Legitimate RATs: a comprehensive forensic analysis of the usual suspects https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html
Synacktiv
Legitimate RATs: a comprehensive forensic analysis of the usual
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family. https://medium.com/csis-techblog/chapter-1-from-gozi-to-isfb-the-history-of-a-mythical-malware-family-82e592577fef
Medium
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…
Stranger Strings: An exploitable flaw in SQLite https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
The Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022).…
A technical analysis of the leaked LockBit 3.0 builder https://cybergeeks.tech/a-technical-analysis-of-the-leaked-lockbit-3-0-builder/
TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Medium
Analysis and Summary of TCP/IP Protocol Remote Code Execution Vulnerability CVE-2022–34718
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
Control Flow Unflattening https://eybisi.run/Control-Flow-Unflattening/
hedgehog's cave
Control Flow Unflattening
TargetRecently I have analyzed a RASP solution called Approov. Altough there are some novel detection techniques, overall it’s not that interesting. Instead I will focus on obfuscation part of native
Towards the next generation of XNU memory safety: kalloc_type https://security.apple.com/blog/towards-the-next-generation-of-xnu-memory-safety/
Towards the next generation of XNU memory safety: kalloc_type - Apple Security Research
Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator…
LNK file-based Attacks Are on The Rise https://www.docguard.io/lnk-file-based-attacks-are-on-the-rise/
Docguard | Detect malwares in seconds!
LNK file-based Attacks Are on The Rise - Docguard | Detect malwares in seconds!
Introduction After Microsoft disabled the macros in Microsoft Office, criminals started to look for new techniques to beat security defenses and make it harder to detect malware and hide it from security solutions. LNK attack is one of the powerful … Read…
Hardware Trojans Under a Microscope https://ryancor.medium.com/hardware-trojans-under-a-microscope-bf542acbcc29
Medium
Hardware Trojans Under a Microscope
Table of Contents
One-Time Programs https://blog.cryptographyengineering.com/2022/10/27/one-time-programs/
A Few Thoughts on Cryptographic Engineering
One-Time Programs
One of the things I like to do on this blog is write about new research that has a practical angle. Most of the time (I swear) this involves writing about other folks’ research: it’s no…
Great tool » dynamically resolving System Service Number (syscall number) by offsets from the PEB with API hashing https://github.com/D1rkMtr/SSN_Resolver/tree/main
Igor’s tip of the week #112: Matching braces https://hex-rays.com/blog/igors-tip-of-the-week-112-matching-braces/
Avoiding direct syscall instructions by using trampolines https://eversinc33.github.io/posts/avoiding-direct-syscall-instructions/
eversinc33.github.io
Avoiding direct syscall instructions by using trampolines
Recently, in order to prepare for an internal penetration testing engagement, I wanted to automate my payload generation. In order to do so, I created a packer for executables and shellcodes called MATROJKA. Since I’ve been a fan of Nim for malware development…
Towards debuggability and secure deployments of eBPF programs on Windows https://cloudblogs.microsoft.com/opensource/2022/10/25/towards-debuggability-and-secure-deployments-of-ebpf-programs-on-windows/
Microsoft Open Source Blog
Towards debuggability and secure deployments of eBPF programs on Windows
eBPF for Windows native code generation is a new mode of execution that maintains the integrity of the kernel and provides the safety promises of eBPF.
Good vuln & exploit related feed https://inthewild.io/feed
Very interesting talk from our team at the @noconname congress, take a look at the slides 👇👇 https://twitter.com/RicardoJRdez/status/1596564693404876802
Twitter
Slides from our recent talk (w. @daniel_uroz) at @noconname, "Characterization and Evaluation of IoT Protocols for Data Exfiltration", are out! The related paper is here https://t.co/tx6BfPn73R, in case you are more interested in this topic. Enjoy! http…
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
Microsoft News
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.