Industroyer2: Industroyer reloaded https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
WeLiveSecurity
Industroyer2: Industroyer reloaded
ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware that we've named Industroyer2.
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/
Microsoft News
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated…
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Akamai
Remote Code Execution Vulnerabilities in RPC | Akamai Blog | Akamai
Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-24492 and CVE-2022-24528…
Blinding Snort: Breaking the Modbus OT Preprocessor https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
Claroty
Blinding Snort IDS/IPS: Breaking the Modbus OT Preprocessor
Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.
365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments https://www.kitploit.com/2022/04/365inspect-powershell-script-that.html
KitPloit - PenTest & Hacking Tools
365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments
Turncoat: Tool For Enumerating Telegram Bot Secret Messages https://github.com/DODC/turncoat
GitHub
GitHub - DODC/turncoat
Contribute to DODC/turncoat development by creating an account on GitHub.
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
The GitHub Blog
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read…
Use-After-Free Exploit in HackSysExtremeVulnerableDriver https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
The Anti-VM trick that is kinda… personal https://www.hexacorn.com/blog/2022/04/16/the-anti-vm-trick-that-is-kinda-personal/
Diving Deeper into WatchGuard Pre-Auth RCE - CVE-2022-26318 https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
THCon 2k22 CTF – “Local Card Maker” Writeup https://lewin.co.il/thcon-2k22-ctf-local-card-maker-writeup/
Guy Lewin’s Blog
THCon 2k22 CTF - “Local Card Maker” Writeup
I participated in THCon 2k22 CTF and amongst the incredible “web” challenges - my favorite was “Local Card Maker” (made by jrjgjk). In this post I’ll describe the challenge and my step-by-step solution.
Implementing Global Injection and Hooking in Windows https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
M417Z
Implementing Global Injection and Hooking in Windows
A couple of weeks ago, Windhawk, the customization marketplace for Windows programs, was released. You can read the announcement for more details and for the motivation behind creating it. In this post, I’ll focus on my journey in implementing the technical…
A blueprint for evading industry leading endpoint protection in 2022 https://vanmieghem.io/blueprint-for-evading-edr-in-2022/
Vincent Van Mieghem
A blueprint for evading industry leading endpoint protection in 2022
Bypassing CrowdStrike and Microsoft Defender for Endpoint
CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
Tough Times for Ukrainian Honeypot? https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tough-times-for-ukrainian-honeypot/
Trustwave
Tough Times for Ukrainian Honeypot?
I’ve always been fascinated by wireless communications. The ability to launch seemingly invisible packets of information up into the air without even the need to consider aerodynamics itself seems like some kind of magic.
CVE-2022-21449: Psychic Signatures in Java
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Neil Madden
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…
Investigating an engineering workstation – Part 2
https://blog.nviso.eu/2022/03/30/investigating-an-engineering-workstation-part-2/
https://blog.nviso.eu/2022/03/30/investigating-an-engineering-workstation-part-2/
NVISO Labs
Investigating an engineering workstation – Part 2
In this second post we will focus on specific evidence written by the TIA Portal. As you might remember, in the first part we covered standard Windows-based artefacts regarding execution of the TIA…