CVE-2020-9967 - Apple macOS XNU 6LowPan Kernel RCE Write-up https://alexplaskett.github.io/CVE-2020-9967/
Amit Merchant - Software Engineer
CVE-2020-9967 - Apple macOS 6LowPAN Vulnerability
Inspired by Kevin Backhouse’s great work on finding XNU remote vulnerabilities I decided to spend some time looking at CodeQL and performing some variant analysis. This lead to the discovery of a local root to kernel (although documented by Apple as remote)…
Гиперотладка. Разбираем отладку Microsoft Hyper-V с самого начала
https://xakep.ru/2020/12/25/hyperv-hyperdebug/
https://xakep.ru/2020/12/25/hyperv-hyperdebug/
xakep.ru
Гиперотладка. Разбираем отладку Microsoft Hyper-V с самого начала
Гипервизор производства корпорации Microsoft содержит определенное количество ошибок. Поиск этих ошибок — занятие не только увлекательное, но и полезное: во-первых, Microsoft располагает собственной программой Bug Bounty, а во-вторых, знания о недокументированных…
Visualize the virtual address space of a Windows process on a Hilbert curve.
https://github.com/0vercl0k/clairvoyance
https://github.com/0vercl0k/clairvoyance
GitHub
GitHub - 0vercl0k/clairvoyance: Visualize the virtual address space of a Windows process on a Hilbert curve.
Visualize the virtual address space of a Windows process on a Hilbert curve. - 0vercl0k/clairvoyance
Forwarded from r0 Crew (Channel)
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation https://github.com/ant4g0nist/Vulnerable-Kext #exploitation #ios #macos #dukeBarman
GitHub
GitHub - ant4g0nist/Vulnerable-Kext: A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation - ant4g0nist/Vulnerable-Kext
[email protected]
12.3 MB
Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization
Using Windows Disposable VMs for test and research
https://rolando.anton.sh/blog/2021/01/01/using-windows-disposable-vms-for-test-and-research/
https://rolando.anton.sh/blog/2021/01/01/using-windows-disposable-vms-for-test-and-research/
rolando.anton.sh
Using Windows Disposable VMs for test and research
Introduction To continue the idea of my previous posts, I want to share a project I have been improving in the last months; I can't imagine the number of times …
A 'Novel' Way to Bypass Executable Signature Checks with Electron
https://parsiya.net/blog/2021-01-08-a-novel-way-to-bypass-executable-signature-checks-with-electron/
https://parsiya.net/blog/2021-01-08-a-novel-way-to-bypass-executable-signature-checks-with-electron/
Operation ‘Kremlin’
The file contains an obfuscated URL to a remote template which contains malicious VBA, eventually leading to the execution of VBS on the infected machine. The attack’s purpose is to stealthily exfiltrate information without running any external executables on the system.
https://www.clearskysec.com/operation-kremlin/
The file contains an obfuscated URL to a remote template which contains malicious VBA, eventually leading to the execution of VBS on the infected machine. The attack’s purpose is to stealthily exfiltrate information without running any external executables on the system.
https://www.clearskysec.com/operation-kremlin/
Building an RDP Credential Catcher for Threat Intelligence
https://research.nccgroup.com/2021/01/10/building-an-rdp-credential-catcher-for-threat-intelligence/
https://research.nccgroup.com/2021/01/10/building-an-rdp-credential-catcher-for-threat-intelligence/
PROCESS HERPADERPING – WINDOWS DEFENDER EVASION
https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/
https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/
Pentest Laboratories
Process Herpaderping – Windows Defender Evasion
Windows Defender has improved significantly the security posture of Windows environments since it has better detection capabilities compare to other security products. When a process is created Win…
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
CrowdStrike.com
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike researchers.
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Google
New campaign targeting security researchers
Details on an ongoing campaign, which we attribute to a government-backed entity based in North Korea, targeting security researchers working on vulnerability research and development.
Alaid TechThread
New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
рекомендуется провести проверку на наличие угроз
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
MarkTechPost
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
Facebook AI introduces a neural-based decompiler framework called N-Bref, which improves traditional decompilation systems’ performance accuracy. The research led by Jishen Zhao is a collaboration between FAIR and UCSD STABLE Lab. This study presents a comprehensive…