Чувака кинул майкрософт, обещает опубликовать все найденные уязвимости, оцениваемые 100к
https://twitter.com/jonasLyk/status/1282945750746509313?s=09
https://twitter.com/jonasLyk/status/1282945750746509313?s=09
X (formerly Twitter)
Jonas L (@jonasLyk) on X
As Microsoft have no intensions of ever paying me for all my submitted vulnerabilities I am forced to do this.
Countdown starts today- then I will post them all public.
Ms is just trying to get time to patch them then never pay me.
I have for over 100.000$…
Countdown starts today- then I will post them all public.
Ms is just trying to get time to patch them then never pay me.
I have for over 100.000$…
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its forkserver siblings). It allows to fuzz OS kernels like simple applications.
https://github.com/airbus-seclab/gustave
https://github.com/airbus-seclab/gustave
GitHub
GitHub - airbus-seclab/gustave: GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of…
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its forkserver siblings). It allows to fuzz OS kernels like simple applications. - airbus-seclab/gustave
Ten process injection techniques: A technical survey of common and trending process injection techniques
https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Elastic Blog
Ten process injection techniques: A technical survey of common and trending process injection techniques
Process injection is a widespread defense evasion technique employed often within malware and fileless adversary tradecraft, and entails running custom code within the address space of another process...
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
17-year-old vulnerability in all of Windows DNS Servers.
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges.
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
17-year-old vulnerability in all of Windows DNS Servers.
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges.
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Check Point Research
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
https://blog.talosintelligence.com/2020/07/vuln-spotlight-intel-amd-microsoft-july-2020.html?m=1
https://blog.talosintelligence.com/2020/07/vuln-spotlight-intel-amd-microsoft-july-2020.html?m=1
Talosintelligence
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
https://www.osr.com/blog/2020/07/14/bug-in-new-function-exallocatepoolzero-results-in-security-vulnerability-and-crashes/
https://www.osr.com/blog/2020/07/14/bug-in-new-function-exallocatepoolzero-results-in-security-vulnerability-and-crashes/
OSR
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
Update: Late in December 2020 Microsoft issued an update to the WDK/EWDK that includes mitigations for this security issue. See our blog post describing these updates. tl;dr Last week (week of 5 Ju…
Exploit Development: Playing ROP’em COP’em Robots with WriteProcessMemory()
https://connormcgarr.github.io/ROP2/
https://connormcgarr.github.io/ROP2/
Connor McGarr’s Blog
Exploit Development: Playing ROP’em COP’em Robots with WriteProcessMemory()
Gaining code execution with WriteProcessMemory() via ROP and outlining the occasional need for Call-Oriented Programming.
Anonymous Poll
80%
Да)
20%
Нет)
Злоумышленники постят в Твиттере от известных лиц скам, уже пострадали Илон Маск и Билл Гейтс)
https://twitter.com/tylerwinklevoss/status/1283492017041965058
https://twitter.com/tylerwinklevoss/status/1283492017041965058
https://twitter.com/Apple
Apple просто удалила все свои твиты) Злоумышленники уже нарулили сотни тысяч долларов (по данным чуваков следящих за кошельками)
Apple просто удалила все свои твиты) Злоумышленники уже нарулили сотни тысяч долларов (по данным чуваков следящих за кошельками)
X (formerly Twitter)
Apple (@Apple) on X
https://t.co/4dZx1rwvgY