A detailed explanation of Kubernetes architecture principles https://medium.com/@Zard-x/a-detailed-explanation-of-kubernetes-architecture-principles-26abcac29f7c
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack https://www.legitsecurity.com/blog/how-to-continuously-detect-vulnerable-jenkins-plugins-to-avoid-a-software-supply-chain-attack
Legitsecurity
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
LuaJIT Sandbox Escape: The Saga Ends https://0xbigshaq.github.io/2022/12/30/luajit-sandbox-escape/
( ͡◕ _ ͡◕)👌
LuaJIT Sandbox Escape: The Saga Ends
👍1
🧐🧐 »The Dark Side of Gmail https://osintmatter.com/the-dark-side-of-gmail/
🥱2
Understanding Windows Lateral Movements https://attl4s.github.io/assets/pdf/Understanding_Windows_Lateral_Movements.pdf
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat/
👍1
Shc Linux Malware Installing CoinMiner https://asec.ahnlab.com/en/45182/
ASEC
Shc Linux Malware Installing CoinMiner - ASEC
Shc Linux Malware Installing CoinMiner ASEC
CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability https://blog.relyze.com/2022/03/cve-2022-27643-netgear-r6700v3-upnpd.html
TetCTF 2023: pwn01 https://b6a.black/posts/2023-01-09-tetctf-pwn01/
b6a.black
TetCTF 2023: pwn01
I did not solve it in time (30 minutes late T.T). However, I spent quite of lot of time on this challenge, so I might as well do a write up. Special thanks to Mystiz, fsharp, cire meat pop for helping me on this challenge.
👍1
"Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616) https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
Automating Malware Analysis Operations (MAOps) https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
👍1
Keeping the wolves out of wolfSSL https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
The Trail of Bits Blog
Keeping the wolves out of wolfSSL
Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS scores ranging from medium to critical, can all result in a denial of service…
A Potholing Tour in a SoC https://eshard.com/posts/sca-attacks-on-armv8
PsExec and NTUSER data https://www.iblue.team/windows-forensics/psexec/psexec-and-ntuser-data
www.iblue.team
PsExec and NTUSER data
TL;DR - Using PsExec to deploy & execute a file in the context of a user results in the specified user's NTUSER data profile being created despite never interactively logging onto the system itself.
Malware-based attacks on ATMs – A summary
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
NVISO Labs
Malware-based attacks on ATMs – A summary
Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by crimin…
GraphQL exploitation – All you need to know
https://cybervelia.com/?p=736
https://cybervelia.com/?p=736
👍1
SMB “Access is denied” caused by anti-NTLM relay protection https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
Medium
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…
👍1
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…