CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability Alert https://securityonline.info/cve-2022-24112-apache-apisix-remote-code-execution-vulnerability-alert/
Cybersecurity News
CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability Alert
Recently, Apache APISIX officially released a security bulletin, disclosing a remote code execution vulnerability (CVE-2022-24112)
Another Kernel TIPC Bug, MySQL, and Buggy Go https://dayzerosec.com/podcast/another-kernel-tipc-bug-mysql-and-buggy-go.html
DAY[0]
Another Kernel TIPC Bug, MySQL, and Buggy Go
This week we discuss taint analysis and where to use it compared with fuzzing, a couple buggy code patterns in Go to be on the lookout for, and another remote stack-overflow in the Kernel TIPC module.
A technique to semi-automatically discover new vulnerabilities in WordPress plugins https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
kazet.cc
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
How to semi-automatically find vulnerabilities in WordPress plugins installed on about 15 million websites.
interesting report » DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/dosfuscation-report.pdf
Dynamically extracting the encryption key from a simple ransomware https://0x00sec.org/t/dynamically-extracting-the-encryption-key-from-a-simple-ransomware/28379
0x00sec - The Home of the Hacker
Dynamically extracting the encryption key from a simple ransomware
recently I’ve played ransomware101 room in secdojo website where I was given a windows box that has a flag ecrypted by a ransomware, and I had to figure out the decryption key to recover it, the ransomware key generation function worked like the following:…
Good reading about the Morris worm (1988) » "Crisis and Aftermath" https://www.cs.cmu.edu/~dga/15-712/F14/papers//Spafford89.pdf
CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection https://castilho101.github.io/posts/cve-2022-0478-woocommerce-event-manager-plugin-sql-injection/
castilho101.github.io
CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection | castilho
In this writeup, I will be going through how I found an Authenticated (sad) SQL Injection in the WooCommerce Event-Manager Wordpress Plugin. I will be going through the whole process, from the beginning of why I chose this plugin, to how a simple mistake…
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/
Forensic Analysis Of Xiaomi IoT Ecosystem https://www.forensicfocus.com/webinars/forensic-analysis-of-xiaomi-iot-ecosystem/
Forensic Focus
Forensic Analysis Of Xiaomi IoT Ecosystem - Forensic Focus
Good evening. My name is Evangelos Dragonas and today we’ll talk about the Forensic Analysis of Xiaomi IoT Ecosystem. Before ... Read more
CVE-2021-36260 Technical Analysis https://attackerkb.com/topics/mb8q72U2LT/cve-2021-36260/rapid7-analysis
AttackerKB
CVE-2021-36260 | AttackerKB
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability…
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/
Check Point Research
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies - Check Point Research
Research by: Aliaksandr Trafimchuk, Raman Ladutska This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where we provided an overview of the Trickbot infrastructure after…
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far) https://www.cyberark.com/resources/blog/hermeticwiper-what-we-know-about-new-malware-targeting-ukrainian-infrastructure-thus-far
Cyberark
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...
BGP Security in 2021 https://www.manrs.org/2022/02/bgp-security-in-2021/
Introducing a community-driven advisory database for third-party software dependencies https://about.gitlab.com/blog/2022/02/16/a-community-driven-advisory-database/
GitLab
Introducing a community-driven advisory database for third-party software dependencies
The advisory data can be readily adopted, adapted, and exchanged. Learn more here.
Linux kernel Use-After-Free (CVE-2021-23134) PoC https://ruia-ruia.github.io/NFC-UAF/
Command line fuzzer and bruteforcer 🌪 wfuzz for command https://github.com/ariary/cfuzz
GitHub
GitHub - ariary/cfuzz: Command line fuzzer and bruteforcer 🌪 wfuzz for command
Command line fuzzer and bruteforcer 🌪 wfuzz for command - ariary/cfuzz
Scaling Dumb Fuzzing with Kubernetes https://www.archcloudlabs.com/projects/dumb_fuzzing/
Arch Cloud Labs
Scaling Dumb Fuzzing with Kubernetes
About The Project The e-zine tmp.out focuses on ELF/Linux related research in a style of Phrack. After reading an article on fuzzing radare2 for 0days in 30 lines of code, I thought it would be a fun weekend project to extend this research, and port their…
Angler Exploitation Kit Infection 2 — Malware Traffic Analysis https://infosecwriteups.com/angler-exploitation-kit-infection-2-malware-traffic-analysis-d4fc6ce8790b
Medium
Angler Exploitation Kit Infection 2 — Malware Traffic Analysis
In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…
Qbot and Zerologon Lead To Full Domain Compromise https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
The DFIR Report
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware. Soon after execution of the Qbot paylo…