Exploiting embedded mitel phones for unauthenticated remote code execution #MitelPhoneExploit #RemoteCodeExecution #Vulnerabilities #ReverseEngineering #RootAccess https://baldur.dk/blog/embedded-mitel-exploitation.html
baldur.dk
BALDUR. - Security Consultancy
How to achieve a working remote code execution exploit in an embedded phone without any previous access.
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials #ForestBlizzard #CVE202238028 #MicrosoftSecurityBlog #ThreatAnalysis #CredentialTheft https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
Microsoft News
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analysis of Forrest Blizzard's exploitation of the CVE-2022-38028 vulnerability in Windows Print Spooler that allows elevated permissions.
Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) #OpenDevin #AI #CyberSecurity #Vulnerabilities #Education https://evren.ninja/multiple-vulnerabilities-in-opendevin.html
How MFA Is Falling Short #MFArisks #MFAfallingshort #1PasswordExtendedAccess #UserFirstSecurity #KolideDeviceTrust https://www.kolide.com/blog/how-mfa-is-falling-short
1Password Blog
How MFA is falling short | 1Password Blog
MFA was supposed to solve our security problems, so why do attackers keep getting around it?
How I hacked into Google’s internal corporate assets #Google #cybersecurity #bugbounty #dependencyconfusion #digitalrisk https://observationsinsecurity.com/2024/04/25/how-i-hacked-into-googles-internal-corporate-assets/
Observations in Security
How I hacked into Google’s internal corporate assets
It’s raining command injections! Every now and then, I take some time to work on bug bounty projects to explore threat vectors into real world targets like Google, Tesla and many others…
Automating API Vulnerability Testing Using Postman Workflows #APIVulnerabilityTesting #PostmanWorkflows #AutomatedTesting #BugHunting #OWASP https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows/
haymiz@kali:~/blog$
Automating API Vulnerability Testing Using Postman Workflows
Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.
Judge0 Sandbox Escape #Judge0 #SandboxEscape #PenetrationTesting #SecurityReviews #Exploitation https://tantosec.com/blog/judge0/
From IcedID to Dagon Locker Ransomware in 29 Days #IcedID #DagonLocker #Ransomware #DFIRReport #ThreatIntelligence https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis #MalwareAnalysis #Gemini1.5Pro #AIAssistance #ReverseEngineering #ZeroDayDetection https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis
Google Cloud Blog
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis | Google Cloud Blog
Gemini 1.5 Pro helps analysts manage the asymmetric volume of threats more effectively and efficiently.
🤮2🎉1
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller #NVMe #Linux #KernelFuzzer #NVMeOF #Subsystems https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion #MorphinTime #SelfModifyingCode #WriteProcessMemory #EDREvasion #ProcessMockingjay https://revflash.medium.com/its-morphin-time-self-modifying-code-sections-with-writeprocessmemory-for-edr-evasion-9bf9e7b7dced
Medium
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion
The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) #VoicePhishing #FinancialFraud #SecretCalls #KoreanFraudster #AntiAnalysisTechniques https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
Medium
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
Author: S2W TALON
Reverse Engineering Protobuf Definitions From Compiled Binaries #ReverseEngineering #Protobuf #Definitions #CompiledBinaries #SecurityBlog https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
Arkadiyt
Reverse Engineering Protobuf Definitions From Compiled Binaries
How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture
Identifying ESD damage using an electron microscope #MBSItem #ElectronMicroscope #IdentifyingESDdamage #MachineBuildingSystems #Automation https://mbsitem.co.uk/identifying-esd-damage-using-an-electron-microscope/
MBS Item
Identifying ESD damage using an electron microscope - MBS Item
MBS Item Identifying ESD damage using an electron microscope. When microchips are faulty, it’s the job of the Dresden-based experts at SGS Institut Fresenius to find out why.
Hunting M365 Invaders: Dissecting Email Collection Techniques #M365 #EmailCollection #HuntingInvaders #Splunk #SecurityDetection https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-dissecting-email-collection-techniques.html
Splunk
Hunting M365 Invaders: Dissecting Email Collection Techniques | Splunk
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
master: Half-Life 1 engine based games #GitHub #ValveSoftware #halflife #HalfLifeEngine #games https://github.com/ValveSoftware/halflife/tree/master
GitHub
GitHub - ValveSoftware/halflife: Half-Life 1 engine based games
Half-Life 1 engine based games. Contribute to ValveSoftware/halflife development by creating an account on GitHub.
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) #GLIBC #heapoverflow #FengShui #CVE-2023-6246 #exploitation https://medium.com/@elpepinillo/heap-heap-hooray-unveiling-glibc-heap-overflow-vulnerability-cve-2023-6246-0c6412423269
Medium
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) INTRODUCTION In January 30th, Qualys team found a heap overflow in the __vsyslog_internal function of the Glibc …
XZ Utils Made Me Paranoid #TrustedSec #XZUtils #Paranoid #Backdoor #SecurityScanner https://trustedsec.com/blog/xz-utils-made-me-paranoid
TrustedSec
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard #GitHub #pcapAnalysis #Zeek #Grafana #NetworkMonitoring https://github.com/hackertarget/pcap-did-what
GitHub
GitHub - hackertarget/pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard
Analyze pcaps with Zeek and a Grafana Dashboard. Contribute to hackertarget/pcap-did-what development by creating an account on GitHub.