Issue 95: An unprivileged user may read / write arbitrary freed physical pages via PowerVR GPU device driver https://bugs.chromium.org/p/apvi/issues/detail?id=95&q=&can=1
Scripts for assessment of regression models performance https://easystats.github.io/performance/
easystats.github.io
Assessment of Regression Models Performance
Utilities for computing measures to assess model quality, which are not directly provided by Rs base or stats' packages. These include e.g. measures like r-squared, intraclass correlation coefficient (Nakagawa, Johnson & Schielzeth (2017) <doi:10.1098/rsif.2017.0213>)…
Good cheatsheet regarding DFIR https://twitter.com/Shubham_pen/status/1579150949351727104
Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell) https://unit42.paloaltonetworks.com/proxynotshell-cve-2022-41040-cve-2022-41082/
Unit 42
Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)
CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) can be used for remote code execution. We provide suggestions for how to mitigate.
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild https://www.bitdefender.com/blog/labs/side-loading-onedrive-for-profit-cryptojacking-campaign-detected-in-the-wild/
Bitdefender Labs
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild
Cryptojackers have become very lucrative for cybercriminals in recent years as
the price of cryptocurrency soared.
the price of cryptocurrency soared.
Pwning ManageEngine — From Endpoint to Exploit https://medium.com/@erik.wynter/pwning-manageengine-from-endpoint-to-exploit-bc5793836fd
Medium
Pwning ManageEngine — From Endpoint to Exploit
A deep dive into CVE-2021–42847
On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
Doyensec
On Bypassing eBPF Security Monitoring
There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of…
Userland Execution of Binaries Directly from Python https://www.anvilsecure.com/blog/userland-execution-of-binaries-directly-from-python.html
Anvil Secure
Userland Execution of Binaries Directly from Python - Anvil Secure
On a recent engagement I found myself testing a Kubernetes environment. Through application-level bugs I had gotten remote shell access to some of its containers. For further exploration and analysis…
Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/
SEC Consult
Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
Hidden DNS resolvers and how to compromise your infrastructure
How to Investigate Insider Threats (Forensic Methodology) https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html
Inversecos
How to Investigate Insider Threats (Forensic Methodology)
Disssect: the incident response framework build from various parsers and implementations of file formats, developed by Fox-IT (now open source!) https://github.com/fox-it/dissect
GitHub
GitHub - fox-it/dissect: Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access…
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fo...
Windows 11 Time Rules https://www.khyrenz.com/blog/windows-11-time-rules/
Khyrenz
Windows 11 Time Rules
Time rules for certain user file interactions are documented in the SANS red poster, tested on a Windows 10 1903 system. This blog post looks at these same user interactions with files on a Windows 11 22H2 system, with some further testing conducted on a…
WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/
SentinelOne
WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.
A journey of fuzzing Nvidia graphic driver leading to LPE exploitation https://github.com/quarkslab/conf-presentations/blob/master/Hexacon-2022/fuzzing_NVIDIA_drivers-tdore.pdf
3242933 – [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution https://redrays.io/3242933-cve-2022-39802-file-path-traversal-vulnerability-in-sap-manufacturing-execution/
RedRays
3242933 - [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.
Bringing passkeys to Android & Chrome https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html
Android Developers Blog
Bringing passkeys to Android & Chrome
developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels
Good cheatsheet on crypto » https://twitter.com/hackinarticles/status/1577196641886474240
Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak
F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech – JPCERT/CC Eyes https://blueteam.news/f5-big-ip-vulnerability-cve-2022-1388-exploited-by-blacktech-jpcert-cc-eyes
Analysis of Malloc Protections on Singly Linked Lists https://maxwelldulin.com/BlogPost/Analysis-Malloc-Protections-on-Singly-Linked-Lists
Strikeout Security Blog
Analysis of Malloc Protections on Singly Linked Lists
glibc malloc singly linked list uses pointer mangling to prevent easy overwrites. The article explains how this works and how to defeat it.
Blinding EDR On Windows https://synzack.github.io/Blinding-EDR-On-Windows/
Red Team Blog
Blinding EDR On Windows
Acknowledgements My understanding of EDRs would not be possible without the help of many great security researchers. Below are some write-ups and talks that really helped me gain the understanding needed and hit the ground running on the research that will…