The curious case of mavinject.exe https://fourcore.io/blogs/mavinject-curious-process-injection
FourCore
The curious case of mavinject.exe
Mavinject, described as Microsoft Application Visualisation Injector, is a signed Microsoft executable that can be abused to perform arbitrary code injections inside any running process.
A Deep Dive into AvosLocker Ransomware https://cdn.pathfactory.com/assets/10555/contents/400686/13f4424c-05b4-46db-bb9c-6bf9b5436ec4.pdf
Android 13’s new sideloading restriction makes it harder for malware to abuse Accessibility APIs https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Trend Micro
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.
A guide covering Digital Forensics (DF) the applications, libraries and tools that will make you a better and more efficient with DF development https://github.com/mikeroyal/Digital-Forensics-Guide
GitHub
GitHub - mikeroyal/Digital-Forensics-Guide: Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile…
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics. - mikeroyal/Digital-Forensics-Guide
kdigger: A context discovery tool for Kubernetes penetration testing https://github.com/quarkslab/kdigger
GitHub
GitHub - quarkslab/kdigger: Kubernetes focused container assessment and context discovery tool for penetration testing
Kubernetes focused container assessment and context discovery tool for penetration testing - quarkslab/kdigger
Studying “Next Generation Malware” - NightHawk’s Attempt At Obfuscate and Sleep https://suspicious.actor/2022/05/05/mdsec-nighthawk-study.html
frida ios hook: easy trace classes, functions, and modify the return values of methods on iOS platform https://securityonline.info/frida-ios-hook/
Yours Truly, Signed AV Driver: Weaponizing an Antivirus Driver https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/
Interesting » From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities https://claroty.com/2022/05/04/blog-research-from-kbs-to-cves-understanding-the-relationships-between-windows-security-updates-and-vulnerabilities/
Claroty
From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities
Security vulnerabilities are regularly published by the dozens, and software vendors are in a constant race to issue updates that patch or mitigate them. This happens at an even faster pace in popular platforms that are appealing to researchers and attackers…
Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2022-1480
Anker Eufy Homebase 2 libxm_av.so getpeermac() authentication bypass vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2022-1479
Ursnif Malware Banks on News Events for Phishing Attacks https://blog.qualys.com/vulnerabilities-threat-research/2022/05/08/ursnif-malware-banks-on-news-events-for-phishing-attacks
Qualys
Ursnif Malware Banks on News Events for Phishing Attacks | Qualys
Ursnif (aka Gozi, Dreambot, ISFB) is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities.
Frelatage v0.1 releases: coverage-based Python fuzzing library https://securityonline.info/frelatage-coverage-based-python-fuzzing-library/
Penetration Testing
Frelatage v0.1 releases: coverage-based Python fuzzing library
Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The functioning of a fuzzing cycle can be roughly summarized
Learning Linux kernel exploitation - Part 1 - Laying the groundwork https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn-the-ropes/
Low-level adventures
Learning Linux kernel exploitation - Part 1 - Laying the groundwork
Table fo contents
Disclaimer: This post will cover basic steps to accomplish a privilege escalation based on a vulnerable driver. The basis for this introduction will be a challenge from the hxp2020 CTF called "kernel-rop". There's (obviously) write…
Disclaimer: This post will cover basic steps to accomplish a privilege escalation based on a vulnerable driver. The basis for this introduction will be a challenge from the hxp2020 CTF called "kernel-rop". There's (obviously) write…
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/
A new secret stash for “fileless” malware https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Securelist
A new secret stash for “fileless” malware
We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign.
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
Microsoft News
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware…