Exploiting API Framework Flexibility https://attackshipsonfi.re/p/exploiting-api-framework-flexibility
attack ships on fire
Exploiting API Framework Flexibility
TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL encoded body, or even with query parameters. Due to this, an unexploitable JSON XSS vector can sometimes…
The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3) https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68
Medium
The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)
Exploiting a heap overflow vulnerability is not always straightforward. Between else, the allocator imposes various checks during the chunk…
Busy Beavers!
An interactive intro to Computability Theory https://busy-beavers.tigyog.app/
An interactive intro to Computability Theory https://busy-beavers.tigyog.app/
TigYog
Busy Beavers!
What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? In this course, you and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!
👍1
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
Cymulate
EDR Evasion with Hardware Breakpoints: The Blindside Technique
Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.
👍1
What's a vtable? What's an IUnknown? https://www.timdbg.com/posts/vtables/
TimDbg
What's a vtable? What's an IUnknown?
Understanding vtables (also called VMT/Virtual Method Tables or VFT/Virtual Function Tables) is important for understanding how many C++ features work on any OS. They are even more important to understand on Windows, where vtables are used for communication…
👍1
MeshyJSON: A TP-Link tdpServer JSON Stack Overflow https://research.nccgroup.com/2022/12/19/meshyjson-a-tp-link-tdpserver-json-stack-overflow/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Better Make Sure Your Password Manager Is Secure
Or Someone Else Will https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Or Someone Else Will https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Modzero
Better Make Sure Your Password Manager Is Secure | mod%log
We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities (CVE-2022-3875, CVE-2022-3876, CVE-2022-3877).
What I Learned from Analyzing a Caching Vulnerability in Istio https://www.cyberark.com/resources/threat-research-blog/what-i-learned-from-analyzing-a-caching-vulnerability-in-istio
Cyberark
What I Learned from Analyzing a Caching Vulnerability in Istio
TL;DR Istio is an open-source service mash that can layer over applications. Studying CVE-2021-34824 in Istio will allow us to dive into some concepts of Istio and service meshes in general. We...
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange https://securelist.com/cve-2022-41040-and-cve-2022-41082-zero-days-in-ms-exchange/108364/
Securelist
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
Attacking Titan M with Only One Byte https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
Quarkslab
Attacking Titan M with Only One Byte - Quarkslab's blog
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg/
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
DirtyCred Remastered: how to turn an UAF into Privilege Escalation https://exploiter.dev/blog/2022/CVE-2022-2602.html
LukeGix
DirtyCred Remastered
DirtyCred Remastered: how to turn an UAF into Privilege Escalation
What child is this? https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows/
The Trail of Bits Blog
What child is this?
A Primer on Process Reparenting in Windows. Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one making the call to CreateProcess. Malicious actors can use this technique to evade…
👍1
Introduction to the Windows Filtering Platform https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/
Pavel Yosifovich
Introduction to the Windows Filtering Platform
As part of the second edition of Windows Kernel Programming, I’m working on chapter 13 to describe the basics of the Windows Filtering Platform (WFP). The chapter will focus mostly on kernel-…
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town