How expensive is PssCaptureSnapshot? How fast is it? How much memory does it consume? https://devblogs.microsoft.com/oldnewthing/20220314-00/?p=106346
The Old New Thing
How expensive is PssCaptureSnapshot? How fast is it? How much memory does it consume?
Think of it as a copy-on-write copy, like the Volume Snapshot Service.
Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847) https://redhuntlabs.com/blog/the-dirty-pipe-vulnerability.html
RedHunt Labs
Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
CVE-2022-0847 dubbed the "Dirty Pipe", is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze it in depth.
The Discovery and Exploitation of CVE-2022-25636 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
nickgregory.me
The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory
Security research, programming, and more.
Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
www.esper.io
Exploring the Archived APKs Powering Android’s New App Archiving Feature
Android's new app archiving feature can save loads of storage space thanks to a new archived APK file. Here's how it all works.
Reversing Common Obfuscation Techniques https://ferib.dev/blog.php?l=post/Reversing_Common_Obfuscation_Techniques&t=t
CVE-2022-0847 Vulnerability in Linux Kernel Can Be Used To Root Android https://securityonline.info/dirty-pipe-vulnerability-in-linux-kernel-can-be-used-to-root-android/
Cybersecurity News
CVE-2022-0847 Vulnerability in Linux Kernel Can Be Used To Root Android
CVE-2022-0847 has been used to successfully gain root privileges on Google Pixel 6 Pro and Samsung Galaxy S22 running the latest Android version
CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel https://securelist.com/cve-2022-0847-aka-dirty-pipe-vulnerability-in-linux-kernel/106088
Securelist
Notes on CVE-2022-0847 (Dirty Pipe) vulnerability
Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts.
🤔🤔 » "If you want cyber peace, prepare for cyber war" https://www.afr.com/technology/if-you-want-cyber-peace-prepare-for-cyber-war-20220311-p5a3tq
Australian Financial Review
If you want cyber peace, prepare for cyber war
When it comes to cyber-disruption, the Russians are undisputed masters; not least because they’ve had a lot of practice over the past decade.
In 2015, the Russian hacking group Sandworm turned out the lights in Western Ukraine in the first ever power outage…
In 2015, the Russian hacking group Sandworm turned out the lights in Western Ukraine in the first ever power outage…
NSA, CISA release Kubernetes Hardening Guidance https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/
National Security Agency/Central Security Service
NSA, CISA release Kubernetes Hardening Guidance
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/
Microsoft News
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure. In this blog, we share the analysis of this method and provide insights on how attackers gain access…
Anatomy of the Process Environment Block (PEB) (Windows Internals) https://ntopcode.wordpress.com/2018/02/26/anatomy-of-the-process-environment-block-peb-windows-internals/
Opcode
Anatomy of the Process Environment Block (PEB) (Windows Internals)
The Process Environment Block (PEB) is a wonderful thing, and I’d be lying if I told you that I didn’t love it. It has been present in Windows since the introduction of the Win2k (Windows 2000) and…
CVE-2022-25636: heap out-of-bounds write, related to nf_tables_offload https://github.com/Bonfee/CVE-2022-25636
GitHub
GitHub - Bonfee/CVE-2022-25636: CVE-2022-25636
CVE-2022-25636. Contribute to Bonfee/CVE-2022-25636 development by creating an account on GitHub.
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) https://research.nccgroup.com/2022/03/15/technical-advisory-apple-macos-xar-arbitrary-file-write-cve-2022-22582/
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1) https://connormcgarr.github.io/type-confusion-part-1/
Connor McGarr’s Blog
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
End-to-end ‘modern’ browser exploitation on Windows beginning with configuring a browser exploitation environment, exploring JavaScript intrinsics, and understanding type confusion vulnerabilities.
iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition] https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
martabyte
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will…
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O https://sysdig.com/blog/cve-2022-0811-cri-o/
Sysdig
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O – Sysdig
Learn how CVE-2022-0811, cr8escape, in CRI-O can lead to arbitrary code execution in Kubernetes and Openshift. Also how to detect & mitigate.
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis) https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
Medium
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
As you may know, Oracle Access Manager (OAM) is a popular SSO product used by many big corp such as Oracle, VMware, Huawei, Qualcomm, …
Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code https://github.com/Rog3rSm1th/Frelatage
GitHub
GitHub - Rog3rSm1th/frelatage: Coverage-based fuzzer for python applications
Coverage-based fuzzer for python applications. Contribute to Rog3rSm1th/frelatage development by creating an account on GitHub.
Reversing Raw Binary Firmware Files in Ghidra https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520
Gist
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra - 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
New Unix rootkit used to steal ATM banking data https://www.bleepingcomputer.com/news/security/new-unix-rootkit-used-to-steal-atm-banking-data/
BleepingComputer
New Unix rootkit used to steal ATM banking data
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.