Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/
Check Point Research
Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine - Check Point Research
Introduction Cloud Atlas (or Inception) is a cyber-espionage group. Since its discovery in 2014, they have launched multiple, highly targeted attacks on critical infrastructure across geographical zones and political conflicts. The group’s tactics, techniques…
New MuddyWater Threat: Old Kitten; New Tricks https://www.deepinstinct.com/blog/new-muddywater-threat-old-kitten-new-tricks
Deep Instinct
New MuddyWater Threat: Old Kitten; New Tricks | Deep Instinct
MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).
Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
Security Intelligence
Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism
A vulnerability in SPNEGO NEGOEX has been reclassified as "Critical" after it was discovered that it could allow attackers to remotely execute code.
Breaking the silence - Recent Truebot activity https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/
Cisco Talos
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks…
Wi-Fi Hacking, Part 11: The PMKID Attack https://www.hackers-arise.com/post/wi-fi-hacking-part-11-the-pmkid-attack
IATelligence: a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related https://github.com/fr0gger/IATelligence
GitHub
GitHub - fr0gger/IATelligence: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more…
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related - fr0gger/IATelligence
StealthHook - A method for hooking a function without modifying memory protection https://www.x86matthew.com/view_post?id=stealth_hook
Firewall analysis: A portable graph based approach https://diablohorn.com/2022/04/09/firewall-analysis-a-portable-graph-based-approach/
DiabloHorn
Firewall analysis: A portable graph based approach
Sometimes you are asked to perform a firewall analysis to determine if the configuration can be improved upon to reduce the ability for an attacker to move laterally through the network or identify…
Quick Malware Analysis: ICEDID (BOKBOT) with DARK VNC and COBALT STRIKE pcap from 2022-10-31 https://blog.securityonion.net/2022/11/quick-malware-analysis-icedid-bokbot.html
blog.securityonion.net
Quick Malware Analysis: ICEDID (BOKBOT) with DARK VNC and COBALT STRIKE pcap from 2022-10-31
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/10/31/index.html We did a quick analysis of this ...
[PoC CVE-2022-4502] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) https://github.com/yuriisanin/CVE-2022-45025
GitHub
GitHub - yuriisanin/CVE-2022-45025: [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) - yuriisanin/CVE-2022-45025
Exploiting CVE-2022-42703 - Bringing back the stack attack https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.htmlç
Unnamed Directory Objects https://scorpiosoftware.net/2022/12/13/unnamed-directory-objects/
Pavel Yosifovich
Unnamed Directory Objects
A lot of the functionality in Windows is based around various kernel objects. One such object is a Directory, not to be confused with a directory in a file system. A Directory object is conceptuall…
Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP® Host Agent (saposcol) https://sec-consult.com/vulnerability-lab/advisory/privilege-escalation-vulnerabilities-unix-insecure-file-handling-sap-saposcol/
SEC Consult
Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP® Host Agent (saposcol)
Due to insecure file handling issues of the SAP® Host Agent, a local attacker can exploit the helper binary saposcol to escalate privileges on UNIX systems. Successful exploitation leads to full system compromise with root access.
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Google Cloud Blog
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant | Google Cloud Blog
Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://github.com/deepinstinct/Dirty-Vanity
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
👍1
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
Aqua
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it.
Write up for Start Here.js: How To and Not To Prevent Integer Overflow in JavaScript https://discuss.secdim.com/t/write-up-for-start-here-js-how-to-and-not-to-prevent-integer-overflow-in-javascript/353/1
Discuss
Write up for Start Here.js: How To and Not To Prevent Integer Overflow in JavaScript
Tl;dr : This article is analysis of over 50 submissions for a JavaScript integer overflow challenge. Many submissions did not address the root cause. A range check on the input as well as arithmetic output using a right data type can eliminate the vulnerability.…
The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
SEC Consult
The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users
Earlier this year, the SEC Consult Vulnerability Lab published a technical security advisory on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure configuration. Those also included a highly critical…