Чувака кинул майкрософт, обещает опубликовать все найденные уязвимости, оцениваемые 100к
https://twitter.com/jonasLyk/status/1282945750746509313?s=09
https://twitter.com/jonasLyk/status/1282945750746509313?s=09
X (formerly Twitter)
Jonas L (@jonasLyk) on X
As Microsoft have no intensions of ever paying me for all my submitted vulnerabilities I am forced to do this.
Countdown starts today- then I will post them all public.
Ms is just trying to get time to patch them then never pay me.
I have for over 100.000$…
Countdown starts today- then I will post them all public.
Ms is just trying to get time to patch them then never pay me.
I have for over 100.000$…
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its forkserver siblings). It allows to fuzz OS kernels like simple applications.
https://github.com/airbus-seclab/gustave
https://github.com/airbus-seclab/gustave
GitHub
GitHub - airbus-seclab/gustave: GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of…
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its forkserver siblings). It allows to fuzz OS kernels like simple applications. - airbus-seclab/gustave
Ten process injection techniques: A technical survey of common and trending process injection techniques
https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Elastic Blog
Ten process injection techniques: A technical survey of common and trending process injection techniques
Process injection is a widespread defense evasion technique employed often within malware and fileless adversary tradecraft, and entails running custom code within the address space of another process...
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
17-year-old vulnerability in all of Windows DNS Servers.
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges.
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
17-year-old vulnerability in all of Windows DNS Servers.
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges.
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Check Point Research
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
https://blog.talosintelligence.com/2020/07/vuln-spotlight-intel-amd-microsoft-july-2020.html?m=1
https://blog.talosintelligence.com/2020/07/vuln-spotlight-intel-amd-microsoft-july-2020.html?m=1
Talosintelligence
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
https://www.osr.com/blog/2020/07/14/bug-in-new-function-exallocatepoolzero-results-in-security-vulnerability-and-crashes/
https://www.osr.com/blog/2020/07/14/bug-in-new-function-exallocatepoolzero-results-in-security-vulnerability-and-crashes/
OSR
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
Update: Late in December 2020 Microsoft issued an update to the WDK/EWDK that includes mitigations for this security issue. See our blog post describing these updates. tl;dr Last week (week of 5 Ju…
Exploit Development: Playing ROP’em COP’em Robots with WriteProcessMemory()
https://connormcgarr.github.io/ROP2/
https://connormcgarr.github.io/ROP2/
Connor McGarr’s Blog
Exploit Development: Playing ROP’em COP’em Robots with WriteProcessMemory()
Gaining code execution with WriteProcessMemory() via ROP and outlining the occasional need for Call-Oriented Programming.
Anonymous Poll
80%
Да)
20%
Нет)
Злоумышленники постят в Твиттере от известных лиц скам, уже пострадали Илон Маск и Билл Гейтс)
https://twitter.com/tylerwinklevoss/status/1283492017041965058
https://twitter.com/tylerwinklevoss/status/1283492017041965058