ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.zerodayinitiative.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref
Zero Day Initiative
Zero Day Initiative — ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
You can find me on Twitter at @HexKitchen , and follow the team for the latest in exploit techniques and security patches.
ChaosDB: Critical Vulnerability in Microsoft Azure Cosmos DB https://chaosdb.wiz.io/
Wiz
ChaosDB: Unauthorized Privileged Access to Microsoft Azure Cosmos DB
A critical vulnerability in Azure's flagship Cosmos DB service affecting thousands of customers. Mitigation requires customers' manual actions.
SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak https://ssd-disclosure.com/ssd-advisory-samsung-s10-s9-kernel-4-14-android-10-kernel-function-address-text-and-heap-address-information-leak/
SSD Secure Disclosure
SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak - SSD…
Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information.
Beyond the Edge: How to Secure SMB Traffic in Windows https://techcommunity.microsoft.com/t5/itops-talk-blog/beyond-the-edge-how-to-secure-smb-traffic-in-windows/ba-p/1447159?WT.mc_id=modinfra-0000-orthomas
TECHCOMMUNITY.MICROSOFT.COM
Beyond the Edge: How to Secure SMB Traffic in Windows
Hiya folks, Ned here again. Organizations are good at firewalling the network edge to stop inbound intruders. We need to move on to preventing outbound and lateral network communications. With the rise of mobile computing and ease of phishing users, compromising…
Anti-Debug JS/WASM by Hand https://remyhax.xyz/posts/javascript-wasm-anti-debug/
REMY HAX
Anti-Debug JS/WASM by Hand
Last week a friend of mine asked me to debug/RE some phishing emails that had been sent to them. These phishing emails were visually very clever and looked identical to the real site! But as I looked at the javascript I frankly became embarassed for the developer.…
Smart male chastity lock cock-up https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/
Pen Test Partners
Smart male chastity lock cock-up | Pen Test Partners
TL;DR Smart Bluetooth male chastity lock, designed for user to give remote control to a trusted 3rd party using mobile app/API Multiple API flaws meant anyone could remotely lock all devices and prevent users from releasing themselves Removal then requires…
The dying knight in the shiny armour: Killing Defender through NT symbolic links redirection while keeping it unbothered https://aptw.tf/2021/08/21/killing-defender.html
PEB: Where Magic Is Stored https://malwareandstuff.com/peb-where-magic-is-stored/
Malware and Stuff
PEB: Where Magic Is Stored
As a reverse engineer, every now and then you encounter a situation where you dive deeper into the internal structures of an operating system as usual. Be it out of simple curiosity, or because you…
Zoom RCE from Pwn2Own 2021 https://sector7.computest.nl/post/2021-08-zoom/
Sector 7
Zoom RCE from Pwn2Own 2021
On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…
Come do Wi-Fi! https://sensepost.com/blog/2021/come-do-wi-fi/
elFinder - A Case Study of Web File Manager Vulnerabilities https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities
Sonarsource
elFinder - A Case Study of Web File Manager Vulnerabilities
Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.
Snakes on a Domain: An Analysis of a Python Malware Loader https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
Huntress
Snakes on a Domain: An Analysis of a Python Malware Loader | Huntress
Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.
Why do Windows functions all begin with a pointless MOV EDI, EDI instruction? https://devblogs.microsoft.com/oldnewthing/?p=9583
Microsoft News
Why do Windows functions all begin with a pointless MOV EDI, EDI instruction?
For future use.
CVE-2017-11176 PoC for Linux Kernel version 4.8.11, bypassing SMEP and SMAP (by stack pivoting inside the kernel and ROP) [UAF vuln] https://github.com/MaherAzzouzi/LinuxKernelStudy/tree/main/CVE-2017-11176
GitHub
LinuxKernelStudy/CVE-2017-11176 at main · MaherAzzouzi/LinuxKernelStudy
A repository to study the core components of Linux for exploitation purposes. - LinuxKernelStudy/CVE-2017-11176 at main · MaherAzzouzi/LinuxKernelStudy
Linker/Compiler/Tool detector for Windows, Linux and MacOS https://github.com/horsicq/Nauz-File-Detector
GitHub
GitHub - horsicq/Nauz-File-Detector: Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Linker/Compiler/Tool detector for Windows, Linux and MacOS. - horsicq/Nauz-File-Detector
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders https://www.advintel.io/post/crime-laundering-primer-inside-ryuk-crime-crypto-ledger-risky-asian-crypto-traders
AdvIntel
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders
By Vitali Kremez and Brian Carter We are releasing the report today with the redacted version in research collaboration with the cybersecurity firm HYAS. Inside a mature, prolific, targeted cybercrime operation. Much has been written about the many families…
Malicious Campaign Targets Latin America: The seller, The operator and a curious link https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html
Cisco Talos Blog
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer.
* Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT.
* The campaign targets travel and hospitality organizations in Latin…
* Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT.
* The campaign targets travel and hospitality organizations in Latin…
$200K vuln, not bad » (Pwn2Own) Microsoft Teams amsVideo Cross Site Scripting Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-771/
Zerodayinitiative
ZDI-21-771
(Pwn2Own) Microsoft Teams amsVideo Cross Site Scripting Vulnerability
Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP https://securityaffairs.co/wordpress/121370/hacking/microsoft-wfp-appcontainer-bypass.html
Security Affairs
Google discloses Microsoft WFP Default Rules AppContainer Capability Bypass EoP
Google disclosed the details of a Windows AppContainer vulnerability because Microsoft initially had no plans to fix it.
Malware analysis - Mirai Botnet Huawei exploit CVE-2017-17215 https://www.youtube.com/watch?v=KVJyYTie-Dc
YouTube
Analyzing Mirai Botnet Huawei Exploit - Malware Analysis
Malware Analyst Professional - Level 1 Online Course - https://training.trainsec.net/malware-analyst-professional
Follow me on Twitter: https://Twitter.com/MalFuzzer
Get my book - Antivirus Bypass Techniques at the following link:
https://www.amazon.com/Antivirus…
Follow me on Twitter: https://Twitter.com/MalFuzzer
Get my book - Antivirus Bypass Techniques at the following link:
https://www.amazon.com/Antivirus…