Great material here! » Reverse Engineering 3201: Symbolic Analysis https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+RE3201_symexec+2021_V1/about
p.ost2.fyi
Reverse Engineering 3201: Symbolic Analysis
This class is an introduction to Symbolic Analysis and Execution of binaries. It requires you to know x86-64 assembly, and be comfortable with Python3 programming.
Wow! Now, you can debug the heap exploitation techniques in your browser directly using gdb, that's great! https://github.com/shellphish/how2heap
GitHub
GitHub - shellphish/how2heap: A repository for learning various heap exploitation techniques.
A repository for learning various heap exploitation techniques. - shellphish/how2heap
Zerodium looks to buy zero-days in Outlook and Thunderbird email clients https://therecord.media/zerodium-looks-to-buy-zero-days-in-outlook-and-thunderbird-email-clients/
therecord.media
Zerodium looks to buy zero-days in Outlook and Thunderbird email clients
US-based exploit broker Zerodium announced plans today to pay $200,000 and $400,000 for zero-day exploits in Mozilla Thunderbird and Microsoft Outlook, respectively, two of today\'s most popular and widely used desktop email clients.
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
Microsoft Security Blog
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA | Microsoft Security Blog
We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
A story of leaking uninitialized memory from Fastly https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f
Medium
A story of leaking uninitialized memory from Fastly
The post go through a QUIC (HTTP/3) implementation bug in the H2O webserver. The bug is interesting as it affected Fastly, a well-known…
Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware https://www.sentinelone.com/labs/moving-from-manual-reverse-engineering-of-uefi-modules-to-dynamic-emulation-of-uefi-firmware/
SentinelOne
Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware - SentinelLabs
Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security
A series of writes about “Binary Exploitation” https://github.com/7h3h4ckv157/Binary-exploitation-series
GitHub
GitHub - 7h3h4ckv157/Binary-exploitation-series: A series of writes about “Binary Exploitation”.
A series of writes about “Binary Exploitation”. . Contribute to 7h3h4ckv157/Binary-exploitation-series development by creating an account on GitHub.
Analyzing Malware with Hooks, Stomps and Return-addresses https://www.cyberark.com/resources/all-blog-posts/analyzing-malware-with-hooks-stomps-and-return-addresses-2
Cyberark
Analyzing Malware with Hooks, Stomps and Return-addresses
Table of Contents Introduction The First Detection The Module Stomp Bypass The Module Stomp Detection Final Thoughts Introduction This is the second post in my series and with this post we will...
Qbot Likes to Move It, Move It https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
The DFIR Report
Qbot Likes to Move It, Move It
Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed back in 2007. More info on Qbot can be found at the following links: Microsoft & Red Canary I…
Hunting for Persistence in Linux (Part 5): Systemd Generators https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
pepe berba
Hunting for Persistence in Linux (Part 5): Systemd Generators
How attackers can insert backdoors early in the boot process using systemd generators
IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts https://www.kitploit.com/2022/02/idacode-integration-for-ida-and-vs-code.html
KitPloit - PenTest & Hacking Tools
IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Volexity
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability […]
Reversing NodeJS malware, part 2: Analysing the source code https://itnext.io/reversing-nodejs-malware-part-2-analysing-the-source-code-a31c316ff4f
Medium
Reversing NodeJS malware, part 2: Analysing the source code
Following my last article about a Discord malware, we now take a deeper look inside the inner workings of the PirateStealer malware.
A detailed analysis of Lazarus APT malware disguised as Notepad++ Shell Extension https://cybergeeks.tech/a-detailed-analysis-of-lazarus-malware-disguised-as-notepad-shell-extension/
I’m bringing relaying back: A comprehensive guide on relaying anno 2022 https://www.trustedsec.com/blog/a-comprehensive-guide-on-relaying-anno-2022
TrustedSec
I’m bringing relaying back: A comprehensive guide on relaying anno…
As a results, I was forced to create the lab offline.eq The lab architecture looks as follows: Our lab contains three (3) servers in one (1) domain…
Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html