What’s with the shared VBA code between Transparent Tribe and other threat actors? https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html
Cisco Talos Blog
What’s with the shared VBA code between Transparent Tribe and other threat actors?
Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking…
How to become a Bug Bounty Hunter https://github.com/pen4uin/bug-bounty
Malware Analysis Series (MAS) – Article 2 https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
Exploit Reversing
Malware Analysis Series (MAS) – Article 2
The second article of MAS (Malware Analysis Series) is available for reading on: (link): I hope you like it and keep reversing! Have an excellent day. Alexandre Borges.
Dropping Files on a Domain Controller Using CVE-2021-43893 https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/
Rapid7
Dropping Files on a Domain Controller Using CVE-2021-43893 | Rapid7 Blog
How I accidentally found a huge data leak during a college lecture https://sijmen.ruwhof.net/weblog/937-how-i-accidentally-found-a-huge-data-leak-during-a-college-lecture
A walk through Project Zero metrics https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
Blogspot
A walk through Project Zero metrics
Posted by Ryan Schoen, Project Zero tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Projec...
Zabbix - A Case Study of Unsafe Session Storage https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
Sonarsource
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability Alert https://securityonline.info/cve-2022-24112-apache-apisix-remote-code-execution-vulnerability-alert/
Cybersecurity News
CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability Alert
Recently, Apache APISIX officially released a security bulletin, disclosing a remote code execution vulnerability (CVE-2022-24112)
Another Kernel TIPC Bug, MySQL, and Buggy Go https://dayzerosec.com/podcast/another-kernel-tipc-bug-mysql-and-buggy-go.html
DAY[0]
Another Kernel TIPC Bug, MySQL, and Buggy Go
This week we discuss taint analysis and where to use it compared with fuzzing, a couple buggy code patterns in Go to be on the lookout for, and another remote stack-overflow in the Kernel TIPC module.
A technique to semi-automatically discover new vulnerabilities in WordPress plugins https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
kazet.cc
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
How to semi-automatically find vulnerabilities in WordPress plugins installed on about 15 million websites.
interesting report » DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/dosfuscation-report.pdf
Dynamically extracting the encryption key from a simple ransomware https://0x00sec.org/t/dynamically-extracting-the-encryption-key-from-a-simple-ransomware/28379
0x00sec - The Home of the Hacker
Dynamically extracting the encryption key from a simple ransomware
recently I’ve played ransomware101 room in secdojo website where I was given a windows box that has a flag ecrypted by a ransomware, and I had to figure out the decryption key to recover it, the ransomware key generation function worked like the following:…
Good reading about the Morris worm (1988) » "Crisis and Aftermath" https://www.cs.cmu.edu/~dga/15-712/F14/papers//Spafford89.pdf
CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection https://castilho101.github.io/posts/cve-2022-0478-woocommerce-event-manager-plugin-sql-injection/
castilho101.github.io
CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection | castilho
In this writeup, I will be going through how I found an Authenticated (sad) SQL Injection in the WooCommerce Event-Manager Wordpress Plugin. I will be going through the whole process, from the beginning of why I chose this plugin, to how a simple mistake…
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/
Forensic Analysis Of Xiaomi IoT Ecosystem https://www.forensicfocus.com/webinars/forensic-analysis-of-xiaomi-iot-ecosystem/
Forensic Focus
Forensic Analysis Of Xiaomi IoT Ecosystem - Forensic Focus
Good evening. My name is Evangelos Dragonas and today we’ll talk about the Forensic Analysis of Xiaomi IoT Ecosystem. Before ... Read more
CVE-2021-36260 Technical Analysis https://attackerkb.com/topics/mb8q72U2LT/cve-2021-36260/rapid7-analysis
AttackerKB
CVE-2021-36260 | AttackerKB
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability…