A new publication from members of our group 👏👏 congrats guys! » https://twitter.com/RicardoJRdez/status/1500389724237803524
Twitter
Ricardo J. Rodríguez
Our work "Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review" (with @Razvieu and P. Álvarez) is finally out! ieeexplore.ieee.org/document/97180… (1/3)
A Zero-Click RCE Exploit for the Peloton Bike (And Also Every Other Unpatched Android Device) https://www.nowsecure.com/blog/2022/02/09/a-zero-click-rce-exploit-for-the-peloton-bike-and-also-every-other-unpatched-android-device/
Nowsecure
Zero-Click RCE Exploit for the Peloton Bike Identified and Patched
The Peloton Bike ran an unpatched version of Android 7 which led to it being vulnerable to a number of known issues, most significantly CVE-2021-0326, which could allow an attacker within WiFi range to execute arbitrary code on the device with no user interaction.
Nice sketch about 2FA, for lectures :) » https://twitter.com/sketchplanator/status/1491412842339258370?t=-0d5KnxC4sHtiSUize8OIQ&s=09
Twitter
Sketchplanations
2 factor authentication
Critical vulnerability discovered in MISP https://zigrin.com/case-study/vulnerability-discovery-in-misp/
FunctionStomping: shellcode injection technique to evade AVs and EDRs https://github.com/Idov31/FunctionStomping
GitHub
GitHub - Idov31/FunctionStomping: Shellcode injection technique. Given as C++ header, standalone Rust program or library.
Shellcode injection technique. Given as C++ header, standalone Rust program or library. - Idov31/FunctionStomping
Working with USB through IOKit on a jailbroken iOS 📱https://danylokos.github.io/0x05/
🇺🇦 danylokos’s blog
Working with USB through IOKit on a jailbroken iOS 📱
Some time ago, as part of a new hobby, I bought a telescope 🔭 (Newtonian reflector), and some additional eyepieces… and filters… and a motor drive for the mount… and an astronomy USB camera 😬. Hey, you need all this stuff, seriously! For the whole setup to…
Good content here! » Reverse-Engineering & Exploitation Fundamentals https://omu.rce.so/gcc-2022/
omu.rce.so
omu training
Writing Anti-Anti-Virus Exploit (AuViel - Hayyim CTF 2022) https://ptr-yudai.hatenablog.com/entry/2022/02/13/122744
CTFするぞ
Writing Anti-Anti-Virus Exploit (AuViel - Hayyim CTF 2022) - CTFするぞ
Introduction I played Hayyim CTF 2022 with keymoon, st98, and theoremoon. We solved all pwn tasks there and stood the 3rd place. *1 There was a pwn challenge to…
Overview of GLIBC heap exploitation techniques https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/
Low-level adventures
Overview of GLIBC heap exploitation techniques
Overview of current GLIBC heap exploitation techniques up to GLIBC 2.34, including their ideas and introduced mitigations along the way
Very good (and tedious) work here by @jonathansalwan » VMProtect Devirtualization: An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x https://github.com/JonathanSalwan/VMProtect-devirtualization
GitHub
GitHub - JonathanSalwan/VMProtect-devirtualization: Playing with the VMProtect software protection. Automatic deobfuscation of…
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM. - JonathanSalwan/VMProtect-devirtualization
MyloBot 2022 – Evasive botnet that just sends extortion emails? https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
Dropping Files on a Domain Controller Using CVE-2021-43893 https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/
Rapid7
Dropping Files on a Domain Controller Using CVE-2021-43893 | Rapid7 Blog
Segway store compromised with Magecart skimmer https://blog.malwarebytes.com/threat-intelligence/2022/01/segway-store-compromised-with-magecart-skimmer/
Malwarebytes
Segway store compromised with Magecart skimmer
In the early 2000’s, the Segway company released a personal transporter that would become iconic. The Segway Human Transporter was quickly...
Good report here, keep an eye on it! » Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities https://csrc.nist.gov/publications/detail/sp/800-218/final
CSRC | NIST
NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating…
Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This document…
ModifiedElephant APT and a Decade of Fabricating Evidence https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
SentinelOne
ModifiedElephant APT and a Decade of Fabricating Evidence
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
What’s with the shared VBA code between Transparent Tribe and other threat actors? https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html
Cisco Talos Blog
What’s with the shared VBA code between Transparent Tribe and other threat actors?
Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking…
How to become a Bug Bounty Hunter https://github.com/pen4uin/bug-bounty
Malware Analysis Series (MAS) – Article 2 https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
Exploit Reversing
Malware Analysis Series (MAS) – Article 2
The second article of MAS (Malware Analysis Series) is available for reading on: (link): I hope you like it and keep reversing! Have an excellent day. Alexandre Borges.
Dropping Files on a Domain Controller Using CVE-2021-43893 https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/
Rapid7
Dropping Files on a Domain Controller Using CVE-2021-43893 | Rapid7 Blog