Optimizing a smart contract fuzzer https://blog.trailofbits.com/2022/03/02/optimizing-a-smart-contract-fuzzer/
The Trail of Bits Blog
Optimizing a smart contract fuzzer
During my winternship, I applied code analysis tools, such as GHC’s Haskell profiler, to improve the efficiency of the Echidna smart contract fuzzer. As a result, Echidna is now over six times faster! Echidna overview To use Echidna, users provide smart contracts…
Do you want to know what things can be recovered from memory in Telegram Desktop? Take a look at our latest post, a contribution from Pedro Fernández-Álvarez, member of our research team https://reversea.me/index.php/recovering-data-from-the-memory-of-telegram-desktop-and-other-im-applications/
It is a brief summary of our work that will be presented tomorrow at DFRWS EU 2022 tomorrow by Pedro. You can now read our full article at https://doi.org/10.1016/j.fsidi.2022.301342, enjoy the reading! :)
The perils of the “real” client IP https://adam-p.ca/blog/2022/03/x-forwarded-for/
Good file… (What is it good for) Part 1 https://www.hexacorn.com/blog/2022/03/04/good-file-what-is-it-good-for-part-1/
Anti-UPX Unpacking Technique https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html
JPCERT/CC Eyes
Anti-UPX Unpacking Technique - JPCERT/CC Eyes
Malware targeting Windows OS (PE format) has a variety of obfuscation and packing techniques in place so that they complicate the code analysis processes. On the other hand, there are only a few types of packing techniques for Linux-targeting malware...
2021 Year In Review https://thedfirreport.com/2022/03/07/2021-year-in-review/
The DFIR Report
2021 Year In Review
As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look at some of the top tactics, techniques and procedures (TT…
Finding 0day in Apache APISIX During CTF (CVE-2022-24112) https://www.youtube.com/watch?v=yrCXamnX9No
YouTube
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution…
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution…
Backdooring WordPress using PyShell https://blog.wpsec.com/backdooring-wordpress-using-pyshell/
WPSec
Backdooring WordPress using PyShell - WPSec
PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little…
The Dirty Pipe Vulnerability https://dirtypipe.cm4all.com/
TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices https://www.armis.com/research/tlstorm/
Armis
TLStorm
Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.
The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341) https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
grsecurity.net
The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)
In this blog post, OSS Security Researcher Pawel Wieczorkiewicz shares his journey from trying to save one byte of code to the discovery of two new cases of Straight-Line-Speculation (SLS) which affect the Zen1 and Zen2 microarchitectures of AMD CPUs. Using…
biodiff: introduction https://www.williballenthin.com/post/2022-03-06-biodiff/
Put an io_uring on it: Exploiting the Linux Kernel https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
CVE-2022-0847: “Dirty Pipe” Linux Local Privilege Escalation https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig/
Sysdig
CVE-2022-0847: “Dirty Pipe” Linux Local Privilege Escalation
Local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” ID CVE-2022-0847.
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments https://www.mandiant.com/resources/apt41-us-state-governments
Google Cloud Blog
APT41 Targeting U.S. State Government Networks | Mandiant | Google Cloud Blog
We detail APT41's persistent effort that allowed them to successfully compromise at least 6 U.S. state government networks by exploiting vulnerable web apps.
Кібератака групи UAC-0051 (unc1151) на державні організації України з використанням шкідливої програми MicroBackdoor (CERT-UA#4109) https://cert.gov.ua/article/37626
cert.gov.ua
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
TeaBot is now spreading across the globe https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Cleafy
TeaBot is now spreading across the globe | Cleafy Labs
Since TeaBot first discovery in 2021, Cleafy's Threat Intelligence Team has been following this banking trojan's trails to understand how it acts against banks. To know more, read here our latest report.
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of https://research.checkpoint.com/2022/leaks-of-conti-ransomware-group-paint-picture-of-a-surprisingly-normal-tech-start-up-sort-of/
Check Point Research
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research
Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue; unlike your average neighborhood…
PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/
crowdstrike.com
PROPHET SPIDER Exploits Citrix ShareFile | CrowdStrike
Read our blog post to learn how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.