webOS Revisited - Even More Mistaken Identities https://blog.recurity-labs.com/2022-03-02/webOS_Pt2.html
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers https://www.kitploit.com/2022/03/litefuzz-multi-platform-fuzzer-for.html
KitPloit - PenTest & Hacking Tools
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers
Ukrainian Researcher Leaks Conti Ransomware Gang Data https://www.databreachtoday.com/ukrainian-researcher-leaks-conti-ransomware-gang-data-a-18620
Databreachtoday
Ukrainian Researcher Leaks Conti Ransomware Gang Data
A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
Conti Ransomware Group Diaries, Part I: Evasion
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
Why Am I Getting All These Notifications on my Phone? https://www.mcafee.com/blogs/other-blogs/mcafee-labs/why-am-i-getting-all-these-notifications-on-my-phone/
McAfee Blog
Why Am I Getting All These Notifications on my Phone? | McAfee Blog
Learn more about the Chrome notifications on Android mobile devices such as phones and tablets, and how McAfee Mobile Security protects users from malicious sites leveraging these notifications.
Abusing Kerberos Constrained Delegation without Protocol Transition https://snovvcrash.rocks/2022/03/06/abusing-kcd-without-protocol-transition.html
Escaping privileged containers for fun https://pwning.systems/posts/escaping-containers-for-fun/
pwning.systems
Escaping privileged containers for fun
Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really…
CVE-2022-22947: SpEL Casting and Evil Beans https://wya.pl/2022/02/26/cve-2022-22947-spel-casting-and-evil-beans/
epagneul v0.4.1 releases: visualize and investigate windows event logs https://securityonline.info/epagneul-visualize-and-investigate-windows-event-logs/
Optimizing a smart contract fuzzer https://blog.trailofbits.com/2022/03/02/optimizing-a-smart-contract-fuzzer/
The Trail of Bits Blog
Optimizing a smart contract fuzzer
During my winternship, I applied code analysis tools, such as GHC’s Haskell profiler, to improve the efficiency of the Echidna smart contract fuzzer. As a result, Echidna is now over six times faster! Echidna overview To use Echidna, users provide smart contracts…
Do you want to know what things can be recovered from memory in Telegram Desktop? Take a look at our latest post, a contribution from Pedro Fernández-Álvarez, member of our research team https://reversea.me/index.php/recovering-data-from-the-memory-of-telegram-desktop-and-other-im-applications/
It is a brief summary of our work that will be presented tomorrow at DFRWS EU 2022 tomorrow by Pedro. You can now read our full article at https://doi.org/10.1016/j.fsidi.2022.301342, enjoy the reading! :)
The perils of the “real” client IP https://adam-p.ca/blog/2022/03/x-forwarded-for/
Good file… (What is it good for) Part 1 https://www.hexacorn.com/blog/2022/03/04/good-file-what-is-it-good-for-part-1/
Anti-UPX Unpacking Technique https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html
JPCERT/CC Eyes
Anti-UPX Unpacking Technique - JPCERT/CC Eyes
Malware targeting Windows OS (PE format) has a variety of obfuscation and packing techniques in place so that they complicate the code analysis processes. On the other hand, there are only a few types of packing techniques for Linux-targeting malware...
2021 Year In Review https://thedfirreport.com/2022/03/07/2021-year-in-review/
The DFIR Report
2021 Year In Review
As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look at some of the top tactics, techniques and procedures (TT…
Finding 0day in Apache APISIX During CTF (CVE-2022-24112) https://www.youtube.com/watch?v=yrCXamnX9No
YouTube
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution…
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution…
Backdooring WordPress using PyShell https://blog.wpsec.com/backdooring-wordpress-using-pyshell/
WPSec
Backdooring WordPress using PyShell - WPSec
PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little…
The Dirty Pipe Vulnerability https://dirtypipe.cm4all.com/
TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices https://www.armis.com/research/tlstorm/
Armis
TLStorm
Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.