Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) https://research.nccgroup.com/2022/11/17/cve-2022-45163/
NCC Group Research Blog
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Vendor: NXP Semiconductors Vendor URL: Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid Author: Jon Szymaniak <jon.szymaniak(at…
GRU 26165: The Russian cyber unit that hacks targets on-site https://www.atlanticcouncil.org/content-series/tech-at-the-leading-edge/the-russian-cyber-unit-that-hacks-targets-on-site/
Atlantic Council
GRU 26165: The Russian cyber unit that hacks targets on-site
Russian hackers are not always breaching targets from afar, typing on their keyboards in Moscow bunkers or St. Petersburg apartment buildings. Enter GRU Unit 26165, a military cyber unit with hackers operating remotely and on-site. Going forward, Western…
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
https://blog.cyble.com/2022/11/18/axlocker-octocrypt-and-alice-leading-a-new-wave-of-ransomware-campaigns/
https://blog.cyble.com/2022/11/18/axlocker-octocrypt-and-alice-leading-a-new-wave-of-ransomware-campaigns/
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
https://www.archcloudlabs.com/projects/loadlibrary-analysis/
https://www.archcloudlabs.com/projects/loadlibrary-analysis/
Arch Cloud Labs
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
About the Project Today, we’re going to analyze a malicious binary recently identified by Arch Cloud Labs malware collection system “Archie”. This binary leverages the LoadLibraryA function to resolve DLLs at run time for additional functionality. Malware…
Attacking on Behalf of Defense: DLL Sideloading EDR Binaries https://mansk1es.gitbook.io/edr-binary-abuse/
mansk1es.gitbook.io
Attacking on Behalf of Defense: DLL Sideloading EDR Binaries | Evasion
by Naor Hodorov
Divin'n'phishin with executable filetypes on Windows https://www.bencteux.fr/posts/filetypes/
Jeffrey Bencteux
Divin'n'phishin with executable filetypes on Windows
In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple…
Forensic artifacts in Office 365 and where to find them
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
TECHCOMMUNITY.MICROSOFT.COM
Forensic artifacts in Office 365 and where to find them
In the Microsoft Incident Response (formerly DART/CRSP) team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During this process there are a couple of questions we consistently stumble across: Where…
A dive into Microsoft Defender for Identity https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
Synacktiv
A dive into Microsoft Defender for Identity
Aurora: a rising stealer flying under the radar
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
Sekoia.io Blog
Aurora: a rising stealer flying under the radar
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.
Bahamut cybermercenary group targets Android users with fake VPN apps https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
WeLiveSecurity
Bahamut cybermercenary group targets Android users with fake VPN apps
ESET researchers uncover an active campaign where the Bahamut APT targets Android users via trojanized versions of two legitimate VPN apps.
A Comprehensive Look at Emotet Virus’ Fall 2022 Return https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return
Proofpoint
Emotet Malware Is Back - Virus Analysis | Proofpoint US
The Emotet malware has returned. Read more about the return of Emotet malware in 2022, what this means for you, and how to protect against it.
Grafana RCE via SMTP server parameter injection https://hackerone.com/reports/1200647
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan https://jhalon.github.io/chrome-browser-exploitation-2/
Jack Hacks
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
In my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world of browser exploitation by covering a few complex topics that were necessary for fundamental knowledge. We mainly…
The unusual bootstrap drivers inside the 8086 microprocessor chip https://www.righto.com/2022/11/the-unusual-bootstrap-drivers-inside.html
Righto
The unusual bootstrap drivers inside the 8086 microprocessor chip
The 8086 microprocessor is one of the most important chips ever created; it started the x86 architecture that still dominates desktop and ...
Web3 Decoder: Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3 https://github.com/nccgroup/web3-decoder
GitHub
GitHub - nccgroup/web3-decoder
Contribute to nccgroup/web3-decoder development by creating an account on GitHub.
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering. https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
heap_detective: The simple way to detect heap memory pitfalls in C++ and C https://github.com/CoolerVoid/heap_detective
TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Medium
Analysis and Summary of TCP/IP Protocol Remote Code Execution Vulnerability CVE-2022–34718
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
Exploiting an N-day vBulletin PHP Object Injection Vulnerability https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
Karmainsecurity
Exploiting an N-day vBulletin PHP Object Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
So, you want to get into bug bounties? https://shubs.io/so-you-want-to-get-into-bug-bounties/
shubs
So, you want to get into bug bounties?
I've been doing bug bounties for over 10 years now and over time, I have grown fonder of the life changing effects it has had for me. From job prospects, to being able to financially support those around me and myself. I believe that if you're passionate…