Analyzing Malicious OneNote Documents https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents/
Didier Stevens
Analyzing Malicious OneNote Documents
About a week ago, I was asked if I had tools for OneNote files. I don’t, and I had no time to take a closer look. But last Thursday night, I had some time to take a look. I looked at this One…
Exploiting null-dereferences in the Linux kernel https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
projectzero.google
Exploiting null-dereferences in the Linux kernel
Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly e...
Getting to know memblock https://insecuremode.com/post/2021/12/14/getting-to-know-memblock.html
Insecure mode
Getting to know memblock
Less than five seconds – that’s how long you need to wait to get your Linux kernel up and running. But it’s hardly an idle time for Linux – the system has to process configuration, perform architecture-specific setups and initialize many subsystems.
We've started a new series of blog posts on the history of malware! You can already read the first part, which summarizes the 70s. Enjoy the reading! » A Brief History of Malware (Part 1) https://reversea.me/index.php/a-brief-history-of-malware-part-1/
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
Akamai
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.
Finding Truth in the Shadows https://www.elastic.co/security-labs/finding-truth-in-the-shadows
www.elastic.co
Finding Truth in the Shadows — Elastic Security Labs
Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.
Ransacking your password reset tokens https://positive.security/blog/ransack-data-exfiltration
positive.security
Ransacking your password reset tokens | Positive Security
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred…
Abusing Exceptions for Code Execution, Part 2 https://billdemirkapi.me/abusing-exceptions-for-code-execution-part-2/
Bill Demirkapi's Blog
Abusing Exceptions for Code Execution, Part 2
In this article, we'll explore how the concepts behind Exception Oriented Programming can be abused when exploiting stack overflow vulnerabilities on Windows.
Fun with Gentoo: Why don't we just shuffle those ROP gadgets away? https://quitesimple.org/page/fun-gentoo-shuffle-rop-gadgets
Into the Pickle Barrel: How Thinking About Precision as a System Can Expand the Munition Stockpile https://warontherocks.com/2023/01/into-the-pickle-barrel-how-thinking-about-precision-as-a-system-can-expand-the-munition-stockpile/
War on the Rocks
Into the Pickle Barrel: How Thinking About Precision as a System Can Expand the Munition Stockpile
The camera from a small drone steadies on a Russian T-72 tank somewhere in Ukraine. Slight movements can be seen in the video as the Ukrainian operator
Factorization (DCQF) of a 48-bit integer using 10 trapped-ion qubits https://arxiv.org/pdf/2301.11005.pdf
CVE-2021-34462: Exploiting the Windows AppXSvc Service Logic-Error Vulnerability https://www.pixiepointsecurity.com/blog/nday-cve-2021-34462.html
Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) https://shells.systems/froxlor-v2-0-6-remote-command-execution-cve-2023-0315/
Shells.Systems
Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) - Shells.Systems
Estimated Reading Time: 8 minutesSummary about Froxlor Froxlor is a web-based server management software for Linux-based operating systems. It is primarily used to manage web hosting environments and allows users to create and manage websites, email accounts…
Precision Munitions for Denial of Service https://beny23.github.io/posts/precision_munitions_for_denial_of_service/
beny23.github.io
Precision Munitions for Denial of Service
There’s a metaphor about the fight between attackers and defenders in the Denial of Service cybersecurity game. It’s an “arms race” between ever bigger attacks throwing huge amounts of traffic at ever more sophisticated defenses (e.g. AWS shield).
Incidentally…
Incidentally…
PowerShell-FIM: Proof-of-concept file integrity monitor written in PowerShell https://github.com/CsaProtocol/PowerShell-FIM
Come to the dark side: hunting IT professionals on the dark web https://securelist.com/darknet-it-headhunting/108526/
Securelist
IT specialists search and recruitment on the dark web
We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like.
How to Develop Intuition for Security Research: Apply the Scientific Method https://www.researchinnovations.com/post/how-to-develop-intuition-for-security-research-apply-the-scientific-method
Research Innovations
How to Develop Intuition for Security Research: Apply the Scientific Method
Intuition plays a prominent role in security research. It guides a researcher’s thought process to determine how to prioritize system components for analysis. What is the source of intuition? Can its source be defined and systematized so new researchers can…
CVE-2023-22374: F5 BIG-IP Format String Vulnerability https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/
Rapid7
CVE-2023-22374: F5 BIG-IP Format String Vulnerability | Rapid7 Blog
Rapid7 found an additional vulnerability in the appliance-mode REST interface. We disclosing it in accordance with our vulnerability disclosure policy.
Jumping into SOCKS https://sensepost.com/blog/2023/jumping-into-socks/
🔥1
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1 https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-1
Cyberark
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1
Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...
A collection of Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps https://github.com/0xdea/frida-scripts
GitHub
GitHub - 0xdea/frida-scripts: A collection of my Frida instrumentation scripts to reverse engineer mobile apps and more.
A collection of my Frida instrumentation scripts to reverse engineer mobile apps and more. - 0xdea/frida-scripts