Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi
Juniper Networks
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
Juniper Threat Labs has observed variants of the ongoing Log4j CVE-2021-44228 attacks that use an RMI service instead of LDAP.
If You’re Not Doing Continuous Asset Management You’re Not Doing Security https://danielmiessler.com/blog/continuous-asset-management-security/
Danielmiessler
If You’re Not Doing Continuous Asset Management You’re Not Doing Security
April 25, 2018 The more a company can tell me about their assets the better their security is, and the more comprehensive and real-time the inventory is, the mo
A Detailed Guide on Log4J Penetration Testing https://www.hackingarticles.in/a-detailed-guide-on-log4j-penetration-testing/
Hacking Articles
A Detailed Guide on Log4J Penetration Testing
In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the
A Forensic Gold Mine III: Forensic Analysis of the Microsoft Teams Desktop Client https://www.alexbilz.com/post/2021-09-09-forensic-artifacts-microsoft-teams/
I am Alex Bilz
A Forensic Gold Mine III: Forensic Analysis of the Microsoft Teams Desktop Client
In this post, I will look at the abundance of forensic artefacts which can be collected from Microsoft Teams Client on Windows Desktops.
Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce
Zero Day Initiative
Zero Day Initiative — Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE
In this third and final blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the method of exploiting CVE-2021-21220 for code execution. This bug was used by Bruno Keith ( @bkth_ ) and Niklas Baumstark ( @_niklasb ) of Dataflow…
Inside a PBX - Discovering a Firmware Backdoor https://blog.redteam-pentesting.de/2021/inside-a-pbx/
RedTeam Pentesting - Blog
Inside a PBX - Discovering a Firmware Backdoor
This blog post illustrates how RedTeam Pentesting discovered a real-world backdoor in a widely used Auerswald phone system (see also the advisory and CVE-2021-40859). We will describe the methodology used to find the backdoor by examining the …
Phishing attacks impersonate Pfizer in fake requests for quotation https://www.bleepingcomputer.com/news/security/phishing-attacks-impersonate-pfizer-in-fake-requests-for-quotation/
BleepingComputer
Phishing attacks impersonate Pfizer in fake requests for quotation
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims.
Android Application Testing Using Windows 11 and Windows Subsystem for Android https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
DNS Security, Part I: Basic DNS https://educatedguesswork.org/posts/dns-security/
Hook Heaps and Live Free https://www.cyberark.com/resources/threat-research-blog/hook-heaps-and-live-free
Cyberark
Hook Heaps and Live Free
I wanted to write this blog post to talk a bit about Cobalt Strike, function hooking and the Windows heap. We will be targeting BeaconEye (https://github.com/CCob/BeaconEye) as our detection tool...
Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation (CVE-2021–42287) https://medium.com/@mvelazco/hunting-for-samaccountname-spoofing-cve-2021-42287-and-domain-controller-impersonation-f704513c8a45
Medium
Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation…
Background
MS Teams: 1 feature, 4 vulnerabilities https://positive.security/blog/ms-teams-1-feature-4-vulns
positive.security
MS Teams: 1 feature, 4 vulnerabilities | Positive Security
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.
Establishing the TigerRAT and TigerDownloader malware families https://threatray.com/blog/establishing-the-tigerrat-and-tigerdownloader-malware-families/
Threatray
Establishing the TigerRAT and TigerDownloader malware families | Threatray
Recent research by Malwarebytes (April 2021), Kaspersky (June 2021) and the Korean CERT (September 2021), reports about attacks on South Korean entities, employing new techniques and malware not previously identified.
Diavol Ransomware https://thedfirreport.com/2021/12/13/diavol-ransomware/
The DFIR Report
Diavol Ransomware
In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported on many occasions. In this intrusion, however, a BazarLoader infection resulted in deployment of Di…
Good tutorial on a particular kind of heap exploit » Did you understand House of Einherjar? https://hackmd.io/@gand3lf/houseofeinherjar
HackMD
Did you understand House of Einherjar? - HackMD
# Did you understand House of Einherjar? ## Prerequisites * Do you know the C language? No -> Maybe
Hacking the Tenda AC10–1200 Router Part 4: sscanf buffer overflow https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6
Medium
Hacking the Tenda AC10–1200 Router Part 4: sscanf buffer overflow
In this writeup, i will show you a sscanf buffer overflow that i found in tenda ac10–1200. I tried reporting it but no response, so i…
Other write-up for CVE-2021-31956 Windows Kernel NTFS privilege escalation (in Chinese) https://dawnslab.jd.com/CVE-2021-31956/
京东獬豸信息安全实验室
CVE-2021-31956漏洞分析
概述 CVE-2021-31956是微软2021年6月份披露的一个内核堆溢出漏洞,攻击者可以利用此漏洞实现本地权限提升,nccgroup的博客已经进行了详细的利用分析,不过并没有贴出exploit的源代码。 本篇文章记录一下自己学习windows exploit的过程,使用的利用技巧和nccgroup提到的大同小异,仅供学习参考。
Where's the Interpreter!? (CVE-2021-30853)
bypassing file quarantine, gatekeeper, & notarization requirements ...again! https://objective-see.com/blog/blog_0x6A.html
bypassing file quarantine, gatekeeper, & notarization requirements ...again! https://objective-see.com/blog/blog_0x6A.html
Nice tool! » Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems https://github.com/ChrisTheCoolHut/Zeratool
GitHub
GitHub - ChrisTheCoolHut/Zeratool: Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems - ChrisTheCoolHut/Zeratool
Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce
Zero Day Initiative
Zero Day Initiative — Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE
In this third and final blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the method of exploiting CVE-2021-21220 for code execution. This bug was used by Bruno Keith ( @bkth_ ) and Niklas Baumstark ( @_niklasb ) of Dataflow…
What is a Watering Hole Attacks and How to Prevent Them https://blog.cymulate.com/watering-hole-attack-dont-drink-water
Cymulate
What is a Watering Hole Attacks and How to Prevent Them
A Watering Hole attack is an attack method in which the attacker seeks to compromise a specific group of end-users by infecting websites.