Nice write-up in a not-so-easy topic » How to exploit a double free vulnerability in 2021. 'Use After Free for Dummies' https://github.com/stong/how-to-exploit-a-double-free
GitHub
GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
We are starting this week, thx to @catedra_TEF_UZ for the support! ♥️ Join us, folks! 👇👇👇 https://twitter.com/unizar/status/1488453925053222917?t=UZoVPplDcCDHhjBJAUS-GA&s=19
Twitter
Universidad Zaragoza
La Cátedra @Telefonica-@unizar que dirige @fernand0 y el #GrupoRME crean la Escuela de #retos de #ciberseguridad para impulsar el talento y la capacidad universitarios. Comienza el 4 de febrero en la @EINAunizar con más de 25 estudiantes.
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Bill Demirkapi's Blog
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
In the middle of August 2021, a special Word document was uploaded to VirusTotal by a user from Argentina. Although it was only detected by a single antivirus engine at the time, this sample turned out to be exploiting a zero day vulnerability in Microsoft…
Shlyuz Implant Framework: Part 1 - Influences https://und3rf10w.github.io/posts/2022/01/08/shlyuz-1-influences.html
Und3rf10w
Shlyuz Implant Framework: Part 1 - Influences
Overview I’m excited to finally discuss and share the Proof-of-Concept code for an implant framework I wrote called Shlyuz (шлюз). Shlyuz takes a number of design queues from the Assassin Implant developed by the Central Intelligence Agency as described in…
garlicshare: Private and self-hosted file sharing over the Tor network written in golang https://github.com/R4yGM/garlicshare
GitHub
GitHub - R4yGM/garlicshare: Private and self-hosted file sharing over the Tor network written in golang
Private and self-hosted file sharing over the Tor network written in golang - GitHub - R4yGM/garlicshare: Private and self-hosted file sharing over the Tor network written in golang
CVE-2021-38000: Chrome Intents Logic Flaw https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-38000.html
TOCTOU Vulnerability in Log4J 2.15 https://blog.h3xstream.com/2021/12/toctou-vulnerability-in-log4j-215.html
H3Xstream
h3xStream's blog: TOCTOU Vulnerability in Log4J 2.15
Log4J has been in the spotlight for the past two weeks for a new attack vector which relies on Java Naming and Directory Interface (JNDI). ...
[VULNCON 2021] - IPS https://blog.kylebot.net/2022/01/10/VULNCON-2021-IPS/
SQL Injection in Wordpress core (CVE-2022–21661) https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897
Medium
SQL Injection in Wordpress core (CVE-2022–21661)
Giới thiệu
LoRaWAN's Protocol Stacks: The Forgotten Targets at Risk https://www.trendmicro.com/en_us/research/22/a/lorawans-protocol-stacks-the-forgotten-targets-at-risk.html
Trend Micro
LoRaWAN's Protocol Stacks: The Forgotten Targets at Risk
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Cyberark
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines…
In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected https://blog.malwarebytes.com/reports/2022/01/intercepting-2fa-over-1200-man-in-the-middle-phishing-toolkits-detected/
Malwarebytes Labs
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected
Evolved phishing toolkits that can intercept 2FA codes are called man-in-the-middle (MiTM) phishing kits. And they're growing in popularity.
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
Check Point Research
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk…
Research by: Golan Cohen Introduction Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in…
Patchwork APT caught in its own web https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
ThreatDown by Malwarebytes
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks….
Real-world Android Malware Analysis 1: eblagh.apk https://www.purpl3f0xsecur1ty.tech/2022/01/10/eblagh-re.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 1: eblagh.apk
Intro
Mejores sistemas protección red con sistemas IDS/IPS https://blog.elhacker.net/2022/01/mejores-sistemas-para-proteger-red-intrusos-amenazas-sistema-ids-ips.html
Blog elhacker.NET
Mejores sistemas protección red con sistemas IDS/IPS
Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers https://securityonline.info/wi-fi-framework-creating-poc-automated-experiments-test-suites-fuzzers-and-more/
Cybersecurity News
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers
Wi-Fi Framework can be used to create fuzzers, implement new attacks, create PoCs to test for vulnerabilities, automate experiments, implement test suites