Igor’s tip of the week #112: Matching braces https://hex-rays.com/blog/igors-tip-of-the-week-112-matching-braces/
Avoiding direct syscall instructions by using trampolines https://eversinc33.github.io/posts/avoiding-direct-syscall-instructions/
eversinc33.github.io
Avoiding direct syscall instructions by using trampolines
Recently, in order to prepare for an internal penetration testing engagement, I wanted to automate my payload generation. In order to do so, I created a packer for executables and shellcodes called MATROJKA. Since I’ve been a fan of Nim for malware development…
Towards debuggability and secure deployments of eBPF programs on Windows https://cloudblogs.microsoft.com/opensource/2022/10/25/towards-debuggability-and-secure-deployments-of-ebpf-programs-on-windows/
Microsoft Open Source Blog
Towards debuggability and secure deployments of eBPF programs on Windows
eBPF for Windows native code generation is a new mode of execution that maintains the integrity of the kernel and provides the safety promises of eBPF.
Good vuln & exploit related feed https://inthewild.io/feed
Very interesting talk from our team at the @noconname congress, take a look at the slides 👇👇 https://twitter.com/RicardoJRdez/status/1596564693404876802
Twitter
Slides from our recent talk (w. @daniel_uroz) at @noconname, "Characterization and Evaluation of IoT Protocols for Data Exfiltration", are out! The related paper is here https://t.co/tx6BfPn73R, in case you are more interested in this topic. Enjoy! http…
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
Microsoft News
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
A technical analysis of Pegasus for Android – Part 3 https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
Monitoring and Tuning the Linux Networking Stack: Receiving Data https://blog.packagecloud.io/monitoring-tuning-linux-networking-stack-receiving-data/
blog.packagecloud.io
Monitoring and Tuning the Linux Networking Stack: Receiving Data | Packagecloud Blog
This post guides you through monitoring and tuning the Linux network stack with the focus on receiving data.
Extending Ghidra Part 1: Setting up a Development Environment https://voidstarsec.com/blog/ghidra-dev-environment
VoidStar Security Blog
Extending Ghidra Part 1: Setting up a Development Environment
With this post, I hope to explain how to set up a development environment for the latest Ghidra release on Ubuntu 20.04. After following the steps outlined below, we will have the ability to write, debug and export custom Ghidra plugins, modules, and scripts.
Open-Obfuscator: A free and open-source obfuscator for mobile applications https://www.romainthomas.fr/post/22-10-open-obfuscator/
Romain Thomas
Open-Obfuscator: A free and open-source obfuscator for mobile applications | Romain Thomas
This blog post introduces open-obfuscator, a new open-source project to obfuscate mobile applications.
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/
Datadoghq
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation
Learn how the OpenSSL punycode vulnerability (CVE-2022-3602) works, how to detect it, and how it can be exploited.
Operational information regarding CVE-2022-3602 and CVE-2022-3786 (OpenSSL vulns) https://github.com/NCSC-NL/OpenSSL-2022
GitHub
GitHub - NCSC-NL/OpenSSL-2022: Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL…
Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3 - NCSC-NL/OpenSSL-2022
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS https://blog.netlab.360.com/fodcha-is-coming-back-with-rddos/
360 Netlab Blog - Network Security Research Lab at 360
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
Background
On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in…
On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in…
Golden Certificate https://pentestlab.blog/2021/11/15/golden-certificate/
Penetration Testing Lab
Golden Certificate
Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of the most common domain persistence techniqu…
Abusing Windows’ tokens to compromise Active Directory without touching LSASS https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/
Zyxel authentication bypass patch analysis (CVE-2022-0342) https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/
hn security
Zyxel authentication bypass patch analysis (CVE-2022-0342) - hn security
A few months ago, new firmware […]
We sign code now https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/
The Trail of Bits Blog
We sign code now
Sigstore announced the general availability of its free and ecosystem-agnostic software signing service two weeks ago, giving developers a way to sign, verify and protect their software projects and the dependencies they rely on. Trail of Bits is absolutely…
[Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
K3170Makan
[Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security
The Android Malware’s Journey: From Google Play to banking fraud https://www.cleafy.com/cleafy-labs/the-android-malwares-journey-from-google-play-to-banking-fraud
Cleafy
The Android Malware’s Journey: From Google Play to banking fraud | Cleafy Labs
The threat intelligence team of Cleafy analyzed the Android Malware Vultur and its journey from Google Play to banking fraud. Read here the technical analysis.
[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html
K3170Makan
[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security