Attackers test “CAB-less 40444” exploit in a dry run https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Sophos News
Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
A curated list of Frida resources https://github.com/dweinstein/awesome-frida
GitHub
GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources https://www.frida.re/ (https://github.com/frida/frida)
Awesome Frida - A curated list of Frida resources https://www.frida.re/ (https://github.com/frida/frida) - dweinstein/awesome-frida
Elephant Beetle: Uncovering an Organized Financial-Theft Operation https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation
Sygnia
Elephant Beetle: Uncovering an Organized Financial-Theft Operation
Sygnia’s IR team has identified the Elephant Beetle threat group, an organized, significant financial-theft operation threatening global enterprises.
Mutual Authentication: A Component of Zero Trust https://www.pomerium.com/docs/topics/mutual-auth.html
Pomerium
Mutual Authentication | Pomerium
This page describes the concept of mutual authentication and why it's important.
Understanding Address Spacing in Detail https://tbhaxor.com/understanding-address-spacing-in-detail/
tbhaxor
Understanding Address Spacing in Detail
Address spacing is used in all the Operating Systems to manage the processes' memory. Virtual address spacing opened the door for more features like swapping and easy relocations of the instructions and data to prevent address tampering.
Nice intro » Malware Reverse Engineering for Beginners - Part 1: From 0x0 https://www.intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
Intezer
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Reverse engineering is an integral part of malware analysis and research - get started learning this advanced skill to investigate malware.
Hacking a VW Golf Power Steering ECU - Part 1 https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part1/
The learnings, pitfalls, and compromises of Microsoft’s expedition to the cloud https://www.microsoft.com/insidetrack/blog/learnings-pitfalls-compromises-operations-expedition-cloud/
Inside Track Blog
The learnings, pitfalls, and compromises of Microsoft’s expedition to the cloud - Inside Track Blog
Pete Apple shares his learnings from guiding Microsoft on its expedition to the cloud and Microsoft Azure.
SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts https://thehackernews.com/2022/01/sailfish-system-to-find-state.html
Emulating File I/O for In-Memory Fuzzing https://www.signal-labs.com/blog/emulating-fileio-fuzzing
Signal Labs
Emulating File I/O for In-Memory Fuzzing | Advanced Offensive Cybersecurity Training
Using hooks & file I/O emulation to redirect disk I/O operations to memory, removing disk I/O & related syscalls during fuzzing (which also enables using snapshot-fuzzers that don't support disk I/O).
CVE-2021-22045: VMware Workstation, Fusion and ESXi heap-overflow vulnerability https://securityonline.info/cve-2021-22045-vmware-workstation-fusion-and-esxi-heap-overflow/
Cybersecurity News
CVE-2021-22045: VMware Workstation, Fusion and ESXi heap-overflow vulnerability
VMware Workstation, Fusion, and ESXi to fix a heap-overflow security vulnerability. The security vulnerability number is CVE-2021-22045
Nice write-up in a not-so-easy topic » How to exploit a double free vulnerability in 2021. 'Use After Free for Dummies' https://github.com/stong/how-to-exploit-a-double-free
GitHub
GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
We are starting this week, thx to @catedra_TEF_UZ for the support! ♥️ Join us, folks! 👇👇👇 https://twitter.com/unizar/status/1488453925053222917?t=UZoVPplDcCDHhjBJAUS-GA&s=19
Twitter
Universidad Zaragoza
La Cátedra @Telefonica-@unizar que dirige @fernand0 y el #GrupoRME crean la Escuela de #retos de #ciberseguridad para impulsar el talento y la capacidad universitarios. Comienza el 4 de febrero en la @EINAunizar con más de 25 estudiantes.
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Bill Demirkapi's Blog
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
In the middle of August 2021, a special Word document was uploaded to VirusTotal by a user from Argentina. Although it was only detected by a single antivirus engine at the time, this sample turned out to be exploiting a zero day vulnerability in Microsoft…
Shlyuz Implant Framework: Part 1 - Influences https://und3rf10w.github.io/posts/2022/01/08/shlyuz-1-influences.html
Und3rf10w
Shlyuz Implant Framework: Part 1 - Influences
Overview I’m excited to finally discuss and share the Proof-of-Concept code for an implant framework I wrote called Shlyuz (шлюз). Shlyuz takes a number of design queues from the Assassin Implant developed by the Central Intelligence Agency as described in…
garlicshare: Private and self-hosted file sharing over the Tor network written in golang https://github.com/R4yGM/garlicshare
GitHub
GitHub - R4yGM/garlicshare: Private and self-hosted file sharing over the Tor network written in golang
Private and self-hosted file sharing over the Tor network written in golang - GitHub - R4yGM/garlicshare: Private and self-hosted file sharing over the Tor network written in golang
CVE-2021-38000: Chrome Intents Logic Flaw https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-38000.html
TOCTOU Vulnerability in Log4J 2.15 https://blog.h3xstream.com/2021/12/toctou-vulnerability-in-log4j-215.html
H3Xstream
h3xStream's blog: TOCTOU Vulnerability in Log4J 2.15
Log4J has been in the spotlight for the past two weeks for a new attack vector which relies on Java Naming and Directory Interface (JNDI). ...
[VULNCON 2021] - IPS https://blog.kylebot.net/2022/01/10/VULNCON-2021-IPS/