Apache Dubbo: All roads lead to RCE https://securitylab.github.com/research/apache-dubbo/
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Beginners Guide to 0day/CVE AppSec Research https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
Boku
Beginners Guide to 0day/CVE AppSec Research
Mama Always Told Me Not to Trust Strangers without Certificates https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
Bughound: open-source static code analysis tool https://securityonline.info/bughound-open-source-static-code-analysis-tool/
Cybersecurity News
Bughound: open-source static code analysis tool
Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana
Reverse Engineering Adventures: League of Legends Wild Rift (IL2CPP) https://katyscode.wordpress.com/2021/01/15/reverse-engineering-adventures-league-of-legends-wild-rift-il2cpp/
Katy's Code
Reverse Engineering Adventures: League of Legends Wild Rift (IL2CPP)
The most common issue I receive on the tracker for Il2CppInspector is “this file won’t load”. Oftentimes this is due to a bug in the tool, but sometimes it leads me down a reverse…
A Journey Into the Beauty of DNSRebinding (part 1& part 2): https://blog.mindedsecurity.com/2021/02/journey-into-beauty-of-dnsrebinding.html https://blog.mindedsecurity.com/2021/08/a-journey-into-beauty-of-dnsrebinding.html
Mindedsecurity
A Journey Into the Beauty of DNSRebinding - Part 1
Authors Giovanni Guido Alessandro Braccio Abstract In this first blog post about DNS rebinding topic, we are going to show a practical exa...
The Art of the Device Code Phish https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
Boku
The Art of the Device Code Phish
Nice collection of Windows process injection methods https://github.com/odzhan/injection
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
Blogspot
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Wireless and firmware hacking, PhD life, Technology
iOS14.8: Patch CVE-2021-1740 again silently https://jhftss.github.io/CVE-2021-1740-Invalid-Patch/
jhftss.github.io
iOS14.8: Patch CVE-2021-1740 again silently
As well known, iOS14.8 patched two 0 days in the wild, one of which is the pegasus 0-click vulnerability. You can get the root cause and more interesting findings by reading my analysis from here.
Great reading on micro-architectural attacks » Battle for Secure Caches: Attacks and Defenses on Randomized Caches https://www.sigarch.org/battle-for-secure-caches-attacks-and-defenses-on-randomized-caches/
SIGARCH
Battle for Secure Caches: Attacks and Defenses on Randomized Caches
There is a battle ongoing in the realm of secure caches. Cache side-channels are a serious security problem as they allow an attacker to monitor a victim program’s execution and leak sensitive data…
PetitPotam – NTLM Relay to AD CS https://pentestlab.blog/2021/09/14/petitpotam-ntlm-relay-to-ad-cs/
Penetration Testing Lab
PetitPotam – NTLM Relay to AD CS
Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different directory objects.…
Rootend - A *Nix Enumerator And Auto Privilege Escalation Tool https://www.kitploit.com/2021/09/rootend-nix-enumerator-and-auto.html
KitPloit - PenTest & Hacking Tools
Rootend - A *Nix Enumerator And Auto Privilege Escalation Tool
Automation in Reverse Engineering C++ STL/Template Code https://www.msreverseengineering.com/blog/2021/9/21/automation-in-reverse-engineering-c-template-code
Möbius Strip Reverse Engineering
Automation in Reverse Engineering C++ STL/Template Code — Möbius Strip Reverse Engineering
Overview and Motivation
High-Severity RCE Vulnerability Found in Several Netgear Routers https://cybersecuritylog.com/high-severity-rce-vulnerability-found-in-several-netgear-routers
Cybersecuritylog
High-Severity RCE Vulnerability Found in Several Netgear Routers
Cybersecurity experts discovered a serious RCE vulnerability in several Netgear models.
#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports https://isc.sans.edu/diary/rss/27852
SANS Internet Storm Center
InfoSec Handlers Diary Blog
#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports., Author: Johannes Ullrich
Making permissions auto-reset available to billions more devices https://android-developers.googleblog.com/2021/09/making-permissions-auto-reset-available.html?m=1
Android Developers Blog
Making permissions auto-reset available to billions more devices
Posted by Peter Visontay, Software Engineer; Bessie Jiang, Software Engineer Contributors: Inara Ramji, Software Engineer; Rodrigo Farel...