Gitlab Project Import RCE Analysis (CVE-2022-2185) https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/
STAR Labs
Gitlab Project Import RCE Analysis (CVE-2022-2185)
At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9.
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz.…
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz.…
How I Met Your Beacon – Overview https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
MDSec
PART 1: How I Met Your Beacon - Overview - MDSec
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader) https://artik.blue/malware5
artik.blue
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader)
All things cyber
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists
Proofpoint
APTs Targeting Journalists & Media Organizations | Proofpoint US
APTs regularly target and pose as journalists and media organizations to advance their state-aligned initiatives. Learn more about Proofpoint's research.
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials https://research.checkpoint.com/2022/check-point-research-exposes-an-iranian-phishing-campaign-targeting-former-israeli-foreign-minister-former-us-ambassador-idf-general-and-defense-industry-executives/
Check Point Research
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials - Check Point Research
Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks…
Attackers target Ukraine using GoMet backdoor https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html
Cisco Talos Blog
Attackers target Ukraine using GoMet backdoor
Executive summary
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Why the Equation Group (EQGRP) is NOT the NSA https://xorl.wordpress.com/2022/07/06/why-the-equation-group-eqgrp-is-not-the-nsa/
xorl %eax, %eax
Why the Equation Group (EQGRP) is NOT the NSA
I had covered this topic in my 2021 talk “In nation-state actor’s shoes” but after my recent blog post I saw again people referring to the EQGRP as the NSA which is not entirely c…
Let's code a TCP/IP stack, 1: Ethernet & ARP https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
saminiir's hacker blog
Let's code a TCP/IP stack, 1: Ethernet & ARP
Writing your own TCP/IP stack may seem like a daunting task. Indeed, TCP has accumulated many specifications over its lifetime of more than thirty years. The core specification, however, is seemingly compact[^tcp-roadmap] - the important parts being TCP header…
When Hypervisor Met Snapshot Fuzzing https://www.usmacd.com/2022/07/21/2022-07-21-When-Hypervisor-Met-Snapshot-Fuzzing/
The End of PPLdump https://itm4n.github.io/the-end-of-ppldump/
itm4n’s blog
The End of PPLdump
A few days ago, an issue was opened for PPLdump on GitHub, stating that it no longer worked on Windows 10 21H2 Build 19044.1826. I was skeptical at first so I fired up a new VM and started investigating. Here is what I found…
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID https://medium.com/@DCSO_CyTec/attack-chain-d%C3%A9j%C3%A0-vu-the-infection-vector-used-by-svcready-gozi-and-icedid-585bb326a666
Medium
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID
Technical analysis of the SVCReady, Gozi and IcedID attack chain
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
Securelist
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.
Zyxel authentication bypass patch analysis (CVE-2022-0342) https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/
hn security
Zyxel authentication bypass patch analysis (CVE-2022-0342) - hn security
A few months ago, new firmware […]
Winshark - Wireshark plugin to work with Event Tracing for Windows https://hakin9.org/winshark-wireshark-plugin-to-work-with-event-tracing-for-windows/
Hakin9 - IT Security Magazine
Winshark - Wireshark plugin to work with Event Tracing for Windows
Windows Kernel Exploitation – HEVD x64 Use-After-Free https://vulndev.io/2022/07/14/windows-kernel-exploitation-hevd-x64-use-after-free/
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products https://blog.talosintelligence.com/2022/07/vulnerability-spotlight-how-code-re-use.html
Cisco Talos Blog
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
Recently, I was performing some research on a wireless router and noticed the following piece of code:
This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check…
This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check…
How to analyze Linux malware – A case study of Symbiote https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/
CVE-2022-31813: Forwarding addresses is hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
Synacktiv
CVE-2022-31813: Forwarding addresses is hard
Extracting Ghidra Decompiler Output with Python https://medium.com/tenable-techblog/extracting-ghidra-decompiler-output-with-python-a737e9ed8fce
Medium
Extracting Ghidra Decompiler Output with Python
Ghidra’s decompiler, while not perfect, is pretty darn handy. Ghidra’s user interface, however, leaves a lot to be desired. I often find…