Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG https://a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html
Alexander Popov
Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
This is the follow-up to my research described in the article "Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel." My PoC exploit for CVE-2021-26708 had a very limited facility for privilege escalation, and I decided to continue my experiments…
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/
HP Wolf Security
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware, to learn more about cyber threats and cyber security.
How Secure is your Android Keystore Authentication ? https://labs.withsecure.com/blog/how-secure-is-your-android-keystore-authentication/
New Research Paper: Pre-hijacking Attacks on Web User Accounts https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
Beneath the surface: Uncovering the shift in web skimming https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/
Microsoft Security Blog
Beneath the surface: Uncovering the shift in web skimming | Microsoft Security Blog
Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems…
Follina — a Microsoft Office code execution vulnerability https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Medium
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:
Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG https://connormcgarr.github.io/hvci/
Connor McGarr’s Blog
Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).
Good summary about how IPv6 works https://repository.jisc.ac.uk/8349/1/janet-ipv6-technical-guide.pdf
Pwnton Pack: An Unlicensed 802.11 Particle Accelerator https://www.trustedsec.com/blog/pwnton-pack-an-unlicensed-802-11-particle-accelerator/
TrustedSec
Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
Unleash the Power of Wi-Fi Bustin' with the Pwnton Pack, a cutting-edge wireless assessment tool featuring integrated devices and a proprietary micro…
Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass) https://blog.assetnote.io/2022/05/27/understanding-cve-2022-22972-vmware-workspace-one-access/
Assetnote
Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
Application security issues found by Assetnote
Zero Day Vulnerability: Chromium v8 js engine issue 1303458 — Use After Free in x64 Instruction Optimization Vulnerability Analysis https://infosecwriteups.com/zero-day-vulnerability-chromium-v8-js-engine-issue-1303458-use-after-free-in-x64-instruction-e874419436a6
Medium
Zero Day Vulnerability: Chromium v8 js engine issue 1303458 — Use After Free in x64 Instruction…
Introduction
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform https://www.kitploit.com/2022/05/frida-ios-hook-tool-that-helps-you-easy.html
KitPloit - PenTest & Hacking Tools
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform
The BlackByte ransomware group is striking users all over the globe https://blog.talosintelligence.com/2022/05/the-blackbyte-ransomware-group-is.html
Cisco Talos Blog
The BlackByte ransomware group is striking users all over the globe
News summary
* Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam.
* The FBI released a joint cybersecurity advisory…
* Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam.
* The FBI released a joint cybersecurity advisory…
Arbitrary File Upload Tricks In Java https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/
Pyn3Rd
Arbitrary File Upload Tricks In Java
0x01 ForewordsRecently I see some discussions about arbitrary file upload in Java environment on Internet. The main takling points are how to bypass file name detection when uploading arbitrary file.
High-Throughput, Formal-Methods-Assisted Fuzzing for LLVM https://blog.regehr.org/archives/2148
WarzoneRAT Can Now Evade Detection With Process Hollowing https://www.uptycs.com/blog/warzonerat-can-now-evade-with-process-hollowing
Uptycs
WarzoneRAT Can Now Evade Detection With Process Hollowing
New discovery by the Uptycs Threat Research Team of WarzoneRAT malware samples and Process Injection/Hallowing technique implementation that enables the bypass of detections.
Scheduled Task Tampering https://labs.withsecure.com/blog/scheduled-task-tampering/
Issue 2272: libxml2: heap-buffer-overflow in xmlBufAdd https://bugs.chromium.org/p/project-zero/issues/detail?id=2272
Access Token Manipulation Part 0x01 https://xret2pwn.github.io/Access-Token-Part0x01/
RET2Pwn
Access Token Manipulation Part 0x01
Introduction