TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Medium
Analysis and Summary of TCP/IP Protocol Remote Code Execution Vulnerability CVE-2022–34718
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
Control Flow Unflattening https://eybisi.run/Control-Flow-Unflattening/
hedgehog's cave
Control Flow Unflattening
TargetRecently I have analyzed a RASP solution called Approov. Altough there are some novel detection techniques, overall it’s not that interesting. Instead I will focus on obfuscation part of native
Towards the next generation of XNU memory safety: kalloc_type https://security.apple.com/blog/towards-the-next-generation-of-xnu-memory-safety/
Towards the next generation of XNU memory safety: kalloc_type - Apple Security Research
Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator…
LNK file-based Attacks Are on The Rise https://www.docguard.io/lnk-file-based-attacks-are-on-the-rise/
Docguard | Detect malwares in seconds!
LNK file-based Attacks Are on The Rise - Docguard | Detect malwares in seconds!
Introduction After Microsoft disabled the macros in Microsoft Office, criminals started to look for new techniques to beat security defenses and make it harder to detect malware and hide it from security solutions. LNK attack is one of the powerful … Read…
Hardware Trojans Under a Microscope https://ryancor.medium.com/hardware-trojans-under-a-microscope-bf542acbcc29
Medium
Hardware Trojans Under a Microscope
Table of Contents
One-Time Programs https://blog.cryptographyengineering.com/2022/10/27/one-time-programs/
A Few Thoughts on Cryptographic Engineering
One-Time Programs
One of the things I like to do on this blog is write about new research that has a practical angle. Most of the time (I swear) this involves writing about other folks’ research: it’s no…
Great tool » dynamically resolving System Service Number (syscall number) by offsets from the PEB with API hashing https://github.com/D1rkMtr/SSN_Resolver/tree/main
Igor’s tip of the week #112: Matching braces https://hex-rays.com/blog/igors-tip-of-the-week-112-matching-braces/
Avoiding direct syscall instructions by using trampolines https://eversinc33.github.io/posts/avoiding-direct-syscall-instructions/
eversinc33.github.io
Avoiding direct syscall instructions by using trampolines
Recently, in order to prepare for an internal penetration testing engagement, I wanted to automate my payload generation. In order to do so, I created a packer for executables and shellcodes called MATROJKA. Since I’ve been a fan of Nim for malware development…
Towards debuggability and secure deployments of eBPF programs on Windows https://cloudblogs.microsoft.com/opensource/2022/10/25/towards-debuggability-and-secure-deployments-of-ebpf-programs-on-windows/
Microsoft Open Source Blog
Towards debuggability and secure deployments of eBPF programs on Windows
eBPF for Windows native code generation is a new mode of execution that maintains the integrity of the kernel and provides the safety promises of eBPF.
Good vuln & exploit related feed https://inthewild.io/feed
Very interesting talk from our team at the @noconname congress, take a look at the slides 👇👇 https://twitter.com/RicardoJRdez/status/1596564693404876802
Twitter
Slides from our recent talk (w. @daniel_uroz) at @noconname, "Characterization and Evaluation of IoT Protocols for Data Exfiltration", are out! The related paper is here https://t.co/tx6BfPn73R, in case you are more interested in this topic. Enjoy! http…
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
Microsoft News
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
A technical analysis of Pegasus for Android – Part 3 https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
Monitoring and Tuning the Linux Networking Stack: Receiving Data https://blog.packagecloud.io/monitoring-tuning-linux-networking-stack-receiving-data/
blog.packagecloud.io
Monitoring and Tuning the Linux Networking Stack: Receiving Data | Packagecloud Blog
This post guides you through monitoring and tuning the Linux network stack with the focus on receiving data.
Extending Ghidra Part 1: Setting up a Development Environment https://voidstarsec.com/blog/ghidra-dev-environment
VoidStar Security Blog
Extending Ghidra Part 1: Setting up a Development Environment
With this post, I hope to explain how to set up a development environment for the latest Ghidra release on Ubuntu 20.04. After following the steps outlined below, we will have the ability to write, debug and export custom Ghidra plugins, modules, and scripts.
Open-Obfuscator: A free and open-source obfuscator for mobile applications https://www.romainthomas.fr/post/22-10-open-obfuscator/
Romain Thomas
Open-Obfuscator: A free and open-source obfuscator for mobile applications | Romain Thomas
This blog post introduces open-obfuscator, a new open-source project to obfuscate mobile applications.
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/
Datadoghq
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation
Learn how the OpenSSL punycode vulnerability (CVE-2022-3602) works, how to detect it, and how it can be exploited.