DoS Attacks are Dead: Demystifying Practical DoS Attacks https://mazinahmed.net/blog/demystfying-practical-dos-attacks-talk/
Mazin Ahmed
DoS Attacks are Dead: Demystifying Practical DoS Attacks
DoS Attacks are Dead: Demystifying Practical DoS Attacks.
Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability https://hdwsec.fr/blog/20221109-netgear/
binja_kc: Plugin for loading MachO kernelcache and dSYM files to Binary Ninja https://github.com/skr0x1c0/binja_kc
GitHub
GitHub - skr0x1c0/binja_kc: Plugin for loading MachO kernelcache and dSYM files to Binary Ninja
Plugin for loading MachO kernelcache and dSYM files to Binary Ninja - skr0x1c0/binja_kc
Debugging Protected Processes https://itm4n.github.io/debugging-protected-processes/
itm4n’s blog
Debugging Protected Processes
Whenever I need to debug a protected process, I usually disable the protection in the Kernel so that I can attach a User-mode debugger. This has always served me well until it sort of backfired.
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 https://starlabs.sg/blog/2022/12-the-last-breath-of-our-netgear-rax30-bugs-a-tragic-tale-before-pwn2own-toronto-2022/
STAR Labs
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022
Background
Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…
Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…
Выявлен вирус-шпион TgRat https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/vyyavlen-virus-shpion-tgrat/
ptsecurity.com
Блог PT ESC Threat Intelligence
В этом блоге вы можете найти информацию об актуальных атаках хакерских группировок по всему миру, разбор их инструментов, информацию об инцидентах, TTP группировок, индикаторы компрометации и названия детектов в наших продуктах
The toddler’s introduction to Heap exploitation (Part 1) https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8
Medium
The toddler’s introduction to Heap exploitation (Part 1)
In my introductory post I had been talking about dynamic memory allocation and I referenced various solutions that are used to tackle this…
The toddler’s introduction to Heap exploitation (Part 2) https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-part-2-d1f325b74286
Medium
The toddler’s introduction to Heap exploitation (Part 2)
In my last post I had been talking about the heap structure in the context of the ptmalloc allocator. I went through some basic concepts…
An opinionated guide on how to reverse engineer software, part 1 https://margin.re/2021/11/an-opinionated-guide-on-how-to-reverse-engineer-software-part-1/
Margin Research
An opinionated guide on how to reverse engineer software, part 1
This is an opinionated guide. After 12 years of reverse engineering professionally, I have developed strong beliefs on how to get good at RE.
The toddler’s introduction to Heap exploitation, Overflows (Part 3) https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-overflows-part-3-d3d1aa042d1e
Medium
The toddler’s introduction to Heap exploitation — Overflows(Part 3)
In the previous parts (1, 2) we discussed about the heap structure and we tried to simplify these concepts using a real life example. You…
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4) https://valsamaras.medium.com/use-after-free-13544be5a921
Medium
The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)
This post is part of a series of articles related to x64 Linux Binary Exploitation techniques. Summarising on my previous posts, we began…
DuckLogs – New Malware Strain Spotted In The Wild https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
CREATE: A methodology for reverse engineering complex software systems https://hackmd.io/@mrexodia/create-methodology
🤮1
DEV-0139 launches targeted attacks against the cryptocurrency industry https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/
Microsoft News
DEV-0139 launches targeted attacks against the cryptocurrency industry
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
Technical Analysis of DanaBot Obfuscation Techniques https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
Zscaler
DanaBot | ThreatLabz
A technical analysis of the DanaBot malware's obfuscation techniques.
Internet Explorer 0-day exploited by North Korean actor APT37 https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Google
Internet Explorer 0-day exploited by North Korean actor APT37
Google’s Threat Analysis Group describes a new 0-day vulnerability attributed to North Korean government-backed actors known as APT37.
TheHole New World - how a small leak will sink a great browser (CVE-2021-38003) https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003/
STAR Labs
TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)
Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report…
Gaining Threat-Intelligence the REALLY dodgy way https://blog.tofile.dev/2022/11/30/kdu_sealighter.html