Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware https://www.sentinelone.com/labs/moving-from-manual-reverse-engineering-of-uefi-modules-to-dynamic-emulation-of-uefi-firmware/
SentinelOne
Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware - SentinelLabs
Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security
A series of writes about “Binary Exploitation” https://github.com/7h3h4ckv157/Binary-exploitation-series
GitHub
GitHub - 7h3h4ckv157/Binary-exploitation-series: A series of writes about “Binary Exploitation”.
A series of writes about “Binary Exploitation”. . Contribute to 7h3h4ckv157/Binary-exploitation-series development by creating an account on GitHub.
Analyzing Malware with Hooks, Stomps and Return-addresses https://www.cyberark.com/resources/all-blog-posts/analyzing-malware-with-hooks-stomps-and-return-addresses-2
Cyberark
Analyzing Malware with Hooks, Stomps and Return-addresses
Table of Contents Introduction The First Detection The Module Stomp Bypass The Module Stomp Detection Final Thoughts Introduction This is the second post in my series and with this post we will...
Qbot Likes to Move It, Move It https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
The DFIR Report
Qbot Likes to Move It, Move It
Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed back in 2007. More info on Qbot can be found at the following links: Microsoft & Red Canary I…
Hunting for Persistence in Linux (Part 5): Systemd Generators https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
pepe berba
Hunting for Persistence in Linux (Part 5): Systemd Generators
How attackers can insert backdoors early in the boot process using systemd generators
IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts https://www.kitploit.com/2022/02/idacode-integration-for-ida-and-vs-code.html
KitPloit - PenTest & Hacking Tools
IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Volexity
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability […]
Reversing NodeJS malware, part 2: Analysing the source code https://itnext.io/reversing-nodejs-malware-part-2-analysing-the-source-code-a31c316ff4f
Medium
Reversing NodeJS malware, part 2: Analysing the source code
Following my last article about a Discord malware, we now take a deeper look inside the inner workings of the PirateStealer malware.
A detailed analysis of Lazarus APT malware disguised as Notepad++ Shell Extension https://cybergeeks.tech/a-detailed-analysis-of-lazarus-malware-disguised-as-notepad-shell-extension/
I’m bringing relaying back: A comprehensive guide on relaying anno 2022 https://www.trustedsec.com/blog/a-comprehensive-guide-on-relaying-anno-2022
TrustedSec
I’m bringing relaying back: A comprehensive guide on relaying anno…
As a results, I was forced to create the lab offline.eq The lab architecture looks as follows: Our lab contains three (3) servers in one (1) domain…
Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html
MMU Virtualization via Intel EPT: Implementation – Part 1 https://revers.engineering/mmu-virtualization-impl-p1/
Reverse Engineering
MMU Virtualization via Intel EPT: Implementation - Part 1 - Reverse Engineering
The first implementation heavy article covering the details of x86 paging, MTRR configuration, VPID/PCID, and initializing an EPT hierarchy.
Deserves a look » SHA-256 explained step-by-step visually https://sha256algorithm.com/
Sha256Algorithm
Sha256 Algorithm Explained
Sha256 algorithm explained online step by step visually
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution https://www.samba.org/samba/security/CVE-2021-44142.html
CVE-2021-44142: Details on a Samba Code Execution Bug Demonstrated at Pwn2Own Austin https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
Zero Day Initiative
Zero Day Initiative — CVE-2021-44142: Details on a Samba Code Execution Bug Demonstrated at Pwn2Own Austin
Recently, Samba released a patch to address an Out-of-Bounds (OOB) Heap Read/Write vulnerability found in Samba versions prior to 4.13.17. This vulnerability was disclosed at Pwn2Own Austin 2021 by Nguyễn Hoàng Thạch ( @hi_im_d4rkn3ss ) and Billy Jheng…
Dice CTF Memory Hole: Breaking V8 Heap Sandbox https://mem2019.github.io/jekyll/update/2022/02/06/DiceCTF-Memory-Hole.html
mem2019.github.io
Dice CTF Memory Hole: Breaking V8 Heap Sandbox
0x00 Introduction
Codex Exposed: Helping Hackers in Training? https://www.trendmicro.com/en_ae/research/22/a/codex-exposed-helping-hackers-in-training.html
Trend Micro
Codex Exposed Helping Hackers in Training
Silly proof of concept: Anti-phishing using perceptual hashing algorithms https://www.anvilsecure.com/blog/silly-proof-of-concept-anti-phishing-using-perceptual-hashing-algorithms.html
Anvil Secure
Silly proof of concept: Anti-phishing using perceptual hashing algorithms - Anvil Secure
by Diego Freijo Welcome to the first dispatch coming out of the Ministry of Silly Ideas! It’s a space we’ve got inside Anvil where we encourage ourselves to come up with interesting-even-if-sounding-silly-at-first-glance ideas around security or IT in general.…