Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://github.com/deepinstinct/Dirty-Vanity
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
👍1
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
Aqua
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it.
Write up for Start Here.js: How To and Not To Prevent Integer Overflow in JavaScript https://discuss.secdim.com/t/write-up-for-start-here-js-how-to-and-not-to-prevent-integer-overflow-in-javascript/353/1
Discuss
Write up for Start Here.js: How To and Not To Prevent Integer Overflow in JavaScript
Tl;dr : This article is analysis of over 50 submissions for a JavaScript integer overflow challenge. Many submissions did not address the root cause. A range check on the input as well as arithmetic output using a right data type can eliminate the vulnerability.…
The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
SEC Consult
The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users
Earlier this year, the SEC Consult Vulnerability Lab published a technical security advisory on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure configuration. Those also included a highly critical…
Reverse Engineering of a Not-so-Secure IoT Device https://mcuoneclipse.com/2019/05/26/reverse-engineering-of-a-not-so-secure-iot-device/
MCU on Eclipse
Reverse Engineering of a Not-so-Secure IoT Device
The ‘Internet of Things’ is coming! It started as an overused marketing hype with no real use case (who needs internet connected fridges? Who wants the internet connected toilet paper?)…
Confidential computing - the missing link in cloud data protection https://ledidi.com/blog/confidential-computing-the-missing-link-in-cloud-data-protection
Ledidi
Confidential computing - the missing link in cloud data protection
Confidential computing significantly improves the security and privacy of cloud computing by ensuring that data is inaccessible and encrypted while in use. Ledidi is now taking the necessary measures to employ confidential computing on all our workloads that…
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
Google Cloud Blog
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant | Google Cloud Blog
Exploiting API Framework Flexibility https://attackshipsonfi.re/p/exploiting-api-framework-flexibility
attack ships on fire
Exploiting API Framework Flexibility
TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL encoded body, or even with query parameters. Due to this, an unexploitable JSON XSS vector can sometimes…
The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3) https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68
Medium
The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)
Exploiting a heap overflow vulnerability is not always straightforward. Between else, the allocator imposes various checks during the chunk…
Busy Beavers!
An interactive intro to Computability Theory https://busy-beavers.tigyog.app/
An interactive intro to Computability Theory https://busy-beavers.tigyog.app/
TigYog
Busy Beavers!
What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? In this course, you and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!
👍1
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
Cymulate
EDR Evasion with Hardware Breakpoints: The Blindside Technique
Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.
👍1
What's a vtable? What's an IUnknown? https://www.timdbg.com/posts/vtables/
TimDbg
What's a vtable? What's an IUnknown?
Understanding vtables (also called VMT/Virtual Method Tables or VFT/Virtual Function Tables) is important for understanding how many C++ features work on any OS. They are even more important to understand on Windows, where vtables are used for communication…
👍1
MeshyJSON: A TP-Link tdpServer JSON Stack Overflow https://research.nccgroup.com/2022/12/19/meshyjson-a-tp-link-tdpserver-json-stack-overflow/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Better Make Sure Your Password Manager Is Secure
Or Someone Else Will https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Or Someone Else Will https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Modzero
Better Make Sure Your Password Manager Is Secure | mod%log
We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities (CVE-2022-3875, CVE-2022-3876, CVE-2022-3877).
What I Learned from Analyzing a Caching Vulnerability in Istio https://www.cyberark.com/resources/threat-research-blog/what-i-learned-from-analyzing-a-caching-vulnerability-in-istio
Cyberark
What I Learned from Analyzing a Caching Vulnerability in Istio
TL;DR Istio is an open-source service mash that can layer over applications. Studying CVE-2021-34824 in Istio will allow us to dive into some concepts of Istio and service meshes in general. We...
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange https://securelist.com/cve-2022-41040-and-cve-2022-41082-zero-days-in-ms-exchange/108364/
Securelist
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
Attacking Titan M with Only One Byte https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
Quarkslab
Attacking Titan M with Only One Byte - Quarkslab's blog
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg/
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…