Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat/
👍1
Shc Linux Malware Installing CoinMiner https://asec.ahnlab.com/en/45182/
ASEC
Shc Linux Malware Installing CoinMiner - ASEC
Shc Linux Malware Installing CoinMiner ASEC
CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability https://blog.relyze.com/2022/03/cve-2022-27643-netgear-r6700v3-upnpd.html
TetCTF 2023: pwn01 https://b6a.black/posts/2023-01-09-tetctf-pwn01/
b6a.black
TetCTF 2023: pwn01
I did not solve it in time (30 minutes late T.T). However, I spent quite of lot of time on this challenge, so I might as well do a write up. Special thanks to Mystiz, fsharp, cire meat pop for helping me on this challenge.
👍1
"Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616) https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
Automating Malware Analysis Operations (MAOps) https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
👍1
Keeping the wolves out of wolfSSL https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
The Trail of Bits Blog
Keeping the wolves out of wolfSSL
Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS scores ranging from medium to critical, can all result in a denial of service…
A Potholing Tour in a SoC https://eshard.com/posts/sca-attacks-on-armv8
PsExec and NTUSER data https://www.iblue.team/windows-forensics/psexec/psexec-and-ntuser-data
www.iblue.team
PsExec and NTUSER data
TL;DR - Using PsExec to deploy & execute a file in the context of a user results in the specified user's NTUSER data profile being created despite never interactively logging onto the system itself.
Malware-based attacks on ATMs – A summary
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
https://blog.nviso.eu/2023/01/10/malware-based-attacks-on-atms-a-summary/
NVISO Labs
Malware-based attacks on ATMs – A summary
Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by crimin…
GraphQL exploitation – All you need to know
https://cybervelia.com/?p=736
https://cybervelia.com/?p=736
👍1
SMB “Access is denied” caused by anti-NTLM relay protection https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
Medium
SMB “Access is denied” Caused by Anti-NTLM Relay Protection
Explanations of the “Microsoft network server: Server SPN target name validation level” hardening policy: what it does, how to…
👍1
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…
Bad things come in large packages: .pkg signature verification bypass on macOS https://sector7.computest.nl/post/2023-01-xar/
defion.security
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files
Investigating Filter Communication Ports https://windows-internals.com/investigating-filter-communication-ports/
CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20
seclists.org
oss-sec: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/
Reverse Engineering Yaesu FT-70D Firmware Encryption https://landaire.net/reversing-yaesu-firmware-encryption/
lander's posts
Reverse Engineering Yaesu FT-70D Firmware Encryption