Use NtCreateProcessEx to spawn a child process, and create the main thread manually.
miniCreateProcessEx
https://github.com/aaaddress1/PR0CESS/tree/main/miniCreateProcessEx
miniCreateProcessEx
https://github.com/aaaddress1/PR0CESS/tree/main/miniCreateProcessEx
GitHub
PR0CESS/miniCreateProcessEx at main · aaaddress1/PR0CESS
some gadgets about windows process and ready to use :) - PR0CESS/miniCreateProcessEx at main · aaaddress1/PR0CESS
iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE
https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/
https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/
www.deep.eu
Technical Corner - DEEP
Articles de l'équipe de sécurité offensive de POST Cyberforce
Do you like to read? I can take over your Kindle with an e-book
https://research.checkpoint.com/2021/i-can-take-over-your-kindle/
https://research.checkpoint.com/2021/i-can-take-over-your-kindle/
Check Point Research
Do you like to read? I can take over your Kindle with an e-book - Check Point Research
Research By: Slava Makkaveev Introduction Since 2007, Amazon has sold tens of millions of Kindles, which is impressive. But this also means that tens of millions of people could have potentially been hacked through a software bug in those same Kindles. Their…
Chrome in-the-wild bug analysis: CVE-2021-30632
https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/
https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/
GitHub Security Lab
Chrome in-the-wild bug analysis: CVE-2021-30632
This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version…
A Closer Look at NSA/CISA Kubernetes Hardening Guidance
https://kubernetes.io/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/
https://kubernetes.io/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/
Kubernetes
A Closer Look at NSA/CISA Kubernetes Hardening Guidance
Disclaimer The open source tools listed in this article are to serve as examples only and are in no way a direct recommendation from the Kubernetes community or authors. Background USA's National Security Agency (NSA) and the Cybersecurity and Infrastructure…
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
https://github.com/aaaddress1/Skrull
https://github.com/aaaddress1/Skrull
GitHub
GitHub - aaaddress1/Skrull: Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning…
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting...
A plugin to introduce a generic API for Decompiler support in GEF
https://github.com/mahaloz/decomp2gef
https://github.com/mahaloz/decomp2gef
GitHub
GitHub - mahaloz/decomp2dbg: A plugin to introduce interactive symbols into your debugger from your decompiler
A plugin to introduce interactive symbols into your debugger from your decompiler - mahaloz/decomp2dbg
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration
https://github.com/p0dalirius/LDAPmonitor
https://github.com/p0dalirius/LDAPmonitor
GitHub
GitHub - p0dalirius/LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! - GitHub - p0dalirius/LDAPmonitor: Monitor creation, deletion and changes to LDAP objects ...
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
Microsoft News
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26.
Detection Lab
Collection of Packer & Vagrant scripts that quickly bring a Windows AD online, complete with a collection of endpoint security tooling & logging best practices
https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
Collection of Packer & Vagrant scripts that quickly bring a Windows AD online, complete with a collection of endpoint security tooling & logging best practices
https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…
Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Google
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…
A virtual journey: From hardware virtualization to Hyper-V's Virtual Trust Levels
https://blog.quarkslab.com/a-virtual-journey-from-hardware-virtualization-to-hyper-vs-virtual-trust-levels.html
https://blog.quarkslab.com/a-virtual-journey-from-hardware-virtualization-to-hyper-vs-virtual-trust-levels.html
Quarkslab
A virtual journey: From hardware virtualization to Hyper-V's Virtual Trust Levels - Quarkslab's blog
A step by step approach to reverse engineer Hyper-V and have a low level insight into Virtual Trust Levels.
MUI: Visualizing symbolic execution with Manticore and Binary Ninja
https://blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/
https://blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/
The Trail of Bits Blog
MUI: Visualizing symbolic execution with Manticore and Binary Ninja
During my summer internship, I had the wonderful opportunity to work on the Manticore User Interface (MUI). The MUI project aims to combine the strength of both Manticore, a powerful symbolic execution library, and Binary Ninja, a popular binary analysis…
USENIX Security '21 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
https://www.youtube.com/watch?v=72Ngu3305TU
https://www.youtube.com/watch?v=72Ngu3305TU
YouTube
USENIX Security '21 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
USENIX Security '21 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh, University of California, Riverside
Fuzzing embeds a large number…
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh, University of California, Riverside
Fuzzing embeds a large number…