iOS 16 - restricted Userclients https://saaramar.github.io/ios16_restricted_iouserclients/
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
Phishing awareness training: Help your employees avoid the hook https://www.welivesecurity.com/2022/06/21/phishing-awareness-training-help-employees-avoid-hook/
WeLiveSecurity
Phishing awareness training: Help your employees avoid the hook
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders.
Does Acrobat Reader Unload Injection of Security Products? https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
Minerva Labs
Does Acrobat Reader Unload Injection of Security Products?
Since March of 2022 we’ve seen a gradual uptick in Adobe Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL. The significant rise over the recent months has caught our attention as it is very…
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16 https://blog.securityonion.net/2022/06/quick-malware-analysis-matanbuchus-with.html
blog.securityonion.net
Quick Malware Analysis: Matanbuchus with Cobalt Strike pcap from 2022-06-16
Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/16/index.html We did a quick analysis of this ...
An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Blogspot
An Autopsy on a Zombie In-the-Wild 0-day
Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding t...
Investigating Windows LogFile https://forensafe.com/blogs/windowslogfile.html
The Importance of White-Box Testing: A Dive into CVE-2022-21662 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-importance-of-white-box-testing-a-dive-into-cve-2022-21662/
Levelblue
The Importance of White-Box Testing: A Dive into CVE-2022-21662
I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.
Hacking into the worldwide Jacuzzi SmartTub network https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/
Eaton-Works
Hacking into the worldwide Jacuzzi SmartTub network
Two vulnerable Jacuzzi SmartTub administration panels exposed worldwide customer data for multiple brands.
Zero Trust — A Layered Approach against cyber threats — Part II https://jads.blog/zero-trust-a-layered-approach-against-cyber-threats-part-ii-ac12a4200d60
Medium
Zero Trust — Part II: A Layered Approach against cyber threats
This article will serve as a follow up to the Zero Trust primer ‘Zero Trust — An Introduction’. In this second part of the series, we’ll…
Detection of in-memory stealth techniques https://twitter.com/alonsocandado/status/1538930739798056960 https://github.com/joe-desimone/patriot
Twitter
Great job Joe!!
Another way to detect this technique is monitoring dynamic code(+WX) using Microsoft-Windows-Threat-Intelligence provider with EtwTiLogProtectExecVm or hooking nt!NtProtectVirtualMemory via EPT.
Another way to detect this technique is monitoring dynamic code(+WX) using Microsoft-Windows-Threat-Intelligence provider with EtwTiLogProtectExecVm or hooking nt!NtProtectVirtualMemory via EPT.
use after free in skipwhite in vim/vim https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba/
Reverse Engineering an old Mario & Luigi game for fun https://cybergeeks.tech/reverse-engineering-an-old-mario-luigi-game-for-fun/
“DogWalk”, nueva vulnerabilidad 0-day para Windows https://unaaldia.hispasec.com/2022/06/dogwalk-nueva-vulnerabilidad-0-day-para-windows.html
Una al Día
“DogWalk”, nueva vulnerabilidad 0-day para Windows
Se ha descurbierto una nueva vulnerabilidad para los Sistemas operativos Windows, la cual se le ha asignado el nombre de “DogWalk”.
How to detect the containers’ escape capabilities with Falco https://sysdig.com/blog/container-escape-capabilities-falco-detection/
Sysdig
How to detect the containers’ escape capabilities with Falco | Sysdig
With a tool like Falco, it’s possible to detect when specific container capabilities like CAP_SYS_ADMIN are misused.
How to stop Firefox from spamming your proxy tools like Burp/Fiddler with “detectportal.firefox.com” https://iamyuthan.medium.com/how-to-stop-firefox-from-spamming-your-proxy-tools-like-burp-fiddler-with-detectportal-firefox-com-7db7ce1de9a0
Medium
How to stop Firefox from spamming your proxy tools like Burp/Fiddler with “detectportal.firefox.com”
Stop Firefox from sending requests to Burp & Fiddler to the host “detectportal.firefox.com” with 3 simple steps.
Exploring a New Class of Kernel Exploit Primitive https://msrc-blog.microsoft.com/2022/03/22/exploring-a-new-class-of-kernel-exploit-primitive/
Microsoft
Exploring a New Class of Kernel Exploit Primitive | MSRC Blog
| Microsoft Security Response Center
| Microsoft Security Response Center
The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel…
Hacking into WordPress themes for CVEs and Fun https://medium.com/pentesternepal/hacking-into-wordpress-themes-for-cves-and-fun-bdde6c834344
Medium
Hacking into WordPress themes for CVEs and Fun.
Hi there! I hope all is well with you. In this writeup, I’ll discuss about the research I did on a WordPress theme, which taught me a lot…
Magnet Forensics June 2022 CTF - Linux https://www.forgottennook.com/2022/06/magnet-june-2022-ctf-linux.html
Forgottennook
Magnet Forensics June 2022 CTF - Linux
This CTF was hosted by Magnet Forensics and was held on June 15, 2022, from 3 PM - 6 PM EST. Two datasets were provided - a Linux box and an...