Establishing the TigerRAT and TigerDownloader malware families https://threatray.com/blog/establishing-the-tigerrat-and-tigerdownloader-malware-families/
Threatray
Establishing the TigerRAT and TigerDownloader malware families | Threatray
Recent research by Malwarebytes (April 2021), Kaspersky (June 2021) and the Korean CERT (September 2021), reports about attacks on South Korean entities, employing new techniques and malware not previously identified.
Diavol Ransomware https://thedfirreport.com/2021/12/13/diavol-ransomware/
The DFIR Report
Diavol Ransomware
In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported on many occasions. In this intrusion, however, a BazarLoader infection resulted in deployment of Di…
Good tutorial on a particular kind of heap exploit » Did you understand House of Einherjar? https://hackmd.io/@gand3lf/houseofeinherjar
HackMD
Did you understand House of Einherjar? - HackMD
# Did you understand House of Einherjar? ## Prerequisites * Do you know the C language? No -> Maybe
Hacking the Tenda AC10–1200 Router Part 4: sscanf buffer overflow https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6
Medium
Hacking the Tenda AC10–1200 Router Part 4: sscanf buffer overflow
In this writeup, i will show you a sscanf buffer overflow that i found in tenda ac10–1200. I tried reporting it but no response, so i…
Other write-up for CVE-2021-31956 Windows Kernel NTFS privilege escalation (in Chinese) https://dawnslab.jd.com/CVE-2021-31956/
京东獬豸信息安全实验室
CVE-2021-31956漏洞分析
概述 CVE-2021-31956是微软2021年6月份披露的一个内核堆溢出漏洞,攻击者可以利用此漏洞实现本地权限提升,nccgroup的博客已经进行了详细的利用分析,不过并没有贴出exploit的源代码。 本篇文章记录一下自己学习windows exploit的过程,使用的利用技巧和nccgroup提到的大同小异,仅供学习参考。
Where's the Interpreter!? (CVE-2021-30853)
bypassing file quarantine, gatekeeper, & notarization requirements ...again! https://objective-see.com/blog/blog_0x6A.html
bypassing file quarantine, gatekeeper, & notarization requirements ...again! https://objective-see.com/blog/blog_0x6A.html
Nice tool! » Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems https://github.com/ChrisTheCoolHut/Zeratool
GitHub
GitHub - ChrisTheCoolHut/Zeratool: Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems - ChrisTheCoolHut/Zeratool
Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce
Zero Day Initiative
Zero Day Initiative — Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE
In this third and final blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the method of exploiting CVE-2021-21220 for code execution. This bug was used by Bruno Keith ( @bkth_ ) and Niklas Baumstark ( @_niklasb ) of Dataflow…
What is a Watering Hole Attacks and How to Prevent Them https://blog.cymulate.com/watering-hole-attack-dont-drink-water
Cymulate
What is a Watering Hole Attacks and How to Prevent Them
A Watering Hole attack is an attack method in which the attacker seeks to compromise a specific group of end-users by infecting websites.
Windows Reverse Shells Cheatsheet
https://podalirius.net/en/articles/windows-reverse-shells-cheatsheet/#powershell
https://podalirius.net/en/articles/windows-reverse-shells-cheatsheet/#powershell
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/
Check Point Research
A Deep Dive into DoubleFeature, Equation Group's Post-Exploitation Dashboard - Check Point Research
Earlier this year, Check Point Research published the story of “Jian” — an exploit used by Chinese threat actor APT31 which was “heavily inspired by” an almost-identical exploit used by the Equation Group, made publicly known by the Shadow Brokers leak. The…
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations https://www.trendmicro.com/en_us/research/21/l/examining-log4j-vulnerabilities-in-connected-cars.html
Trend Micro
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
ESFang - Exploring the macOS Endpoint Security Framework (ESF) for Threat Detection https://labs.f-secure.com/blog/esfang-exploring-the-macos-endpoint-security-framework-for-threat-detection/
Winning the Impossible Race – An Unintended Solution for Includer’s Revenge / Counter (hxp 2021) https://lewin.co.il/winning-the-impossible-race-an-unintended-solution-for-includers-revenge-counter-hxp-2021/
Nice introduction to ROP » A Gentle Intro to ROP and Bypassing DEP https://cwinfosec.org/Intro-ROP-DEP-Bypass/
cwinfosec
A Gentle Intro to ROP and Bypassing DEP
This post is intended as a soft introduction to return-oriented-programming and bypassing DEP. Nothing in this blog post is new or ground-breaking research; however, sometimes it helps to hear another point of view. Today we will be looking at a very basic…
WMEye: a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement https://github.com/pwn1sher/WMEye
GitHub
GitHub - pwn1sher/WMEye: WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement
WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement - pwn1sher/WMEye
PrintNightmare and SSH Tunnels for Fun https://marcusedmondson.com/2021/12/29/printnightmare-and-ssh-tunnels-for-fun/
Marcus Edmondson | Offensive Security | Information Security
PrintNightmare and SSH Tunnels for Fun
Today I wanted to cover a subject that has been covered many times before, but writing about the techniques and tools I am learning helps me solidify my knowledge so here we go. Today’s post …
Nice resources here » A curated list of awesome malware analysis tools and resources https://github.com/rshipp/awesome-malware-analysis
GitHub
GitHub - rshipp/awesome-malware-analysis: Defund the Police.
Defund the Police. Contribute to rshipp/awesome-malware-analysis development by creating an account on GitHub.
Reverse Engineering Yaesu FT-70D Firmware Encryption https://landaire.net/reversing-yaesu-firmware-encryption/
landaire.net
Reverse Engineering Yaesu FT-70D Firmware Encryption
nothing interesting