Great cheatsheets on AI, ML and DL topics https://stanford.edu/~shervine/teaching/
stanford.edu
Teaching - Shervine Amidi
Teaching page of Shervine Amidi, Adjunct Lecturer at Stanford University.
New “Prestige” ransomware impacts organizations in Ukraine and Poland https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Microsoft Security Blog
New “Prestige” ransomware impacts organizations in Ukraine and Poland | Microsoft Security Blog
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware…
Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) https://asec.ahnlab.com/en/39828/
ASEC
Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) - ASEC
While tracking the Lazarus attack group, the ASEC analysis team discovered that the attackers were using the DLL Side-Loading attack technique (T1574.002) by abusing legitimate applications in the initial compromise stage to achieve the next stage of their…
House of Muney - Leakless Heap Exploitation Technique https://maxwelldulin.com/BlogPost/House-of-Muney-Heap-Exploitation
Strikeout Security Blog
House of Muney - Leakless Heap Exploitation Technique
Leakless glibc heap exploitation technique for code execution. Overwriting the symbol resolution process.
Toner Deaf – Printing your next persistence (Hexacon 2022) https://research.nccgroup.com/2022/10/17/toner-deaf-printing-your-next-persistence-hexacon-2022/
NCC Group Research Blog
Toner Deaf – Printing your next persistence (Hexacon 2022)
On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated re…
RedEye: a visual analytic tool supporting Red & Blue Team operations https://github.com/cisagov/RedEye
GitHub
GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations
RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye
Good tips about RE with Ghidra https://twitter.com/embee_research/status/1582274165280690176
HoneyPoC is Dead - Long Live Disinformation https://blog.zsec.uk/honeypoc-release/
ZephrSec - Adventures In Information Security
HoneyPoC is Dead - Long Live Disinformation
This short blog post explains what each tool does and overviews the use/reason for the release. Release of AutoPoC and SandboxSpy.
PHP filters chain: What is it and how to use it https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html
Synacktiv
PHP filters chain: What is it and how to use it
Guest Blog Post - Memory corruption vulnerabilities in Edge https://microsoftedge.github.io/edgevr/posts/memory-corruption-vulnerabilities-in-edge/
Microsoft Browser Vulnerability Research
Guest Blog Post - Memory corruption vulnerabilities in Edge
Introduction
Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889) https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html
FullHunt Blog
Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)
FullHunt released an update to Log4J-Scan to detect Apache Commons Text RCE (CVE-2022-42889).Detecting Apache Commons Text RCE (CVE-2022-42889)The Apache Com...
[CVE-2022-1786] A Journey To The Dawn https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
kylebot's Blog
[CVE-2022-1786] A Journey To The Dawn
IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera
SHA-3 Buffer Overflow https://mouha.be/sha-3-buffer-overflow/
List of (automatic) protocol reverse engineering tools for network protocols https://github.com/techge/PRE-list
GitHub
GitHub - techge/PRE-list: List of (automatic) protocol reverse engineering tools for network protocols
List of (automatic) protocol reverse engineering tools for network protocols - techge/PRE-list
Archive Sidestepping: Self-Unlocking Password-Protected RAR https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/archive-sidestepping-self-unlocking-password-protected-rar/
Trustwave
Archive Sidestepping Self-Unlocking Password-Protected RAR
Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in password-protected archives with about 96% of these being spammed by the Emotet Botnet. In the first half of 2022, we identified password-protected ZIP files as the third…
Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse
grsecurity.net
Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse
This blog covers a difficult-to-defend subclass of use-after-free vulnerabilities in the Linux kernel, grsecurity's defense for it, and why our defense required compiler plugin involvement. Included PoC exploits demonstrate the power and simplicity of this…
AmsiScanBuffer https://github.com/D1rkMtr/AmsiScanBuffer
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis https://www.intrinsec.com/apt27-analysis/
INTRINSEC
APT27 - One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
Data leak : In-depth forensic & threat intelligence analysis of the tactics, tools & procedures of an advanced and persistant attack, by the Intrinsec CERT.
Ring0VBA - Getting Ring0 Using a Goddamn Word Document https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
[angry-FSROP] Bypassing vtable Check in glibc File Structures https://blog.kylebot.net/2022/10/22/angry-FSROP/
kylebot's Blog
[angry-FSROP] Bypassing vtable Check in glibc File Structures
IntroductionThe story began with a student, @Ramen, asking me about the status of file structure attacks nowadays two days ago. He told me there were no public attacks that grant PC-control solely fro