CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
Trend Micro
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Cado Discovers Denonia: The First Malware Specifically Targeting Lambda https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Darktrace
Solve Cloud Forensics at Scale
Darktrace has acquired Cado security, a cyber investigation and response solution provider and leader in cloud data capture and forensics.
Firewall analysis: A portable graph based approach
https://diablohorn.com/2022/04/09/firewall-analysis-a-portable-graph-based-approach/
https://diablohorn.com/2022/04/09/firewall-analysis-a-portable-graph-based-approach/
DiabloHorn
Firewall analysis: A portable graph based approach
Sometimes you are asked to perform a firewall analysis to determine if the configuration can be improved upon to reduce the ability for an attacker to move laterally through the network or identify…
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3) https://connormcgarr.github.io/type-confusion-part-3/
Connor McGarr’s Blog
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3)
Porting part 2’s ChakraCore exploit to Microsoft Edge while defeating ASLR, DEP, CFG, ACG, CIG, and other mitigations.
Introducing PacketStreamer: distributed packet capture for cloud-native platforms https://medium.com/deepfence-cloud-native-security/introducing-packetstreamer-distributed-packet-capture-for-cloud-native-platforms-3e7f9ac57ab1
Medium
Introducing PacketStreamer: distributed packet capture for cloud-native platforms
PacketStreamer is an open-source tool that captures network traffic from multiple remote sources concurrently and aggregates the data into…
zgrep, xzgrep: arbitrary-file-write vulnerability https://www.openwall.com/lists/oss-security/2022/04/08/2
Android Pentesting Setup On Macbook M1 https://infosecwriteups.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
Medium
Android Pentesting Setup On Macbook M1
Hello hackers,
Abusing LargePageDrivers to copy shellcode into valid kernel modules https://vollragm.github.io/posts/abusing-large-page-drivers/
VollRagm
Abusing LargePageDrivers to copy shellcode into valid kernel modules
Introduction Most people in the game hacking community write their kernel-mode drivers to get around kernel-level anti-cheats such as EasyAntiCheat. However, those anti-cheats have several methods to detect cheat drivers. The most commonly used way to load…
Bypassing SSL pinning on Android Flutter Apps with Ghidra https://raphaeldenipotti.medium.com/bypassing-ssl-pinning-on-android-flutter-apps-with-ghidra-77b6e86b9476
Medium
Bypassing SSL pinning on Android Flutter Apps with Ghidra
TL-DR
Beetlebug: open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters https://github.com/hafiz-ng/Beetlebug
GitHub
GitHub - hafiz-ng/Beetlebug: Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration…
Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters. - hafiz-ng/Beetlebug
Chief Information Security Officer (CISO) Workshop Training https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
Docs
The Chief Information Security Officer (CISO) Workshop
The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles.
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Akamai
Remote Code Execution Vulnerabilities in RPC | Akamai Blog | Akamai
Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
Privilege Escalation to SYSTEM in AWS VPN Client https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
Rhino Security Labs
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation.
Tarrask malware uses scheduled tasks for defense evasion https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
Microsoft News
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks,…
CVE-2022-0354: Local Privilege Escalation
Lenovo Commercial Vantage Tool https://www.infosec.tirol/cve-2022-0354/
Lenovo Commercial Vantage Tool https://www.infosec.tirol/cve-2022-0354/
Writing a Mutation Engine and breaking Aimware https://back.engineering/13/04/2022/
Obfuscated obfuscation https://blog.lexfo.fr/dexguard.html