BFS Ekoparty 2022 Kernel exploitation challenge write-up https://klecko.github.io/posts/bfs-ekoparty-2022/
Klecko Blog
BFS Ekoparty 2022 Kernel exploitation challenge write-up
Last month Blue Frost Security published two exploitation challenges for Ekoparty 2022. One of them was a Linux kernel challenge. I don’t have much experience with Linux kernel exploitation, so this was a good opportunity to practise. I also write this up…
Let's speak AJP https://blog.doyensec.com//2022/11/15/learning-ajp.html
Doyensec
Let's speak AJP
AJP (Apache JServ Protocol) is a binary protocol developed in 1997 with the goal of improving the performance of the traditional HTTP/1.1 protocol especially when proxying HTTP traffic between a web server and a J2EE container. It was originally created to…
Part 1: SocGholish, a very real threat from a very fake update https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update
Proofpoint
SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US
SocGholish malware is a very real threat from a very fake update. Proofpoint breaks down the threat, what it is, how it's delivered, and more.
Exception(al) Failure - Breaking the STM32F1 Read-Out Protection https://blog.zapb.de/stm32f1-exceptional-failure/
blog.zapb.de
Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material.
In order to protect the confidentiality of these assets,
In order to protect the confidentiality of these assets,
Defending Cloud-Based Workloads: A Guide to Kubernetes Security https://www.sentinelone.com/blog/defending-modern-cloud-based-workloads-a-guide-to-kubernetes-security/
SentinelOne
Defending Cloud-Based Workloads: A Guide to Kubernetes Security
Learn how cybercriminals target Kubernetes environments and what organizations can do to protect their business.
Not very related to our usual posts, but interesting content » Data Protection Laws of the World https://www.dlapiperdataprotection.com/index.html
Lord Of The Ring0 - Part 2 | A tale of routines, IOCTLs and IRPs https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
🔥1
Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) https://seclists.org/oss-sec/2022/q4/164
seclists.org
oss-sec: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
The Art of Bypassing Kerberoast Detections with Orpheus https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
TrustedSec
The Art of Bypassing Kerberoast Detections with Orpheus
These identifiers were as follows: Windows Event Code 4769 Ticket Encryption Type of RC4 or 0x17 Ticket Options with a value of 0x40810010 Accounts that…
Stack overflow in ping(8) https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3) https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
Visual Studio Code: Remote Code Execution
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Visual Studio Code: Remote Code Execution
### Summary
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
b01lers CTF 2022 Write-up (Pwn) https://shakuganz.com/2022/04/25/b01lers-ctf-2022-write-up-pwn/
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/
Welivesecurity
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) https://blog.qualys.com/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328
Qualys
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) | Qualys
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.
VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-41325 https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf
Read out-of-bounds PoC for miniupnpd <= v2.1 https://github.com/b1ack0wl/miniupnpd_poc
GitHub
GitHub - b1ack0wl/miniupnpd_poc: Read out-of-bounds PoC for miniupnpd <= v2.1
Read out-of-bounds PoC for miniupnpd <= v2.1. Contribute to b1ack0wl/miniupnpd_poc development by creating an account on GitHub.
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware https://blog.aquasec.com/redigo-redis-backdoor-malware
Aqua
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware
Aqua Nautilus discovers Redigo, new previously undetected Go-based malware that targets Redis servers to gain domination on the compromised machine
Malware development part 1 - basics https://0xpat.github.io/Malware_development_part_1/
0xpat.github.io
Malware development part 1 - basics
Introduction
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Using Discord as Command and Control (C2) with Python and Nuitka https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd
Medium
Using Discord as Command and Control (C2) with Python and Nuitka
Hello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…
🤮1