Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
Check Point Research
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk…
Research by: Golan Cohen Introduction Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in…
Patchwork APT caught in its own web https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
ThreatDown by Malwarebytes
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks….
Real-world Android Malware Analysis 1: eblagh.apk https://www.purpl3f0xsecur1ty.tech/2022/01/10/eblagh-re.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 1: eblagh.apk
Intro
Mejores sistemas protección red con sistemas IDS/IPS https://blog.elhacker.net/2022/01/mejores-sistemas-para-proteger-red-intrusos-amenazas-sistema-ids-ips.html
Blog elhacker.NET
Mejores sistemas protección red con sistemas IDS/IPS
Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers https://securityonline.info/wi-fi-framework-creating-poc-automated-experiments-test-suites-fuzzers-and-more/
Cybersecurity News
Wi-Fi Framework: creating PoC, automated experiments, test suites, fuzzers
Wi-Fi Framework can be used to create fuzzers, implement new attacks, create PoCs to test for vulnerabilities, automate experiments, implement test suites
TokyoX: DLL side-loading an unknown artifact (Part 2) https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact-part-2/
New SysJoker Backdoor Targets Windows, Linux, and macOS https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Intezer
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, we discovered a new multi-platform…
Active Directory Privilege Escalation (CVE-2021–42278) https://www.hackingarticles.in/active-directory-privilege-escalation-cve-2021-42278/
Hacking Articles
Windows Privilege Escalation: sAMAccountName Spoofing - Hacking Articles
This post discusses how CVE-2021-42278 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any
NightSky Ransomware – just a Rook RW fork in VMProtect suit https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md
GitHub
Malware-analysis-and-Reverse-engineering/NightSky_Ransomware–just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware–just_a_…
Some of my publicly available Malware analysis and Reverse engineering. - Dump-GUY/Malware-analysis-and-Reverse-engineering
Obfuscating Malicious, Macro-Enabled Word Docs https://depthsecurity.com/blog/obfuscating-malicious-macro-enabled-word-docs
Depth Security | A Konica Minolta Service
Obfuscating Malicious, Macro-Enabled Word Docs | Depth Security
Learn more about malicious word documents from the Depth Security team in this blog post. Depth Security provides an experienced take on the subject.
New contribution in @vxunderground, nice one » Playing around with COM objects - PART 1 by @T3nb3w https://papers.vx-underground.org/papers/VXUG/Mirrors/playing-around-com-objects-part-1.pdf
SpoofThatMail: Bash script to check if a domain or list of domains can be spoofed based in DMARC records https://github.com/v4d1/SpoofThatMail
GitHub
GitHub - v4d1/SpoofThatMail: Bash script to check if a domain or list of domains can be spoofed based in DMARC records
Bash script to check if a domain or list of domains can be spoofed based in DMARC records - v4d1/SpoofThatMail
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
Medium
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
This story begins with a series of fails, but why? That is because of my special relationship with the Microsoft Exchange codebase…
Malicious modifications to open source projects affecting thousands – Sysdig Secure https://sysdig.com/blog/malicious-modifications-detection-sysdig/
Sysdig
Malicious modifications to open source projects affecting thousands - Sysdig Secure – Sysdig
Two extremely popular JavaScript open source packages, colors.js, and faker.js, were maliciously modified to the point of being unusable.
Running arm64 code on your Intel Mac 🖥 using Unicorn emulator https://danylokos.github.io/0x04/
🇺🇦 danylokos’s blog
Running arm64 code on your Intel Mac 🖥 using Unicorn emulator
Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework™ - official website. How is it useful? I’ve used it to trace and analyze heavily obfuscated and deeply nested code parts in iOS arm64 binaries. So it can be a very nice tool…
Building userDebug Android images for a Google Pixel (sailfish) https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
Linkedin
Building userDebug Android images for a Google Pixel (sailfish).
Beforehand, i'm sorry for my english writing. I'm in practice for improve it.
RCE in Adobe Acrobat Reader for android(CVE-2021-40724) https://hulkvision.github.io/blog/post1/
hulkvision.github.io
RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
# Summary
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
Multidex trick to unpack Android/BianLian https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56
Medium
Multidex trick to unpack Android/BianLian
This article explains how to unpack sample sha256 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368 which was served from…
RSA, DH, and DSA in the Wild https://eprint.iacr.org/2022/048
An extremely casual code review of MetaMask’s crypto https://blog.cryptographyengineering.com/2022/01/14/an-extremely-casual-code-review-of-metamasks-crypto/
A Few Thoughts on Cryptographic Engineering
An extremely casual code review of MetaMask’s crypto
NB: This post describes a very casual code review of a few cryptography functions used by MetaMask. It does not describe any vulnerabilities. If you’re the kind of person who likes a meanderi…