9-kernel-4-14-android-10-kernel-function-address-text-and-heap-address-information-leak/
SSD Secure Disclosure
SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak - SSD…
Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information.
Beyond the Edge: How to Secure SMB Traffic in Windows https://techcommunity.microsoft.com/t5/itops-talk-blog/beyond-the-edge-how-to-secure-smb-traffic-in-windows/ba-p/1447159?WT.mc_id=modinfra-0000-orthomas
TECHCOMMUNITY.MICROSOFT.COM
Beyond the Edge: How to Secure SMB Traffic in Windows
Hiya folks, Ned here again. Organizations are good at firewalling the network edge to stop inbound intruders. We need to move on to preventing outbound and lateral network communications. With the rise of mobile computing and ease of phishing users, compromising…