Angler Exploitation Kit Infection 2 — Malware Traffic Analysis https://infosecwriteups.com/angler-exploitation-kit-infection-2-malware-traffic-analysis-d4fc6ce8790b
Medium
Angler Exploitation Kit Infection 2 — Malware Traffic Analysis
In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…
Qbot and Zerologon Lead To Full Domain Compromise https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
The DFIR Report
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware. Soon after execution of the Qbot paylo…
RCE 0-day for GhostScript 9.50 - Payload generator https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
GitHub
GitHub - duc-nt/RCE-0-day-for-GhostScript-9.50: RCE 0-day for GhostScript 9.50 - Payload generator
RCE 0-day for GhostScript 9.50 - Payload generator - duc-nt/RCE-0-day-for-GhostScript-9.50
Maat: Symbolic execution made easy https://blog.trailofbits.com/2022/02/23/maat-symbolic-execution-made-easy/
The Trail of Bits Blog
Maat: Symbolic execution made easy
We have released Maat, a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. It provides common symbolic execution capabilities such as dynamic symbolic execution (DSE), taint analysis, binary instrumentation, environment simulation…
Automating bug bounties https://www.benteveo.kiwi/blog/automating-bug-bounties
COM asynchronous interfaces, part 8: Asynchronous release, the problems https://devblogs.microsoft.com/oldnewthing/20220223-00/?p=106282
The Old New Thing
COM asynchronous interfaces, part 8: Asynchronous release, the problems
If you don't need something any more, then you usually don't really care when it gets taken away.
How to Decrypt the Files Encrypted by the Hive Ransomware https://lifars.com/2022/02/how-to-decrypt-the-files-encrypted-by-the-hive-ransomware/
LIFARS, a SecurityScorecard company
How to Decrypt the Files Encrypted by the Hive Ransomware
South Korean researchers published an academic paper that presents a method to decrypt the files encrypted by the Hive Ransomware . This article How to Decrypt the Files Encrypted by the Hive Ransomware
A tale of EDR bypass methods https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
s3cur3th1ssh1t.github.io
A tale of EDR bypass methods | S3cur3Th1sSh1t
In a time full of ransomware as well as Advanced persistent Thread (APT) incidents the importance of detecting those attacking groups has become increasingly...
ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.zerodayinitiative.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref
Zero Day Initiative
Zero Day Initiative — ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
You can find me on Twitter at @HexKitchen , and follow the team for the latest in exploit techniques and security patches.
We have a new PhD on the team! Congratulations to Dr. Martín-Pérez, good luck and much success in the future! 👨🎓👏👏👏 https://twitter.com/RicardoJRdez/status/1506959040051564545
Twitter
Ricardo J. Rodríguez
Last Tuesday Miguel Martín-Pérez successfully defended his doctoral thesis entitled "Effectiveness of Similarity Digest Algorithms for Binary Code Similarity in Memory Forensic Analysis". Congratulations Miguel for having come this far successfully and completing…
A Method for Decrypting Data Infected with Hive
Ransomware https://arxiv.org/pdf/2202.08477.pdf
Ransomware https://arxiv.org/pdf/2202.08477.pdf
Exploiting CVE-2021-26708 (Linux kernel) with sshd https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html
webOS Revisited - Even More Mistaken Identities https://blog.recurity-labs.com/2022-03-02/webOS_Pt2.html
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers https://www.kitploit.com/2022/03/litefuzz-multi-platform-fuzzer-for.html
KitPloit - PenTest & Hacking Tools
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers
Ukrainian Researcher Leaks Conti Ransomware Gang Data https://www.databreachtoday.com/ukrainian-researcher-leaks-conti-ransomware-gang-data-a-18620
Databreachtoday
Ukrainian Researcher Leaks Conti Ransomware Gang Data
A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
Conti Ransomware Group Diaries, Part I: Evasion
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
Why Am I Getting All These Notifications on my Phone? https://www.mcafee.com/blogs/other-blogs/mcafee-labs/why-am-i-getting-all-these-notifications-on-my-phone/
McAfee Blog
Why Am I Getting All These Notifications on my Phone? | McAfee Blog
Learn more about the Chrome notifications on Android mobile devices such as phones and tablets, and how McAfee Mobile Security protects users from malicious sites leveraging these notifications.
Abusing Kerberos Constrained Delegation without Protocol Transition https://snovvcrash.rocks/2022/03/06/abusing-kcd-without-protocol-transition.html
Escaping privileged containers for fun https://pwning.systems/posts/escaping-containers-for-fun/
pwning.systems
Escaping privileged containers for fun
Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really…