A repository of DFIR-related Mind Maps https://github.com/rathbuna/DFIRMindMaps
GitHub
GitHub - AndrewRathbun/DFIRMindMaps: A repository of DFIR-related Mind Maps geared towards the visual learners!
A repository of DFIR-related Mind Maps geared towards the visual learners! - AndrewRathbun/DFIRMindMaps
Black-Box Attacks on Perceptual Image Hashes with GANs https://towardsdatascience.com/black-box-attacks-on-perceptual-image-hashes-with-gans-cc1be11f277
Medium
Black-Box Attacks on Perceptual Image Hashes with GANs
tldr: This post demonstrates that GANs are capable of breaking image hash algorithms in two key ways: (1) Reversal Attack: Synthesizing the…
good old times! » Reverse engineering software licensing from early-2000s abandonware – Part 1 https://yingtongli.me/blog/2021/08/29/drm5-1.html
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters https://www.kitploit.com/2020/10/awesome-android-security-curated-list.html
KitPloit - PenTest & Hacking Tools
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
ProxyToken: An Authentication Bypass in Microsoft Exchange Server https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
Zero Day Initiative
Zero Day Initiative — ProxyToken: An Authentication Bypass in Microsoft Exchange Server
Continuing with the theme of serious vulnerabilities that have recently come to light in Microsoft Exchange Server, in this article we present a new vulnerability we call ProxyToken. It was reported to the Zero Day Initiative in March 2021 by researcher Le…
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors https://www.domaintools.com/resources/blog/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors
DomainTools | Start Here. Know Now.
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors - DomainTools | Start Here. Know Now.
Learn about research recently conducted into “Domain Blooms”, our attempt to identify new and trending themes in domain names that highlights which events.
6 Pro Tricks for Rapid macOS Malware Triage with Radare2 https://labs.sentinelone.com/6-pro-tricks-for-rapid-macos-malware-triage-with-radare2/
SentinelOne
6 Pro Tricks for Rapid macOS Malware Triage with Radare2 - SentinelLabs
Learn more about reversing real-world macOS malware in this new series for intermediate to advanced analysts, starting with these r2 tips!
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing [Whitepaper download] https://labs.detectify.com/2021/08/31/go-fuzz-yourself-how-to-find-more-vulnerabilities-in-apis-through-fuzzing-whitepaper-download/
DNS Rebinding Attack: How Malicious Websites Exploit Private Networks https://unit42.paloaltonetworks.com/dns-rebinding/
Unit 42
DNS Rebinding Attack: How Malicious Websites Exploit Private Networks
DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.
CVE-2021-34486: Event Tracing for Windows (ETW) TimerCallbackContext Object Use-After-Free Vulnerability https://www.pixiepointsecurity.com/blog/cve-2021-34486.html
Deception in Depth - LSASS Injection https://blog.spookysec.net/DnD-LSASS-Injection/
Ronnie's Blog
Deception in Depth - LSASS Injection
root@PandorasBox:~#
npmにも影響があるnode-tarのパストラバーサルの脆弱性 CVE-2021-32804 https://yamory.io/blog/cve-2021-32804-node-tar-reproduce/
yamory.io
npmにも影響があるnode-tarのパストラバーサルの脆弱性 CVE-2021-32804 | yamory Blog
npmにも影響を与える node-tarの脆弱性(CVE-2021-32804)について解説します。
Internal of the Android kernel backdoor vulnerability https://vul.360.net/archives/263
vul.360.net
Internal of the Android kernel backdoor vulnerability
回顾Android内核漏洞史可以发现,大部分Android内核漏洞属于内存漏洞,而逻辑漏洞相对少见。由于内存漏洞具有典型的漏洞模式、明显的副作用以及较完善的检测方法,因此这类漏洞较容易发现。对应地,逻辑漏洞没有典型的漏洞模式(往往与功能紧密相关)、不确定的副作用以及缺乏普适的检测方法,因此,挖掘这类漏洞相对困难。正因为如此,逻辑漏洞有它独特的魅力。
CVE-2021-26084 Remote Code Execution on Confluence Servers https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
GitHub
writeups/Confluence-RCE.md at main · httpvoid/writeups
Contribute to httpvoid/writeups development by creating an account on GitHub.
Anubis Android Malware Analysis https://0x1c3n.tech/anubis-android-malware-analysis
Nice datasets » DDoS Packet Capture Collection https://github.com/StopDDoS/packet-captures
GitHub
GitHub - StopDDoS/packet-captures: packet captures of real-world ddos attacks
packet captures of real-world ddos attacks. Contribute to StopDDoS/packet-captures development by creating an account on GitHub.
Herramienta de análisis de ataques ssh (by @jaartal) https://inthenite.com/herramienta-de-analisis-de-ataques-ssh/
inthenite.com
Herramienta de análisis de ataques ssh - inthenite.com
Publico la herramienta con la que he realizado el análisis de los ataques recibidos por ssh, de tal forma que cualquiera puede revisarlos
macOS XPC Exploitation - Sandbox Share case study https://www.synacktiv.com/publications/macos-xpc-exploitation-sandbox-share-case-study.html
Synacktiv
macOS XPC Exploitation - Sandbox Share case study
Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit m
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
JFrog
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability…
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
JFrog
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability…