CVE-2021-36260 Technical Analysis https://attackerkb.com/topics/mb8q72U2LT/cve-2021-36260/rapid7-analysis
AttackerKB
CVE-2021-36260 | AttackerKB
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability…
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/
Check Point Research
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies - Check Point Research
Research by: Aliaksandr Trafimchuk, Raman Ladutska This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where we provided an overview of the Trickbot infrastructure after…
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far) https://www.cyberark.com/resources/blog/hermeticwiper-what-we-know-about-new-malware-targeting-ukrainian-infrastructure-thus-far
Cyberark
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...
BGP Security in 2021 https://www.manrs.org/2022/02/bgp-security-in-2021/
Introducing a community-driven advisory database for third-party software dependencies https://about.gitlab.com/blog/2022/02/16/a-community-driven-advisory-database/
GitLab
Introducing a community-driven advisory database for third-party software dependencies
The advisory data can be readily adopted, adapted, and exchanged. Learn more here.
Linux kernel Use-After-Free (CVE-2021-23134) PoC https://ruia-ruia.github.io/NFC-UAF/
Command line fuzzer and bruteforcer 🌪 wfuzz for command https://github.com/ariary/cfuzz
GitHub
GitHub - ariary/cfuzz: Command line fuzzer and bruteforcer 🌪 wfuzz for command
Command line fuzzer and bruteforcer 🌪 wfuzz for command - ariary/cfuzz
Scaling Dumb Fuzzing with Kubernetes https://www.archcloudlabs.com/projects/dumb_fuzzing/
Arch Cloud Labs
Scaling Dumb Fuzzing with Kubernetes
About The Project The e-zine tmp.out focuses on ELF/Linux related research in a style of Phrack. After reading an article on fuzzing radare2 for 0days in 30 lines of code, I thought it would be a fun weekend project to extend this research, and port their…
Angler Exploitation Kit Infection 2 — Malware Traffic Analysis https://infosecwriteups.com/angler-exploitation-kit-infection-2-malware-traffic-analysis-d4fc6ce8790b
Medium
Angler Exploitation Kit Infection 2 — Malware Traffic Analysis
In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…
Qbot and Zerologon Lead To Full Domain Compromise https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
The DFIR Report
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware. Soon after execution of the Qbot paylo…
RCE 0-day for GhostScript 9.50 - Payload generator https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
GitHub
GitHub - duc-nt/RCE-0-day-for-GhostScript-9.50: RCE 0-day for GhostScript 9.50 - Payload generator
RCE 0-day for GhostScript 9.50 - Payload generator - duc-nt/RCE-0-day-for-GhostScript-9.50
Maat: Symbolic execution made easy https://blog.trailofbits.com/2022/02/23/maat-symbolic-execution-made-easy/
The Trail of Bits Blog
Maat: Symbolic execution made easy
We have released Maat, a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. It provides common symbolic execution capabilities such as dynamic symbolic execution (DSE), taint analysis, binary instrumentation, environment simulation…
Automating bug bounties https://www.benteveo.kiwi/blog/automating-bug-bounties
COM asynchronous interfaces, part 8: Asynchronous release, the problems https://devblogs.microsoft.com/oldnewthing/20220223-00/?p=106282
The Old New Thing
COM asynchronous interfaces, part 8: Asynchronous release, the problems
If you don't need something any more, then you usually don't really care when it gets taken away.
How to Decrypt the Files Encrypted by the Hive Ransomware https://lifars.com/2022/02/how-to-decrypt-the-files-encrypted-by-the-hive-ransomware/
LIFARS, a SecurityScorecard company
How to Decrypt the Files Encrypted by the Hive Ransomware
South Korean researchers published an academic paper that presents a method to decrypt the files encrypted by the Hive Ransomware . This article How to Decrypt the Files Encrypted by the Hive Ransomware
A tale of EDR bypass methods https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
s3cur3th1ssh1t.github.io
A tale of EDR bypass methods | S3cur3Th1sSh1t
In a time full of ransomware as well as Advanced persistent Thread (APT) incidents the importance of detecting those attacking groups has become increasingly...
ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.zerodayinitiative.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref
Zero Day Initiative
Zero Day Initiative — ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
You can find me on Twitter at @HexKitchen , and follow the team for the latest in exploit techniques and security patches.
We have a new PhD on the team! Congratulations to Dr. Martín-Pérez, good luck and much success in the future! 👨🎓👏👏👏 https://twitter.com/RicardoJRdez/status/1506959040051564545
Twitter
Ricardo J. Rodríguez
Last Tuesday Miguel Martín-Pérez successfully defended his doctoral thesis entitled "Effectiveness of Similarity Digest Algorithms for Binary Code Similarity in Memory Forensic Analysis". Congratulations Miguel for having come this far successfully and completing…
A Method for Decrypting Data Infected with Hive
Ransomware https://arxiv.org/pdf/2202.08477.pdf
Ransomware https://arxiv.org/pdf/2202.08477.pdf
Exploiting CVE-2021-26708 (Linux kernel) with sshd https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html