A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/
Decompiled code matching via AST features https://fernandodoming.github.io/posts/ast-feature-comparison/
Windows User Profile Service 0day LPE https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader https://www.zerodayinitiative.com/blog/2021/10/20/cve-2021-28632-amp-cve-2021-39840-bypassing-locks-in-adobe-reader
Zero Day Initiative
Zero Day Initiative — CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader
Over the past few months, Adobe has patched several remote code execution bugs in Adobe Acrobat and Reader that were reported by researcher Mark Vincent Yason ( @MarkYason ) through our program. Two of these bugs, in particular, CVE-2021-28632 and CVE…
Reverse engineering and game hacking resources https://medium.com/faraday/reverse-engineering-and-game-hacking-resources-211bd4afb939
Medium
Reverse engineering and game hacking resources
Hi there! You are probably here because you listened to our talk at Nerdearla 2021 and want to continue learning. But if you missed the…
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646) https://medium.com/csg-govtech/all-your-d-base-are-belong-to-us-part-2-code-execution-in-microsoft-office-cve-2021-38646-fa6e70362162
Medium
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021–38646)
From fuzzing to exploit
How to build a network scanning analysis platform — Part I https://medium.com/@fapro0/how-to-build-a-network-scanning-analysis-platform-part-i-efab6740b740
Medium
How to build a network scanning analysis platform — Part I
As the network becomes more and more developed, various kinds of traffic in the network are also increasing. Search engines, attack…
Interactive cheat sheet of offensive security tools and their respective commands, to be used against Windows/AD environments https://wadcoms.github.io/
"Stolen Images Evidence" campaign pushes Sliver-based malware https://isc.sans.edu/diary/27954
SANS Internet Storm Center
"Stolen Images Evidence" campaign pushes Sliver-based malware
"Stolen Images Evidence" campaign pushes Sliver-based malware, Author: Brad Duncan
Forced Entry: A Security Test for Automatic Garage Doors https://www.trendmicro.com/en_us/research/21/j/forced-entry-a-security-test-for-automatic-garage-doors.html
Trend Micro
Forced Entry: A Security Test for Automatic Garage Doors
In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature.
Microsoft no longer signs Windows drivers for Process Hacker https://borncity.com/win/2021/10/23/microsoft-signiert-windows-treiber-fr-process-hacker-nicht-mehr/
Born's Tech and Windows World
Microsoft no longer signs Windows drivers for Process Hacker
[German]Brief information, which is already here with me since August 2021, but which I have not yet addressed in the blog. David Xanatos has pointed out to me that Microsoft is refusing to sign drivers for the new Process Hacker without giving any further…
Writing Disassemblers for VM-based Obfuscators https://synthesis.to/2021/10/21/vm_based_obfuscation.html
Let’s talk about PAKE https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/
A Few Thoughts on Cryptographic Engineering
Let’s talk about PAKE
The first rule of PAKE is: nobody ever wants to talk about PAKE. The second rule of PAKE is that this is a shame, because PAKE — which stands for Password Authenticated Key Exchange — is actually o…
Flare-On 8 – Task 9 write-up https://hshrzd.wordpress.com/2021/10/23/flare-on-8-task-9/
hasherezade's 1001 nights
Flare-On 8 – Task 9
Flare-On is an annual “reverse engineering marathon” organized by Mandiant (formerly by FireEye). You can see more information here. It is a Capture-The-Flag type of a contest, where yo…
MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/
HP Wolf Security
MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures - HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures, to learn more about cyber threats and cyber security.
Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833) https://research.nccgroup.com/2021/10/28/technical-advisory-apple-xar-arbitrary-file-write-cve-2021-30833/
NCC Group Research Blog
Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
Vendor: Apple Vendor URL: Versions affected: xar 1.8-dev Systems Affected: macOS versions below 12.0.1 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: CV…
Flare-On 2021: antioch https://0xdf.gitlab.io/flare-on-2021/antioch
0xdf hacks stuff
Flare-On 2021: antioch
antioch was a challenge based on the old movie, Monty Python and the Holy Grail. I’m given a Tar archive, which is a Docker image, the output of a command like docker save. It has a lot of layer data, but most the layers are not referenced in the manifest.…
ThreadStackSpoofer - PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode'S Memory Allocation From Scanners And Analysts https://www.kitploit.com/2021/10/threadstackspoofer-poc-for-advanced-in.html
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
Issue 2229: Linux: UAF read in SELinux handler for PTRACE_TRACEME https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
How to exploit a double free vulnerability in 2021. 'Use After Free for Dummies' https://github.com/stong/how-to-exploit-a-double-free
GitHub
GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
DRIDEX: Analysing API Obfuscation Through VEH https://www.0ffset.net/reverse-engineering/malware-analysis/dridex-veh-api-obfuscation/
0ffset Training Solutions | Practical and Affordable Cyber Security Training
DRIDEX: Analysing API Obfuscation Through VEH | 0ffset
DRIDEX is one of the most famous and prevalent banking Trojans that dates back to around late 2014. Throughout its improvement and variations, DRIDEX has been successful in targeting the financial services sector to steal banking information and crucial user…