F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech – JPCERT/CC Eyes https://blueteam.news/f5-big-ip-vulnerability-cve-2022-1388-exploited-by-blacktech-jpcert-cc-eyes
Analysis of Malloc Protections on Singly Linked Lists https://maxwelldulin.com/BlogPost/Analysis-Malloc-Protections-on-Singly-Linked-Lists
Strikeout Security Blog
Analysis of Malloc Protections on Singly Linked Lists
glibc malloc singly linked list uses pointer mangling to prevent easy overwrites. The article explains how this works and how to defeat it.
Blinding EDR On Windows https://synzack.github.io/Blinding-EDR-On-Windows/
Red Team Blog
Blinding EDR On Windows
Acknowledgements My understanding of EDRs would not be possible without the help of many great security researchers. Below are some write-ups and talks that really helped me gain the understanding needed and hit the ground running on the research that will…
Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
Zscaler
Windows CLFS Zero-Day Vulnerability CVE-2022-37969 | Zscaler
Demystifying the Windows Common Log File System Driver Privilege Escalation Zero-Day Vulnerability (CVE-2022-37969)
Great cheatsheets on AI, ML and DL topics https://stanford.edu/~shervine/teaching/
stanford.edu
Teaching - Shervine Amidi
Teaching page of Shervine Amidi, Adjunct Lecturer at Stanford University.
New “Prestige” ransomware impacts organizations in Ukraine and Poland https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Microsoft Security Blog
New “Prestige” ransomware impacts organizations in Ukraine and Poland | Microsoft Security Blog
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware…
Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) https://asec.ahnlab.com/en/39828/
ASEC
Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) - ASEC
While tracking the Lazarus attack group, the ASEC analysis team discovered that the attackers were using the DLL Side-Loading attack technique (T1574.002) by abusing legitimate applications in the initial compromise stage to achieve the next stage of their…
House of Muney - Leakless Heap Exploitation Technique https://maxwelldulin.com/BlogPost/House-of-Muney-Heap-Exploitation
Strikeout Security Blog
House of Muney - Leakless Heap Exploitation Technique
Leakless glibc heap exploitation technique for code execution. Overwriting the symbol resolution process.
Toner Deaf – Printing your next persistence (Hexacon 2022) https://research.nccgroup.com/2022/10/17/toner-deaf-printing-your-next-persistence-hexacon-2022/
NCC Group Research Blog
Toner Deaf – Printing your next persistence (Hexacon 2022)
On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated re…
RedEye: a visual analytic tool supporting Red & Blue Team operations https://github.com/cisagov/RedEye
GitHub
GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations
RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye
Good tips about RE with Ghidra https://twitter.com/embee_research/status/1582274165280690176
HoneyPoC is Dead - Long Live Disinformation https://blog.zsec.uk/honeypoc-release/
ZephrSec - Adventures In Information Security
HoneyPoC is Dead - Long Live Disinformation
This short blog post explains what each tool does and overviews the use/reason for the release. Release of AutoPoC and SandboxSpy.
PHP filters chain: What is it and how to use it https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html
Synacktiv
PHP filters chain: What is it and how to use it
Guest Blog Post - Memory corruption vulnerabilities in Edge https://microsoftedge.github.io/edgevr/posts/memory-corruption-vulnerabilities-in-edge/
Microsoft Browser Vulnerability Research
Guest Blog Post - Memory corruption vulnerabilities in Edge
Introduction
Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889) https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html
FullHunt Blog
Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)
FullHunt released an update to Log4J-Scan to detect Apache Commons Text RCE (CVE-2022-42889).Detecting Apache Commons Text RCE (CVE-2022-42889)The Apache Com...
[CVE-2022-1786] A Journey To The Dawn https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
kylebot's Blog
[CVE-2022-1786] A Journey To The Dawn
IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera
SHA-3 Buffer Overflow https://mouha.be/sha-3-buffer-overflow/
List of (automatic) protocol reverse engineering tools for network protocols https://github.com/techge/PRE-list
GitHub
GitHub - techge/PRE-list: List of (automatic) protocol reverse engineering tools for network protocols
List of (automatic) protocol reverse engineering tools for network protocols - techge/PRE-list
Archive Sidestepping: Self-Unlocking Password-Protected RAR https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/archive-sidestepping-self-unlocking-password-protected-rar/
Trustwave
Archive Sidestepping Self-Unlocking Password-Protected RAR
Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in password-protected archives with about 96% of these being spammed by the Emotet Botnet. In the first half of 2022, we identified password-protected ZIP files as the third…