Free Automated Malware Analysis Sandboxes and Services https://zeltser.com/automated-malware-analysis/
Zeltser
Free Automated Malware Analysis Sandboxes and Services
Automated malware analysis tools, such as analysis sandboxes, save time and help with triage during incident response and forensic investigations. They provide an overview of the specimen's capa
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library https://blog.talosintelligence.com/2021/09/vuln-spotlight-ribbonsoft.html
Cisco Talos Blog
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library
Lilith >_> of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.
The dxflib library is a C++ library utilized…
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.
The dxflib library is a C++ library utilized…
Modern Harnessing Meets In-Memory Fuzzing - PART 1
https://blog.haboob.sa/blog/modern-harnessing-meets-in-memory-fuzzing
https://blog.haboob.sa/blog/modern-harnessing-meets-in-memory-fuzzing
Haboob
Modern Harnessing Meets In-Memory Fuzzing - PART 1 — Haboob
Fuzzing or Fuzz Testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program then observe how the program processes it. In one of our recent projects, we were interested…
VED (Vault Exploit Defense): Protect the Linux kernel https://hardenedvault.net/2021/09/06/ved.html
Ghostscript zero-day allows full server compromises https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/
The Record
Ghostscript zero-day allows full server compromises
Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks.
Rudroid - Writing the World's worst Android Emulator in Rust 🦀 https://fuzzing.science/page/rudroid-worlds-worst-android-emulator/
Nice talk from @embyte » "The unfortunate journey of radio-protocol mistakes" https://www.madlab.it/slides/confidence2021_radios.pdf
A deep-dive into the SolarWinds Serv-U SSH vulnerability https://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/
Microsoft Security Blog
A deep-dive into the SolarWinds Serv-U SSH vulnerability | Microsoft Security Blog
We're sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html
Now Patched Vulnerability in WhatsApp could have led to data exposure of users https://research.checkpoint.com/2021/now-patched-vulnerability-in-whatsapp-could-have-led-to-data-exposure-of-users/
Check Point Research
Now Patched Vulnerability in WhatsApp could have led to data exposure of users - Check Point Research
Research by Dikla Barda & Gal Elbaz As of 2021, WhatsApp is the most popular global mobile messenger app worldwide with approximately two billion monthly active users. It allows users to send text and voice messages, make voice and video calls, and share…
Anatomy and Disruption of Metasploit Shellcode https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode/
NVISO Labs
Anatomy and Disruption of Metasploit Shellcode
In April 2021 we went through the anatomy of a Cobalt Strike stager and how some of its signature evasion techniques ended up being ineffective against detection technologies. In this blog post we …
Telegram Self-Destruct? Not Always https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/
Trustwave
Telegram Self-Destruct? Not Always
Secret-Chats in Telegram use end-to-end encryption, which is meant for people who are concerned about the security and privacy of their chat history. The messages can be read only by sender and receiver, and not even Telegram administrators have the encryption…
iOS Pentesting 101 https://cobalt.io/blog/ios-pentesting-101
www.cobalt.io
iOS Pentesting 101
Learn essential techniques for iOS application security testing, exploring architecture, jailbreaking, SSL pinning, and more in this comprehensive pentesting guide.
Summary:
The blog provides a comprehensive guide to iOS application security testing, covering…
Summary:
The blog provides a comprehensive guide to iOS application security testing, covering…
Obfuscating Malicious, Macro-Enabled Word Docs https://depthsecurity.com/blog/obfuscating-malicious-macro-enabled-word-docs
Depth Security | A Konica Minolta Service
Obfuscating Malicious, Macro-Enabled Word Docs | Depth Security
Learn more about malicious word documents from the Depth Security team in this blog post. Depth Security provides an experienced take on the subject.
Silently Unmasking Virgin Media VPN Users in Seconds (CVE-2019-16651) https://fidusinfosec.com/silently-unmasking-virgin-media-vpn-users-in-seconds-cve-2019-16651/
Fidus Information Security
Silently Unmasking Virgin Media VPN Users in Seconds (CVE-2019-16651) - Fidus Information Security
Introduction Fidus’ R&D team identified a vulnerability within Virgin Media Super Hub 3 routers that permitted for exfiltration of sensitive information remotely, which, among other things, can be used to determine the actual, ISP issued IP address of VPN…
Good write-up >> CVE-2021-40444 Analysis/Exploit https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
RET2Pwn
CVE-2021-40444 Analysis/Exploit
Intro
Very efficient exploit for CVE-2021-40444. Just 6 lines of JavaScript 😂 https://twitter.com/j00sean/status/1437390861499838466?s=09
Twitter
j00sean
I'm too late at CVE-2021-40444 party. But i just wanted to take a look at MSIE exploitation. Awesome to see a full exploit (RCE w/ sandbox escape) only using 6 lines of javascript code. Cool no doubt.