Android Pentesting Setup On Macbook M1 https://infosecwriteups.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
Medium
Android Pentesting Setup On Macbook M1
Hello hackers,
Abusing LargePageDrivers to copy shellcode into valid kernel modules https://vollragm.github.io/posts/abusing-large-page-drivers/
VollRagm
Abusing LargePageDrivers to copy shellcode into valid kernel modules
Introduction Most people in the game hacking community write their kernel-mode drivers to get around kernel-level anti-cheats such as EasyAntiCheat. However, those anti-cheats have several methods to detect cheat drivers. The most commonly used way to load…
Bypassing SSL pinning on Android Flutter Apps with Ghidra https://raphaeldenipotti.medium.com/bypassing-ssl-pinning-on-android-flutter-apps-with-ghidra-77b6e86b9476
Medium
Bypassing SSL pinning on Android Flutter Apps with Ghidra
TL-DR
Beetlebug: open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters https://github.com/hafiz-ng/Beetlebug
GitHub
GitHub - hafiz-ng/Beetlebug: Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration…
Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters. - hafiz-ng/Beetlebug
Chief Information Security Officer (CISO) Workshop Training https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
Docs
The Chief Information Security Officer (CISO) Workshop
The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles.
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Akamai
Remote Code Execution Vulnerabilities in RPC | Akamai Blog | Akamai
Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
Privilege Escalation to SYSTEM in AWS VPN Client https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
Rhino Security Labs
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation.
Tarrask malware uses scheduled tasks for defense evasion https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
Microsoft News
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks,…
CVE-2022-0354: Local Privilege Escalation
Lenovo Commercial Vantage Tool https://www.infosec.tirol/cve-2022-0354/
Lenovo Commercial Vantage Tool https://www.infosec.tirol/cve-2022-0354/
Writing a Mutation Engine and breaking Aimware https://back.engineering/13/04/2022/
Obfuscated obfuscation https://blog.lexfo.fr/dexguard.html
Windows Ports, Protocols, and System Services https://social.technet.microsoft.com/wiki/contents/articles/1772.windows-ports-protocols-and-system-services.aspx
The big idea: should we get rid of the scientific paper? https://www.theguardian.com/books/2022/apr/11/the-big-idea-should-we-get-rid-of-the-scientific-paper
the Guardian
The big idea: should we get rid of the scientific paper?
As a format it’s slow, encourages hype, and is difficult to correct. A radical overhaul of publishing could make science better
Industroyer2: Industroyer reloaded https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
WeLiveSecurity
Industroyer2: Industroyer reloaded
ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware that we've named Industroyer2.
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/
Microsoft News
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated…
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Akamai
Remote Code Execution Vulnerabilities in RPC | Akamai Blog | Akamai
Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-24492 and CVE-2022-24528…
Blinding Snort: Breaking the Modbus OT Preprocessor https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
Claroty
Blinding Snort IDS/IPS: Breaking the Modbus OT Preprocessor
Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.