Divin'n'phishin with executable filetypes on Windows https://www.bencteux.fr/posts/filetypes/
Jeffrey Bencteux
Divin'n'phishin with executable filetypes on Windows
In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple…
Forensic artifacts in Office 365 and where to find them
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
TECHCOMMUNITY.MICROSOFT.COM
Forensic artifacts in Office 365 and where to find them
In the Microsoft Incident Response (formerly DART/CRSP) team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During this process there are a couple of questions we consistently stumble across: Where…
A dive into Microsoft Defender for Identity https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
Synacktiv
A dive into Microsoft Defender for Identity
Aurora: a rising stealer flying under the radar
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
Sekoia.io Blog
Aurora: a rising stealer flying under the radar
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.
Bahamut cybermercenary group targets Android users with fake VPN apps https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
WeLiveSecurity
Bahamut cybermercenary group targets Android users with fake VPN apps
ESET researchers uncover an active campaign where the Bahamut APT targets Android users via trojanized versions of two legitimate VPN apps.
A Comprehensive Look at Emotet Virus’ Fall 2022 Return https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return
Proofpoint
Emotet Malware Is Back - Virus Analysis | Proofpoint US
The Emotet malware has returned. Read more about the return of Emotet malware in 2022, what this means for you, and how to protect against it.
Grafana RCE via SMTP server parameter injection https://hackerone.com/reports/1200647
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan https://jhalon.github.io/chrome-browser-exploitation-2/
Jack Hacks
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
In my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world of browser exploitation by covering a few complex topics that were necessary for fundamental knowledge. We mainly…
The unusual bootstrap drivers inside the 8086 microprocessor chip https://www.righto.com/2022/11/the-unusual-bootstrap-drivers-inside.html
Righto
The unusual bootstrap drivers inside the 8086 microprocessor chip
The 8086 microprocessor is one of the most important chips ever created; it started the x86 architecture that still dominates desktop and ...
Web3 Decoder: Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3 https://github.com/nccgroup/web3-decoder
GitHub
GitHub - nccgroup/web3-decoder
Contribute to nccgroup/web3-decoder development by creating an account on GitHub.
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering. https://wambui-ngige.medium.com/dynamic-analysis-of-windows-exploit-mitigations-import-address-filtering-16fc28029529
Medium
Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.
~My Research process
heap_detective: The simple way to detect heap memory pitfalls in C++ and C https://github.com/CoolerVoid/heap_detective
TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Medium
Analysis and Summary of TCP/IP Protocol Remote Code Execution Vulnerability CVE-2022–34718
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
Exploiting an N-day vBulletin PHP Object Injection Vulnerability https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
Karmainsecurity
Exploiting an N-day vBulletin PHP Object Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
So, you want to get into bug bounties? https://shubs.io/so-you-want-to-get-into-bug-bounties/
shubs
So, you want to get into bug bounties?
I've been doing bug bounties for over 10 years now and over time, I have grown fonder of the life changing effects it has had for me. From job prospects, to being able to financially support those around me and myself. I believe that if you're passionate…
BFS Ekoparty 2022 Kernel exploitation challenge write-up https://klecko.github.io/posts/bfs-ekoparty-2022/
Klecko Blog
BFS Ekoparty 2022 Kernel exploitation challenge write-up
Last month Blue Frost Security published two exploitation challenges for Ekoparty 2022. One of them was a Linux kernel challenge. I don’t have much experience with Linux kernel exploitation, so this was a good opportunity to practise. I also write this up…
Let's speak AJP https://blog.doyensec.com//2022/11/15/learning-ajp.html
Doyensec
Let's speak AJP
AJP (Apache JServ Protocol) is a binary protocol developed in 1997 with the goal of improving the performance of the traditional HTTP/1.1 protocol especially when proxying HTTP traffic between a web server and a J2EE container. It was originally created to…
Part 1: SocGholish, a very real threat from a very fake update https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update
Proofpoint
SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US
SocGholish malware is a very real threat from a very fake update. Proofpoint breaks down the threat, what it is, how it's delivered, and more.
Exception(al) Failure - Breaking the STM32F1 Read-Out Protection https://blog.zapb.de/stm32f1-exceptional-failure/
blog.zapb.de
Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material.
In order to protect the confidentiality of these assets,
In order to protect the confidentiality of these assets,
Defending Cloud-Based Workloads: A Guide to Kubernetes Security https://www.sentinelone.com/blog/defending-modern-cloud-based-workloads-a-guide-to-kubernetes-security/
SentinelOne
Defending Cloud-Based Workloads: A Guide to Kubernetes Security
Learn how cybercriminals target Kubernetes environments and what organizations can do to protect their business.