LTrack: Stealthy Tracking of Mobile Phones in LTE https://www.usenix.org/conference/usenixsecurity22/presentation/kotuliak
Speek: Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications https://github.com/Speek-App/Speek
GitHub
GitHub - Speek-App/Speek: Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications
Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications - Speek-App/Speek
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
Splunk
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed | Splunk
With the release of SURGe's new ransomware research, Splunker Shannon Davis shares a closer look into measuring how fast ransomware encrypts files.
Leveraging Intel DCI for Memory Forensics https://www.forensicfocus.com/webinars/leveraging-intel-dci-for-memory-forensics/
Forensic Focus
Leveraging Intel DCI for Memory Forensics - Forensic Focus
Hello, and welcome to my DFRWS US 2021 talk about leveraging Intel DCI for memory forensics. My name is Tobias ... Read more
Heap Overflow in OpenBSD's slaacd via Router Advertisement https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Quarkslab's blog
Heap Overflow in OpenBSD's slaacd via Router Advertisement
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL…
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Racing against the clock -- hitting a tiny kernel race window https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html
projectzero.google
Racing against the clock -- hitting a tiny kernel race window - Project Zero
TL;DR: How to make a tiny kernel race window really large even on kernels without CONFIG_PREEMPT:use a cache miss to widen the race window a little bit...
Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
Medium
Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
How I found various vulnerabilities and chained some of the vulnerabilities into an unauthenticated command execution in NETGEAR WAC124.
What to look for when reviewing a company's infrastructure
https://www.marcolancini.it/2022/blog-cloud-security-infrastructure-review/
https://www.marcolancini.it/2022/blog-cloud-security-infrastructure-review/
Operation Dragon Castling: APT group targeting betting companies https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
Gendigital
Operation Dragon Castling: APT group targeting betting companies
APT Targets Betting Firms Clandestinely
zer0pts ctf 2022 - Flag Checker https://suvaditya.one/blog/zer0pts-flag-checker/
x0r19x91
zer0pts ctf 2022 - Flag Checker
Writeup of reversing task Flag Checker
Cronos: Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation https://github.com/XaFF-XaFF/Cronos-Rootkit
GitHub
GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate…
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation. - GitHub - XaFF-XaFF/Cronos-Rootkit: Cronos is Windows 10/11 x64 rin...
APT Attack Using Word Files About Cryptocurrency (Kimsuky) https://asec.ahnlab.com/en/32958/
ASEC
APT Attack Using Word Files About Cryptocurrency (Kimsuky) - ASEC
APT Attack Using Word Files About Cryptocurrency (Kimsuky) ASEC
Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations https://www.mandiant.com/resources/mapping-dprk-groups-to-government
Google Cloud Blog
Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations | Mandiant | Google Cloud Blog
Mandiant believes North Korea's cyber capability supports political and national security priorities, as well as financial goals.
SunCrypt Ransomware Gains New Capabilities in 2022 https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Rapid7
Managed Threat Complete Solution - Rapid7
Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.
Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer https://sysdig.com/blog/detect-okta-logs-falco-sysdig/
Sysdig
Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer
Sysdig has released the following binaries that will allow us to collect Okta events and using Falco OOTB rules to detect suspicious activity
Mining data from Cobalt Strike beacons https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
PHP filter_var shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/
pwning.systems
PHP filter_var shenanigans
It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug!
Introduction to CSRF: How can a cookie get you hacked? (1/2) https://systemweakness.com/introduction-to-csrf-how-can-a-cookie-get-you-hacked-1-2-d34e0a0e6319
Medium
Introduction to CSRF: How can a cookie get you hacked? (1/2)
“We use cookies to enhance your browsing experience, by clicking ACCEPT ALL you consent to our use of cookies”
Forensics tool for NTFS (parser, mft, bitlocker, deleted files) https://github.com/thewhiteninja/ntfstool
GitHub
GitHub - thewhiteninja/ntfstool: Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
Forensics tool for NTFS (parser, mft, bitlocker, deleted files) - GitHub - thewhiteninja/ntfstool: Forensics tool for NTFS (parser, mft, bitlocker, deleted files)