Stack overflow in ping(8) https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3) https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
Visual Studio Code: Remote Code Execution
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
GitHub
Visual Studio Code: Remote Code Execution
### Summary
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
b01lers CTF 2022 Write-up (Pwn) https://shakuganz.com/2022/04/25/b01lers-ctf-2022-write-up-pwn/
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/
Welivesecurity
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) https://blog.qualys.com/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328
Qualys
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) | Qualys
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.
VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-41325 https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf
Read out-of-bounds PoC for miniupnpd <= v2.1 https://github.com/b1ack0wl/miniupnpd_poc
GitHub
GitHub - b1ack0wl/miniupnpd_poc: Read out-of-bounds PoC for miniupnpd <= v2.1
Read out-of-bounds PoC for miniupnpd <= v2.1. Contribute to b1ack0wl/miniupnpd_poc development by creating an account on GitHub.
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware https://blog.aquasec.com/redigo-redis-backdoor-malware
Aqua
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware
Aqua Nautilus discovers Redigo, new previously undetected Go-based malware that targets Redis servers to gain domination on the compromised machine
Malware development part 1 - basics https://0xpat.github.io/Malware_development_part_1/
0xpat.github.io
Malware development part 1 - basics
Introduction
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Using Discord as Command and Control (C2) with Python and Nuitka https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd
Medium
Using Discord as Command and Control (C2) with Python and Nuitka
Hello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…
🤮1
Preparing for a Russian cyber offensive against Ukraine this winter https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/
Microsoft On the Issues
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This…
All our team wishes you and yours a Happy New Year! ❤️
👍1
DoS Attacks are Dead: Demystifying Practical DoS Attacks https://mazinahmed.net/blog/demystfying-practical-dos-attacks-talk/
Mazin Ahmed
DoS Attacks are Dead: Demystifying Practical DoS Attacks
DoS Attacks are Dead: Demystifying Practical DoS Attacks.
Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability https://hdwsec.fr/blog/20221109-netgear/
binja_kc: Plugin for loading MachO kernelcache and dSYM files to Binary Ninja https://github.com/skr0x1c0/binja_kc
GitHub
GitHub - skr0x1c0/binja_kc: Plugin for loading MachO kernelcache and dSYM files to Binary Ninja
Plugin for loading MachO kernelcache and dSYM files to Binary Ninja - skr0x1c0/binja_kc
Debugging Protected Processes https://itm4n.github.io/debugging-protected-processes/
itm4n’s blog
Debugging Protected Processes
Whenever I need to debug a protected process, I usually disable the protection in the Kernel so that I can attach a User-mode debugger. This has always served me well until it sort of backfired.
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 https://starlabs.sg/blog/2022/12-the-last-breath-of-our-netgear-rax30-bugs-a-tragic-tale-before-pwn2own-toronto-2022/
STAR Labs
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022
Background
Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…
Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…