Unwrapping Ursnifs Gifts https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
The DFIR Report
Unwrapping Ursnifs Gifts - The DFIR Report
In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobalt Strike being deployed. This was followed by the threat actors moving laterally throughout the environment using an admin account. The Ursnif malware family…
DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files https://www.kitploit.com/2023/01/dotdumper-automatic-unpacker-and-logger.html
KitPloit - PenTest & Hacking Tools
DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files
A detailed explanation of Kubernetes architecture principles https://medium.com/@Zard-x/a-detailed-explanation-of-kubernetes-architecture-principles-26abcac29f7c
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack https://www.legitsecurity.com/blog/how-to-continuously-detect-vulnerable-jenkins-plugins-to-avoid-a-software-supply-chain-attack
Legitsecurity
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
LuaJIT Sandbox Escape: The Saga Ends https://0xbigshaq.github.io/2022/12/30/luajit-sandbox-escape/
( ͡◕ _ ͡◕)👌
LuaJIT Sandbox Escape: The Saga Ends
👍1
🧐🧐 »The Dark Side of Gmail https://osintmatter.com/the-dark-side-of-gmail/
🥱2
Understanding Windows Lateral Movements https://attl4s.github.io/assets/pdf/Understanding_Windows_Lateral_Movements.pdf
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat/
👍1
Shc Linux Malware Installing CoinMiner https://asec.ahnlab.com/en/45182/
ASEC
Shc Linux Malware Installing CoinMiner - ASEC
Shc Linux Malware Installing CoinMiner ASEC
CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability https://blog.relyze.com/2022/03/cve-2022-27643-netgear-r6700v3-upnpd.html
TetCTF 2023: pwn01 https://b6a.black/posts/2023-01-09-tetctf-pwn01/
b6a.black
TetCTF 2023: pwn01
I did not solve it in time (30 minutes late T.T). However, I spent quite of lot of time on this challenge, so I might as well do a write up. Special thanks to Mystiz, fsharp, cire meat pop for helping me on this challenge.
👍1
"Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616) https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
Automating Malware Analysis Operations (MAOps) https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
👍1
Keeping the wolves out of wolfSSL https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
The Trail of Bits Blog
Keeping the wolves out of wolfSSL
Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS scores ranging from medium to critical, can all result in a denial of service…
A Potholing Tour in a SoC https://eshard.com/posts/sca-attacks-on-armv8
PsExec and NTUSER data https://www.iblue.team/windows-forensics/psexec/psexec-and-ntuser-data
www.iblue.team
PsExec and NTUSER data
TL;DR - Using PsExec to deploy & execute a file in the context of a user results in the specified user's NTUSER data profile being created despite never interactively logging onto the system itself.
Malware-based attacks on ATMs – A summary
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
NVISO Labs
Malware-based attacks on ATMs – A summary
Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by crimin…