Exploiting a Use-After-Free for code execution in every version of Python 3 https://pwn.win/2022/05/11/python-buffered-reader.html
pwn.win
Exploiting a Use-After-Free for code execution in every version of Python 3
A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…
CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 1) https://labs.nettitude.com/blog/cve-2022-21972-windows-server-vpn-remote-kernel-use-after-free-vulnerability/
LRQA
CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 1)
CVE-2022-21972 is a Windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering the raspptp.sys kernel driver. The vulnerability is a race condition issue and can be reliably triggered through sending crafted input to a…
Talking with the Moon: Inside Apollo's premodulation processor https://www.righto.com/2022/05/talking-with-moon-inside-apollos.html
Righto
Talking with the Moon: Inside Apollo's premodulation processor
The Apollo missions to the Moon required complex hardware to communicate between Earth and the spacecraft, sending radio signals over hund...
DuplicateDump - Dumping LSASS With A Duplicated Handle From Custom LSA Plugin https://www.kitploit.com/2022/05/duplicatedump-dumping-lsass-with.html
KitPloit - PenTest & Hacking Tools
DuplicateDump - Dumping LSASS With A Duplicated Handle From Custom LSA Plugin
We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
SecureAuth
We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
NTLM relay is a well-known technique that has been with us for many years and never seems to go away.
Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
HTB: Fulcrum https://0xdf.gitlab.io/2022/05/11/htb-fulcrum.html
0xdf hacks stuff
HTB: Fulcrum
Fulcrum is a 2017 release that got a rebuild in 2022. It’s a Linux server with four websites, including one that returns Windows .NET error messages. I’ll exploit an API endpoint via XXE, and use that as an SSRF to get execution through a remote file include.…
Stealing Google Drive OAuth tokens from Dropbox https://blog.stazot.com/stealing-google-drive-oauth-tokens-from-dropbox/
Stazot
Sivanesh Ashok
Blog about bug bounty and infosec research
CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-22675.html
Ransomware simulator: Ransomware simulator written in Golang https://securityonline.info/ransomware-simulator-ransomware-simulator-written-in-golang/
Cybersecurity News
Ransomware simulator: Ransomware simulator written in Golang
The goal of Ransomware Simulator repository is to provide a simple, harmless way to check your AV's protection on ransomware.
Meta's SparkAR RCE Via ZIP Path Traversal https://blog.fadyothman.com/metas-sparkar/
Very good post, worth reading it » How Does a C Debugger Work? (GDB Ptrace/x86 example) https://blog.0x972.info/?d=2014/11/13/10/40/50-how-does-a-debugger-work
blog.0x972.info
How Does a C Debugger Work? (GDB Ptrace/x86 example) - (gdb) break *0x972
Debugging, GNU± Linux and WebHosting and ... and ...
Interesting paper for people in academia » "“Flawed, but like democracy we don’t have a better system”: The Experts’ Insights on the Peer Review Process of Evaluating Security Papers" (accepted in @IEEESSP) https://adamdoupe.com/publications/peer-review-process-oakland22.pdf
macOS Vulnerabilities Hiding in Plain Sight (BH Asia 2022 talk) https://www.blackhat.com/asia-22/briefings/schedule/#macos-vulnerabilities-hiding-in-plain-sight-26073
Blackhat
Black Hat Asia 2022
The downside of ‘debugging’ ransomware https://www.welivesecurity.com/2022/05/16/downside-debugging-ransomware/
Killnet cyber attacks against Italy and NATO countries https://sysdig.com/blog/killnet-italy-and-nato/
Sysdig
Killnet cyber attacks against Italy and NATO countries | Sysdig
The hacker group Killnet claimed the attacks against Italy. How it's possible to detect the activities of the Mirai botnet used through Falco
Operation RestyLink: APT campaign targeting Japanese companies https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies
Exploiting an Unbounded memcpy in Parallels Desktop
A Pwn2Own 2021 Guest-to-Host Virtualization Escape https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/
A Pwn2Own 2021 Guest-to-Host Virtualization Escape https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/
RET2 Systems Blog
Exploiting an Unbounded memcpy in Parallels Desktop
This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...