We sign code now https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/
The Trail of Bits Blog
We sign code now
Sigstore announced the general availability of its free and ecosystem-agnostic software signing service two weeks ago, giving developers a way to sign, verify and protect their software projects and the dependencies they rely on. Trail of Bits is absolutely…
[Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
K3170Makan
[Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security
The Android Malware’s Journey: From Google Play to banking fraud https://www.cleafy.com/cleafy-labs/the-android-malwares-journey-from-google-play-to-banking-fraud
Cleafy
The Android Malware’s Journey: From Google Play to banking fraud | Cleafy Labs
The threat intelligence team of Cleafy analyzed the Android Malware Vultur and its journey from Google Play to banking fraud. Read here the technical analysis.
[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html
K3170Makan
[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security
[Euskalhack V]: Pentest Active Directory Rocks! Part III https://fwhibbit.es/euskalhack-v-pentest-active-directory-rocks-part-iii
fwhibbit.es
[Euskalhack V]: Pentest Active Directory Rocks! Part III
Hola a todos, Continuamos con el tercer post del taller, en este caso con la enumeración del directorio activo teniendo en cuenta…
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild https://unit42.paloaltonetworks.com/cobalt-strike-team-server/
Unit 42
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
We present new techniques that leverage active probing and network fingerprint technology to help you detect Cobalt Strike’s Team Servers.
Raccoon Stealer – An Insight into Victim “Gates” https://www.team-cymru.com/post/raccoon-stealer-an-insight-into-victim-gates
Team Cymru
Raccoon Stealer – An Insight into Victim “Gates”
Tracking Infostealers with Team Cymru's Botnet Analysis and Reporting Service (BARS) Raccoon Stealer is one of 40-plus malware families tracked through Team Cymru’s Botnet Analysis and Reporting Service (BARS), a service which underpins our Threat Intelligence…
Nice example of security assessment by Trail of Bits https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
simplex.chat
Security assessment by Trail of Bits, the new website and v4.2 released
Vulnerabilities in Tenda's W15Ev2 AC1200 Router https://boschko.ca/tenda_ac1200_router/
Boschko Security Blog
Vulnerabilities in Tenda's W15Ev2 AC1200 Router
CVE-2022-40843 CVE-2022-40845 CVE-2022-40847 CVE-2022-40844 CVE-2022-40846 CVE-2022-41395 CVE-2022-41396 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) https://breakdev.org/zip-motw-bug-analysis/
BREAKDEV
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
Why is Rosetta 2 fast? https://dougallj.wordpress.com/2022/11/09/why-is-rosetta-2-fast/
dougallj
Why is Rosetta 2 fast?
Rosetta 2 is remarkably fast when compared to other x86-on-ARM emulators. I’ve spent a little time looking at how it works, out of idle curiosity, and found it to be quite unusual, so I figur…
Technical analysis of Optus API security challenge - Three must to have API security controls https://discuss.secdim.com/t/technical-analysis-of-optus-api-security-challenge-three-must-to-have-api-security-controls/335
Discuss
Technical analysis of Optus API security challenge - Three must to have API security controls
Tl;dr: Authentication alone could only hide API security weaknesses. Three security controls are required to address the root cause of Optus API secure programming challenge. This article is a technical analysis of nearly 40 submissions that we have received…
[CVE-2022-40303] Integer overflow in xmlParseNameComplex https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
GitLab
[CVE-2022-40303] Integer overflow in xmlParseNameComplex (#381) · Issues · GNOME / libxml2 · GitLab
Libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name (name is >= 2**32 characters).
Discovering vendor-specific vulnerabilities in Android https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/
News, Techniques & Guides
Discovering vendor-specific vulnerabilities in Android
For several years, Oversecured has been the best way to discover vulnerabilities in Android and iOS mobile apps.
CVE-2022-45063: xterm <375 code execution via font ops https://www.openwall.com/lists/oss-security/2022/11/10/1
swicc: A framework for creating smart cards (ICC-based cards with contacts) https://github.com/tomasz-lisowski/swicc
GitHub
GitHub - tomasz-lisowski/swicc: A framework for creating smart cards (ICC-based cards with contacts).
A framework for creating smart cards (ICC-based cards with contacts). - tomasz-lisowski/swicc
Reverse Engineering the Apple MultiPeer Connectivity Framework https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/
evilsocket
Reverse Engineering the Apple MultiPeer Connectivity Framework
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote
A Technical Analysis of Royal Ransomware https://securityscorecard.pathfactory.com/research/the-royal-ransomware
Security Scorecard
A Technical Analysis Of The Royal Ransomware
This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to “.royal”. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecard’s Senior Malware Analyst, Vlad…
A good book on the maths you need to know for Machine Learning https://www.cis.upenn.edu/~jean/math-deep.pdf