Ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries https://syst3mfailure.io/ret2dl_resolve
ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries
In this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when it is possible to use this technique without a leak, and finally we will build our exploit.
Competing in Pwn2Own 2021 Austin: Icarus at the Zenith https://doar-e.github.io/blog/2022/03/26/competing-in-pwn2own-2021-austin-icarus-at-the-zenith/
doar-e.github.io
Competing in Pwn2Own 2021 Austin: Icarus at the Zenith
Sandboxing Antimalware Products for Fun and Profit https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/#
Advisory: DotCMS Remote Code Execution (CVE-2022-26352) https://blog.assetnote.io/2022/05/03/dotcms-rce-advisory/
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/stormous-the-pro-russian-clout-hungry-ransomware-gang-targets-the-us-and-ukraine/
Trustwave
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine | Trustwave
As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a politically motivated, pro-Russian ransomware group named Stormous.
Outlier Detection Techniques https://archive.siam.org/meetings/sdm10/tutorial3.pdf
Hacking a Bank by Finding a 0day in DotCMS https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
iBoot_firebloom: Introduction to Firebloom (iBoot) https://saaramar.github.io/iBoot_firebloom/
The curious case of mavinject.exe https://fourcore.io/blogs/mavinject-curious-process-injection
FourCore
The curious case of mavinject.exe
Mavinject, described as Microsoft Application Visualisation Injector, is a signed Microsoft executable that can be abused to perform arbitrary code injections inside any running process.
A Deep Dive into AvosLocker Ransomware https://cdn.pathfactory.com/assets/10555/contents/400686/13f4424c-05b4-46db-bb9c-6bf9b5436ec4.pdf
Android 13’s new sideloading restriction makes it harder for malware to abuse Accessibility APIs https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Trend Micro
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.
A guide covering Digital Forensics (DF) the applications, libraries and tools that will make you a better and more efficient with DF development https://github.com/mikeroyal/Digital-Forensics-Guide
GitHub
GitHub - mikeroyal/Digital-Forensics-Guide: Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile…
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics. - mikeroyal/Digital-Forensics-Guide
kdigger: A context discovery tool for Kubernetes penetration testing https://github.com/quarkslab/kdigger
GitHub
GitHub - quarkslab/kdigger: Kubernetes focused container assessment and context discovery tool for penetration testing
Kubernetes focused container assessment and context discovery tool for penetration testing - quarkslab/kdigger
Studying “Next Generation Malware” - NightHawk’s Attempt At Obfuscate and Sleep https://suspicious.actor/2022/05/05/mdsec-nighthawk-study.html
frida ios hook: easy trace classes, functions, and modify the return values of methods on iOS platform https://securityonline.info/frida-ios-hook/
Yours Truly, Signed AV Driver: Weaponizing an Antivirus Driver https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/
Interesting » From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities https://claroty.com/2022/05/04/blog-research-from-kbs-to-cves-understanding-the-relationships-between-windows-security-updates-and-vulnerabilities/
Claroty
From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities
Security vulnerabilities are regularly published by the dozens, and software vendors are in a constant race to issue updates that patch or mitigate them. This happens at an even faster pace in popular platforms that are appealing to researchers and attackers…
Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2022-1480
Anker Eufy Homebase 2 libxm_av.so getpeermac() authentication bypass vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2022-1479