OT_ICEFALL.pdf
3.3 MB
#Analytics
#Threat_Research
"The legacy of "insecure by design" and its implications for certifications and risk management", 2022.
// Forescout Vedere Labs Discovers 56 OT Vulnerabilities
📰
📚
#Threat_Research
"The legacy of "insecure by design" and its implications for certifications and risk management", 2022.
// Forescout Vedere Labs Discovers 56 OT Vulnerabilities
📰
📚
Jailbreaking_RouterOS.pdf
10.7 MB
#reversing
"Pulling MikroTik into the Limelight:
Demystifying and Jailbreaking RouterOS", REcon 2022.
]-> https://margin.re/blog/pulling-mikrotik-into-the-limelight.aspx
📰
📚
"Pulling MikroTik into the Limelight:
Demystifying and Jailbreaking RouterOS", REcon 2022.
]-> https://margin.re/blog/pulling-mikrotik-into-the-limelight.aspx
📰
📚
fuzzorigin.pdf
2.3 MB
#Threat_Research
"FUZZORIGIN: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing", 2022.
📰
📚
"FUZZORIGIN: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing", 2022.
📰
📚
shellcode.pdf
1.3 MB
#Whitepaper
"From a C project, through assembly, to shellcode", v.1.2, 2020.
]-> Dll injection through code page id modification in registry:
https://github.com/NtQuerySystemInformation/NlsCodeInjectionThroughRegistry
📰
📚
"From a C project, through assembly, to shellcode", v.1.2, 2020.
]-> Dll injection through code page id modification in registry:
https://github.com/NtQuerySystemInformation/NlsCodeInjectionThroughRegistry
📰
📚
SVCReady_malware.pdf
199.7 KB
#Malware_analysis
"New SVCReady malware loads from Word doc properties - Detection & Response", 2022.
📰
📚
"New SVCReady malware loads from Word doc properties - Detection & Response", 2022.
📰
📚
Hunting Red Team Activities with Forensic Artifacts.pdf
2 MB
Hunting Red Team Activities with Forensic Artifacts
📰
📚
📰
📚
herzbleed.pdf
756.4 KB
#Research
"Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86", USENIX 2022.
]-> https://www.hertzbleed.com
📰
📚
"Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86", USENIX 2022.
]-> https://www.hertzbleed.com
📰
📚
PACMAN.pdf
659 KB
#Research
"PACMAN: Attacking ARM Pointer Authentication with Speculative Execution", 2022.
]-> https://pacmanattack.com
📰
📚
"PACMAN: Attacking ARM Pointer Authentication with Speculative Execution", 2022.
]-> https://pacmanattack.com
📰
📚
hardwear_io_bd_jb.pdf
444.3 KB
#Research
#Hardware_Security
"bd-jb: Blu-ray Disc Java Sandbox Escape", 2022.
// Exploring new attack vectors: USB, DVD, Blu-ray
📰
📚
#Hardware_Security
"bd-jb: Blu-ray Disc Java Sandbox Escape", 2022.
// Exploring new attack vectors: USB, DVD, Blu-ray
📰
📚
jcp_02_00020.pdf
1.9 MB
#Research
#Blue_Team
"Improved Detection and Response via Optimized Alerts: Usability Study", 2022.
📰
📚
#Blue_Team
"Improved Detection and Response via Optimized Alerts: Usability Study", 2022.
📰
📚
fuzzing_ms_rdp_client.pdf
1.3 MB
#Research
"Fuzzing Microsoft’s RDP Client using Virtual Channels", 2022.
]-> wtf - distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer for attacking user and / or kernel-mode targets running on MS Windows:
https://github.com/0vercl0k/wtf
📰
📚
"Fuzzing Microsoft’s RDP Client using Virtual Channels", 2022.
]-> wtf - distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer for attacking user and / or kernel-mode targets running on MS Windows:
https://github.com/0vercl0k/wtf
📰
📚
NIST_SP_800_160_v1_r1.pdf
5.2 MB
#Infosec_Standards
NIST SP 800-160 Vol.1, Rev.1:
"Engineering Trustworthy Secure Systems", June 2022.
📰
📚
NIST SP 800-160 Vol.1, Rev.1:
"Engineering Trustworthy Secure Systems", June 2022.
📰
📚