Hacking into WordPress themes for CVEs and Fun https://medium.com/pentesternepal/hacking-into-wordpress-themes-for-cves-and-fun-bdde6c834344
Medium
Hacking into WordPress themes for CVEs and Fun.
Hi there! I hope all is well with you. In this writeup, I’ll discuss about the research I did on a WordPress theme, which taught me a lot…
Magnet Forensics June 2022 CTF - Linux https://www.forgottennook.com/2022/06/magnet-june-2022-ctf-linux.html
Forgottennook
Magnet Forensics June 2022 CTF - Linux
This CTF was hosted by Magnet Forensics and was held on June 15, 2022, from 3 PM - 6 PM EST. Two datasets were provided - a Linux box and an...
BRATA Android Malware Gains Advanced Mobile Threat Capabilities https://thehackernews.com/2022/06/brata-android-malware-gains-advanced.html
Trend Micro Cloud App Security Threat Report 2021 https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-threat-report-2021
Trendmicro
Trend Micro Cloud App Security Threat Report 2021
In this report, we highlight the notable email threats of 2021, including over 33.6 million high-risk email threats (representing a 101% increase from 2020’s numbers) that we’ve detected using the Trend Micro Cloud App Security platform.
Managing risk in blockchain deployments https://blog.trailofbits.com/2022/06/24/managing-risk-in-blockchain-deployments/
The Trail of Bits Blog
Managing risk in blockchain deployments
Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies…
We're going on vacation, we'll be back in September. Have a good summer! https://media1.giphy.com/media/v1.Y2lkPWU4MjZjOWZjZDVoMmM0Y2Z2bjFnYmpldnc0dTI5YXUweWRkN3k0YzByMmNxdXBtYyZjdD1n/etn52ENYVnpxqMaXiT/200_s.gif
GIPHY
Pool Party Swimming GIF by The Dodo - Find & Share on GIPHY
For animal people.
Golang code review notes: Quick summary of some of the bug classes in Go https://www.elttam.com/blog/golang-codereview/
Elttam
Golang code review notes - elttam
elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed) https://www.rapid7.com/blog/post/2022/06/23/cve-2022-31749-watchguard-authenticated-arbitrary-file-read-write-fixed/
Rapid7
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed) | Rapid7 Blog
[BugTales] UnZiploc: From 0-click To Platform Compromise https://labs.taszk.io/articles/post/unziploc/
labs.taszk.io
[BugTales] UnZiploc: From 0-click To Platform Compromise
Exploring remote OTA interfaces on HarmonyOS/Android to get RCE using logic bugs
Exploiting vulnerabilities in iOS Application https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
Medium
Exploiting vulnerabilities in iOS Application
Hello Everyone, Here I’m going to share one of my findings which I got while enumerating iOS application, below are my findings and the…
The Sound of Malware https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-sound-of-malware.html
Trellix
The Sound of Malware
We have frequently used code comparisons and visualizations but would it be possible to compare malware samples using a more abstract technique? What about sound?
Notes on OpenSSL remote memory corruption https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
Guido Vranken
Notes on OpenSSL remote memory corruption
OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are n…
A Begginers All Inclusive Guide to ETW
https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
nice post » A Syscall Journey in the Windows Kernel https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
Exploiting Intel Graphics Kernel Extensions on macOS: A Pwn2Own 2021 Apple Safari Sandbox Escape https://blog.ret2.io/2022/06/29/pwn2own-2021-safari-sandbox-intel-graphics-exploit/
RET2 Systems Blog
Exploiting Intel Graphics Kernel Extensions on macOS
To escape the Safari sandbox for our Pwn2Own 2021 submission, we exploited a vulnerability in the Intel graphics acceleration kernel extensions (drivers) on ...
2022 0-day In-the-Wild Exploitation…so far https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html
Blogspot
2022 0-day In-the-Wild Exploitation…so far
Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”,...
Vulpes: Obfuscating Memory Regions with Timers https://mez0.cc/posts/vulpes-obfuscating-memory-regions/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus https://www.horizon3.ai/red-team-blog-cve-2022-28219/
Horizon3.ai
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
CVE-2022-28219 is an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory.