Gaining Threat-Intelligence the REALLY dodgy way https://blog.tofile.dev/2022/11/30/kdu_sealighter.html
Native function and Assembly Code Invocation https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/
Check Point Research
Native function and Assembly Code Invocation - Check Point Research
Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases it is just possible to understand the function logic and reimplement it in a higher-level…
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post I’ll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass
🔥1
Cool vulns don't live long - Netgear and Pwn2Own https://www.synacktiv.com/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html
Synacktiv
Cool vulns don't live long - Netgear and Pwn2Own
Using OpenAI Chat to Generate Phishing Campaigns https://www.richardosgood.com/posts/using-openai-chat-for-phishing/
Richardosgood
Using OpenAI Chat to Generate Phishing Campaigns
Generating phishing campaigns with OpenAI Chat and GPT-3
APT Cloud Atlas: Unbroken Threat
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/
Fuzzing ping(8)
… and finding a 24 year old bug. https://sha256.net/fuzzing-ping.html
… and finding a 24 year old bug. https://sha256.net/fuzzing-ping.html
👍1
Exploring Chrome’s CVE-2020-6418 – Part1
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
Haboob
Exploring Chrome’s CVE-2020-6418 – Part1 — Haboob
Introduction: Chrome vulnerabilities have been quite a hot topic for the past couple of years. A lot of vulnerabilities where caught being exploited in the wild. While most of the ones we looked at were quite interesting, one bug caught our attention and…
Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/
Check Point Research
Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine - Check Point Research
Introduction Cloud Atlas (or Inception) is a cyber-espionage group. Since its discovery in 2014, they have launched multiple, highly targeted attacks on critical infrastructure across geographical zones and political conflicts. The group’s tactics, techniques…
New MuddyWater Threat: Old Kitten; New Tricks https://www.deepinstinct.com/blog/new-muddywater-threat-old-kitten-new-tricks
Deep Instinct
New MuddyWater Threat: Old Kitten; New Tricks | Deep Instinct
MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).
Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
Security Intelligence
Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
A vulnerability in SPNEGO NEGOEX has been reclassified as "Critical" after it was discovered that it could allow attackers to remotely execute code.
Breaking the silence - Recent Truebot activity https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/
Cisco Talos
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks…
Wi-Fi Hacking, Part 11: The PMKID Attack https://www.hackers-arise.com/post/wi-fi-hacking-part-11-the-pmkid-attack
IATelligence: a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related https://github.com/fr0gger/IATelligence
GitHub
GitHub - fr0gger/IATelligence: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more…
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related - fr0gger/IATelligence
StealthHook - A method for hooking a function without modifying memory protection https://www.x86matthew.com/view_post?id=stealth_hook
Firewall analysis: A portable graph based approach https://diablohorn.com/2022/04/09/firewall-analysis-a-portable-graph-based-approach/
DiabloHorn
Firewall analysis: A portable graph based approach
Sometimes you are asked to perform a firewall analysis to determine if the configuration can be improved upon to reduce the ability for an attacker to move laterally through the network or identify…
Quick Malware Analysis: ICEDID (BOKBOT) with DARK VNC and COBALT STRIKE pcap from 2022-10-31 https://blog.securityonion.net/2022/11/quick-malware-analysis-icedid-bokbot.html
blog.securityonion.net
Quick Malware Analysis: ICEDID (BOKBOT) with DARK VNC and COBALT STRIKE pcap from 2022-10-31
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/10/31/index.html We did a quick analysis of this ...
[PoC CVE-2022-4502] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) https://github.com/yuriisanin/CVE-2022-45025
GitHub
GitHub - yuriisanin/CVE-2022-45025: [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) - yuriisanin/CVE-2022-45025
Exploiting CVE-2022-42703 - Bringing back the stack attack https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.htmlç