Captain Hook - How (not) to look for vulnerabilities in Java applications https://www.synacktiv.com/en/publications/captain-hook-how-not-to-look-for-vulnerabilities-in-java-applications.html
Synacktiv
Captain Hook - How (not) to look for vulnerabilities in Java applications
During my 6-months intership, I developed a tool to ease vunerability research on Java applications.
MoonBounce: the dark side of UEFI firmware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Securelist
MoonBounce: the dark side of UEFI firmware
At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.
Have you ever wanted to learn more about cryptography? Then you may be interested in our last post about hybrid cryptography schemes: https://reversea.me/index.php/hybrid-encryption-sockets-using-crypto/ We also give an implementation for GNU/Linux sockets! (contributed by @RazviOverflow)
Telenot Complex: Insecure AES Key Generation https://x41-dsec.de/lab/blog/telenot-complex-insecure-keygen/
X41 D-Sec - Penetration Tests and Source Code Audits
Telenot Complex: Insecure AES Key Generation
CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system’s parameterization software. Includes a proof…
A curated list of awesome resources related to executable packing https://github.com/dhondta/awesome-executable-packing
GitHub
GitHub - packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
A curated list of awesome resources related to executable packing - packing-box/awesome-executable-packing
Analysis and utilization of CVE-2021-31956 (in Chinese) https://bbs.pediy.com/thread-271140.htm
Pediy
[原创]CVE-2021-31956分析与利用-二进制漏洞-看雪论坛-安全社区|安全招聘|bbs.pediy.com
Treat security as a risk https://blog.frankel.ch/treat-security-as-risk/
A Java geek
Treat security as a risk
Security is the poster child of a Non-Functional Requirement: most people don’t care until the proverbial fecal matter hits the rotary propeller. Consequences can range from losing reputation to legal liability to putting the business out. In my post on running…
T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer https://www.kitploit.com/2022/01/t-reqs-http-fuzzer-grammar-based-http.html
KitPloit - PenTest & Hacking Tools
T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer
CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape https://sysdig.com/blog/cve-2022-0185-container-escape/
Sysdig
CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape | Sysdig
Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel causing DoS, escape container or elevate privileges
A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations https://lifars.com/2022/01/a-detailed-analysis-of-whispergate-targeting-ukrainian-organizations/
LIFARS, a SecurityScorecard company
A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
Microsoft reported evidence of destructive malware targeting organizations in Ukraine starting from January 13 . The LIFARS threat intelligence team have A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
How BRATA is monitoring your bank account https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
Cleafy
How BRATA is monitoring your bank account | Cleafy Labs
The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.
New Ransomware Spotted: White Rabbit and Its Evasion Tactics https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html
Trend Micro
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer.
Modern Techniques to Prevent Malware instead of Detecting It https://www.balasys.hu/blogs/modern-techniques-to-prevent-malware-instead-of-detecting-it
www.balasys.hu
Modern Techniques to Prevent Malware instead of Detecting It
Google lists 4,840,000 results to the search of "malware detection tools." Is malware detection a silver bullet, or is there a smarter method to prevent malware attacks? We believe there is one.
Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/
modexp
Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy
Introduction The surveillance spyware FinFisher, also known as FinSpy, uses what Microsoft called an “interesting and quite unusual” method of process injection via the KernelCallBackTa…
CVE-2022-0329 and the problems with automated vulnerability management https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/
tomforb.es
CVE-2022-0329 and the problems with automated vulnerability management
Update: Github have responded and said they will stop sending notifications about this CVE. Yesterday Github started notifying tens of thousands of people about a critical remote code execution vulnerability in a package named loguru. Their reviewed advisory…
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Pwnkit: How to exploit and check https://beny23.github.io/posts/pwnkit_how_to_check_and_exploit/
beny23.github.io
Pwnkit: How to exploit and check
Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This…
What went wrong? Quoting from the original researchers:
This…
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation https://github.com/ly4k/PwnKit
GitHub
GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation - ly4k/PwnKit