Ransomware Spotlight: Hive https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-hive
Trendmicro
Ransomware Spotlight: Hive
Hive ransomware is one of the new ransomware families in 2021 that poses significant challenges to enterprises worldwide. We take an in-depth look at the ransomware group’s operations and discuss how organizations can bolster their defenses against it.
An Exercise in Dynamic Analysis: Analyzing the PayloadRestrictions.dll Export Address Filtering https://windows-internals.com/an-exercise-in-dynamic-analysis/
Video of the talk "Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols" at @BlueHatIL https://youtu.be/vfb-bH_HaW4
YouTube
BlueHat IL 2022 - Antonio Cocomazzi & Andrea Pierini - Relaying to Greatness
Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask https://github.com/xepor/xepor
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
[QuickNote] Analysis of Pandora ransomware https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/
0day in {REA_TEAM}
[QuickNote] Analysis of Pandora ransomware
FOREWORD: Pandora’s code looks very weird and obfuscate complicated, so this analysis does not cover all its functions.I’m not a crypto expert, so I won’t dive into Pandora’…
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
Zero Day Initiative
Zero Day Initiative — Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
We would like to thank researcher Abdelhamid Naceri for his great work in developing these exploit techniques, as well as for the vulnerabilities he has been reporting to our program. We look forward to seeing more from him in the future. Until then, follow…
Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps https://www.techrepublic.com/article/log4j-postmortem-developers-are-taking-a-hard-look-at-software-supply-chain-security-gaps/
TechRepublic
Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps
Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work?
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector https://www.dragos.com/blog/industry-news/suspected-conti-ransomware-activity-in-the-auto-manufacturing-sector/
Dragos
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Dragos is observing evidence of multiple automotive manufacturers compromised by Emotet. A malware strain & a cybercrime operation.
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms https://www.darkreading.com/attacks-breaches/russian-state-sponsored-hackers-behind-epic-trisis-attack-indicted-for-targeting-energy-firms
Dark Reading
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms
Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US.
Fake e‑shops on the prowl for banking credentials using Android malware https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
WeLiveSecurity
Fake e‑shops on the prowl for banking credentials using Android malware
ESET researchers have analyzed three malicious Android apps that attempt to steal their login credentials.from the customers of eight Malaysian banks.
My first fuzzy finding: Busyloop in curl https://nyget.in/2022/03/28/my-first-fuzzy-finding-busyloop-in-curl/
Nygetin Paikka | The Place of the Nygetti
My first fuzzy finding: Busyloop in curl
I tend to find ways of occupying myself with new exciting things. It might be a new language I try to learn to speak (not much success there), a new instrument I try to learn to play (I have no mus…
[oss-security] Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak https://lwn.net/ml/oss-security/[email protected]/
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
David's Blog
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables
Analysis and exploitation of Linux kernel vulnerabilities CVE-2022-1015 and CVE-2022-1016. I talk about how I found these vulnerabilities, explain the internals of nf_tables and come up with an local privilege escalation exploitation strategy.
Rip Raw: analyse the memory of compromised Linux systems https://securityonline.info/rip-raw-analyse-the-memory-of-compromised-linux-systems/
Cybersecurity News
Rip Raw: analyse the memory of compromised Linux systems
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor
Defeating KASLR in modern operating systems https://medium.com/csg-govtech/defeating-kaslr-in-modern-operating-systems-f0d441c21b6c
Medium
Defeating KASLR in modern operating systems
Journey through this post to see how KASLR was previously bypassed on Windows 10, as well as tips on how to look for such bypasses
Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness https://h0mbre.github.io/Fuzzing-Like-A-Caveman-6/
The Human Machine Interface
Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness
Introduction It’s been a while since I’ve done one of these, and one of my goals this year is to do more so here we are. A side project of mine is kind of reaching a good stopping point so I’ll have more free-time to do my own research and blog again. Looking…
Digital Forensics Basics: A Practical Guide for Kubernetes DFIR https://sysdig.com/blog/guide-kubernetes-forensics-dfir/
Complete dissection of an APK with a suspicious C2 Server https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/