[CVE-2022-1786] A Journey To The Dawn https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
kylebot's Blog
[CVE-2022-1786] A Journey To The Dawn
IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera
SHA-3 Buffer Overflow https://mouha.be/sha-3-buffer-overflow/
List of (automatic) protocol reverse engineering tools for network protocols https://github.com/techge/PRE-list
GitHub
GitHub - techge/PRE-list: List of (automatic) protocol reverse engineering tools for network protocols
List of (automatic) protocol reverse engineering tools for network protocols - techge/PRE-list
Archive Sidestepping: Self-Unlocking Password-Protected RAR https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/archive-sidestepping-self-unlocking-password-protected-rar/
Trustwave
Archive Sidestepping Self-Unlocking Password-Protected RAR
Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in password-protected archives with about 96% of these being spammed by the Emotet Botnet. In the first half of 2022, we identified password-protected ZIP files as the third…
Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse
grsecurity.net
Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse
This blog covers a difficult-to-defend subclass of use-after-free vulnerabilities in the Linux kernel, grsecurity's defense for it, and why our defense required compiler plugin involvement. Included PoC exploits demonstrate the power and simplicity of this…
AmsiScanBuffer https://github.com/D1rkMtr/AmsiScanBuffer
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis https://www.intrinsec.com/apt27-analysis/
INTRINSEC
APT27 - One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
Data leak : In-depth forensic & threat intelligence analysis of the tactics, tools & procedures of an advanced and persistant attack, by the Intrinsec CERT.
Ring0VBA - Getting Ring0 Using a Goddamn Word Document https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
[angry-FSROP] Bypassing vtable Check in glibc File Structures https://blog.kylebot.net/2022/10/22/angry-FSROP/
kylebot's Blog
[angry-FSROP] Bypassing vtable Check in glibc File Structures
IntroductionThe story began with a student, @Ramen, asking me about the status of file structure attacks nowadays two days ago. He told me there were no public attacks that grant PC-control solely fro
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free https://accessvector.net/2022/linux-itimers-uaf
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities
Varonis
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.
Legitimate RATs: a comprehensive forensic analysis of the usual suspects https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html
Synacktiv
Legitimate RATs: a comprehensive forensic analysis of the usual
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family. https://medium.com/csis-techblog/chapter-1-from-gozi-to-isfb-the-history-of-a-mythical-malware-family-82e592577fef
Medium
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…
Stranger Strings: An exploitable flaw in SQLite https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
The Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022).…
A technical analysis of the leaked LockBit 3.0 builder https://cybergeeks.tech/a-technical-analysis-of-the-leaked-lockbit-3-0-builder/
TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Medium
Analysis and Summary of TCP/IP Protocol Remote Code Execution Vulnerability CVE-2022–34718
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
Control Flow Unflattening https://eybisi.run/Control-Flow-Unflattening/
hedgehog's cave
Control Flow Unflattening
TargetRecently I have analyzed a RASP solution called Approov. Altough there are some novel detection techniques, overall it’s not that interesting. Instead I will focus on obfuscation part of native