The Android kernel mitigations obstacle race https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/
The GitHub Blog
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…
404 — File still found https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c
Medium
404 — File still found
In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…
CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Zero Day Initiative
Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…
Ransomware Group Debuts Searchable Victim Data https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
Krebs on Security
Ransomware Group Debuts Searchable Victim Data
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware…
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability
Cyberark
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...
A deal with the devil: Analysis of a recent Matanbuchus sample https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a
Medium
A deal with the devil: Analysis of a recent Matanbuchus sample
Technical analysis of the Matanbuchus malware with focus on network traffic and commands
CSRF leads to account takeover in Yahoo! https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93
webs3c
CSRF leads to account takeover in Yahoo!
Hi everyone! During my bug bounty journey I used to read numerous writings to learn different techniques and points of view when hunting. Most of the writings I read were from researchers who had managed to hack Yahoo!. It was because of this that I set…
iOS 16 - restricted Userclients https://saaramar.github.io/ios16_restricted_iouserclients/
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
Phishing awareness training: Help your employees avoid the hook https://www.welivesecurity.com/2022/06/21/phishing-awareness-training-help-employees-avoid-hook/
WeLiveSecurity
Phishing awareness training: Help your employees avoid the hook
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders.
Does Acrobat Reader Unload Injection of Security Products? https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
Minerva Labs
Does Acrobat Reader Unload Injection of Security Products?
Since March of 2022 we’ve seen a gradual uptick in Adobe Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL. The significant rise over the recent months has caught our attention as it is very…
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16 https://blog.securityonion.net/2022/06/quick-malware-analysis-matanbuchus-with.html
blog.securityonion.net
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/16/index.html We did a quick analysis of this ...
An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Investigating Windows LogFile https://forensafe.com/blogs/windowslogfile.html
The Importance of White-Box Testing: A Dive into CVE-2022-21662 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-importance-of-white-box-testing-a-dive-into-cve-2022-21662/
Levelblue
The Importance of White-Box Testing: A Dive into CVE-2022-21662
I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.
Hacking into the worldwide Jacuzzi SmartTub network https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/
Eaton-Works
Hacking into the worldwide Jacuzzi SmartTub network
Two vulnerable Jacuzzi SmartTub administration panels exposed worldwide customer data for multiple brands.
Zero Trust — A Layered Approach against cyber threats — Part II https://jads.blog/zero-trust-a-layered-approach-against-cyber-threats-part-ii-ac12a4200d60
Medium
Zero Trust — Part II: A Layered Approach against cyber threats
This article will serve as a follow up to the Zero Trust primer ‘Zero Trust — An Introduction’. In this second part of the series, we’ll…
Detection of in-memory stealth techniques https://twitter.com/alonsocandado/status/1538930739798056960 https://github.com/joe-desimone/patriot
Twitter
Great job Joe!!
Another way to detect this technique is monitoring dynamic code(+WX) using Microsoft-Windows-Threat-Intelligence provider with EtwTiLogProtectExecVm or hooking nt!NtProtectVirtualMemory via EPT.
Another way to detect this technique is monitoring dynamic code(+WX) using Microsoft-Windows-Threat-Intelligence provider with EtwTiLogProtectExecVm or hooking nt!NtProtectVirtualMemory via EPT.
use after free in skipwhite in vim/vim https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba/
Reverse Engineering an old Mario & Luigi game for fun https://cybergeeks.tech/reverse-engineering-an-old-mario-luigi-game-for-fun/