Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) https://github.com/ollypwn/PrintNightmare
GitHub
GitHub - ly4k/PrintNightmare: Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) - GitHub - ly4k/PrintNightmare: Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
Costly mistakes made by developers when managing secrets and how to avoid them https://boemo1mmopelwa.medium.com/costly-mistakes-made-by-developers-when-managing-secrets-and-how-to-avoid-them-a7b622d27a17
Medium
Costly mistakes made by developers when managing secrets and how to avoid them
There’s now more money and information stored digitally than physically. Secrets unlock the infrastructure holding millions of dollars and…
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild https://blog.s1r1us.ninja/research/PP
blog.s1r1us.ninja
s1r1us - Prototype Pollution
Introduction
Zloader Campaigns at a Glance https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance
Trendmicro
Zloader Campaigns at a Glance
Our infographic provides a quick and comprehensive overview of Zloader, which has been involved in numerous campaigns over the past few years.
TrustedInstaller, parando Windows Defender https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/
Security Art Work
TrustedInstaller, parando Windows Defender - Security Art Work
A menudo, durante un proceso de intrusión puede sernos de utilidad disponer de la capacidad de deshabilitar las medidas de defensa del equipo objetivo. Para aquellos pentesters que ya hayan probado las mieles de la solución de seguridad embarcada por defecto…
Chrome in-the-wild bug analysis: CVE-2021-30632 https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) https://spaceraccoon.dev/all-your-d-base-are-belong-to-us-part-1-code-execution-in-apache-openoffice?pk_campaign=rss-feed
spaceraccoon.dev
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) — spaceraccoon.dev
Note: This is a mirror of the Medium blogpost. Introduction Venturing out into the wilderness of vulnerability research can be a daunti...
RPI4 KVM for Malware Analysis https://honeypot.lol/posts/rpi4-kvm-for-malware-analysis/
Expert discloses new iPhone lock screen vulnerability in iOS 15 https://securityaffairs.co/wordpress/122740/hacking/lock-screen-vulnerability.html
Security Affairs
Expert discloses new iPhone lock screen vulnerability in iOS 15
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed.
Patching A Java .class File https://blog.didierstevens.com/2021/09/26/patching-a-java-class-file/
Didier Stevens
Patching A Java .class File
010 Editor is one of few commercial applications that I use daily. It’s a powerful binary editor with scripting and templates. I recently had to patch a Java .class file: extend a string insi…
Made in China: OSX.ZuRu — trojanized apps spread malware, via sponsored search results https://objective-see.com/blog/blog_0x66.html
objective-see.org
Made in China: OSX.ZuRu
trojanized apps spread malware, via sponsored search results
Repository of Python scripts mainly written for malware research purposes https://github.com/fboldewin/misc_malware
GitHub
GitHub - fboldewin/misc_malware
Contribute to fboldewin/misc_malware development by creating an account on GitHub.
How malware gets into the App Store and why Apple can't stop that https://habr.com/en/amp/post/580272/
Habr
How malware gets into the App Store and why Apple can't stop that
Only after I had published a post detailing three iOS 0-day vulnerabilities and expressing my frustration with Apple Security Bounty Program, I received a reply from Apple:We saw your blog post...
Always-on Processor magic: How Find My works while iPhone is powered off https://naehrdine.blogspot.com/2021/09/always-on-processor-magic-how-find-my.html
Blogspot
Always-on Processor magic: How Find My works while iPhone is powered off
Wireless and firmware hacking, PhD life, Technology
Analysis of CVE-2021-30860 — the flaw and fix of a zero-click vulnerability, exploited in the wild https://objective-see.com/blog/blog_0x67.html
objective-see.org
Analysis of CVE-2021-30860
the flaw and fix of a zero-click vulnerability, exploited in the wild
Drive-By Compromise: A Tale Of Four WiFi Routers https://blog.includesecurity.com/2021/09/drive-by-compromise-a-tale-of-four-routers/
Include Security Research Blog
Drive-By Compromise: A Tale Of Four Wifi Routers - Include Security Research Blog
Determining the overall security posture of consumer electronics is an exceedingly hard task. In this post, we analyze four 'budget' devices.
POC for scanning ProxyShell (CVE-2021-34523,CVE-2021-34473,CVE-2021-31207) https://github.com/mithridates1313/ProxyShell_POC
GitHub
GitHub - mithridates1313/ProxyShell_POC: POC for scanning ProxyShell(CVE-2021-34523,CVE-2021-34473,CVE-2021-31207)
POC for scanning ProxyShell(CVE-2021-34523,CVE-2021-34473,CVE-2021-31207) - mithridates1313/ProxyShell_POC
New Android Malware Steals Financial Data from 378 Banking and Wallet Apps https://thehackernews.com/2021/09/new-android-malware-steals-financial.html
Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife https://hakin9.org/karkinos-penetration-testing-and-hacking-ctfs-swiss-army-knife/
Hakin9 - IT Security Magazine
Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: