Spring Core on JDK9+ is vulnerable to remote code execution https://www.praetorian.com/blog/spring-core-jdk9-rce/
Praetorian
Spring Core on JDK9+ is vulnerable to remote code execution
Update: March 31, 2022 A patch has officially been released. https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 Overview Spring Core on JDK9+ is vulnerable to remote code execution due…
A step-by-step analysis of the Russian APT Turla backdoor called TinyTurla https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/
Active Directory Fundamentals (Part 1)- Basic Concepts https://rootdse.org/posts/active-directory-basics-1/
RootDSE
Active Directory Fundamentals (Part 1)- Basic Concepts
Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965) https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/
Rapid7
Spring4Shell: Zero-Day Vulnerability in Spring Framework | Rapid7 Blog
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/
Pentera
Mitigating CVE-2022-22948: VMware vCenter Information Disclosure - Pentera
Learn about the CVE-2022-22948 vulnerability in VMware vCenter, its implications, and how to mitigate the risk. Protect your systems with Pentera's guidance.
Decrypting your own HTTPS traffic with Wireshark https://www.trickster.dev/post/decrypting-your-own-https-traffic-with-wireshark/
www.trickster.dev
Decrypting your own HTTPS traffic with Wireshark – Trickster Dev
Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know/
JFrog
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know
Understand SpringShell (Spring4Shell) vulnerability CVE-2022-22965 exploitation vectors, learn what's vulnerable & discover remediations to this zero-day vulnerability
Process Overwriting: Yet another variant of Process Hollowing https://securityonline.info/process-overwriting-yet-another-variant-of-process-hollowing/
Vulnerabilities Identified in Wyze
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Top 3 Stealer Malware Activity Research https://brandefense.io/top-3-stealer-malware-activity-report/
Brandefense
Top 3 Stealer Malware Activity Research - Brandefense
This research aims to share the Top 3 Different Stealer Malware behaviors and their properties. Malicious software attacks and their impacts continue to grow rapidly.
AcidRain | A Modem Wiper Rains Down on Europe https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
SentinelOne
AcidRain | A Modem Wiper Rains Down on Europe
As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks https://blog.aquasec.com/python-ransomware-jupyter-notebook
Aqua
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files.
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability https://www.tenable.com/blog/spring4shell-faq-spring-framework-remote-code-execution-vulnerability
Tenable®
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965).
New spear phishing campaign targets Russian dissidents https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
ThreatDown by Malwarebytes
New spear phishing campaign targets Russian dissidents - ThreatDown by Malwarebytes
This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a…
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Fortinet Blog
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
FortiGuard Labs discovered a campaign by Deep Panda exploiting Log4Shell, along with a novel kernel rootkit signed with a stolen digital certificate also used by Winnti. Read to learn about these a…
Ransomware Spotlight: Hive https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-hive
Trendmicro
Ransomware Spotlight: Hive
Hive ransomware is one of the new ransomware families in 2021 that poses significant challenges to enterprises worldwide. We take an in-depth look at the ransomware group’s operations and discuss how organizations can bolster their defenses against it.
An Exercise in Dynamic Analysis: Analyzing the PayloadRestrictions.dll Export Address Filtering https://windows-internals.com/an-exercise-in-dynamic-analysis/
Video of the talk "Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols" at @BlueHatIL https://youtu.be/vfb-bH_HaW4
YouTube
BlueHat IL 2022 - Antonio Cocomazzi & Andrea Pierini - Relaying to Greatness
Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask https://github.com/xepor/xepor
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - xepor/xepor
[QuickNote] Analysis of Pandora ransomware https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/
0day in {REA_TEAM}
[QuickNote] Analysis of Pandora ransomware
FOREWORD: Pandora’s code looks very weird and obfuscate complicated, so this analysis does not cover all its functions.I’m not a crypto expert, so I won’t dive into Pandora’…