Google CTF 2022 d8: From V8 Bytecode to Code Execution https://mem2019.github.io/jekyll/update/2022/07/03/Google-CTF.html
mem2019.github.io
Google CTF 2022 d8: From V8 Bytecode to Code Execution
This weekend I have played Google CTF with r3kapig. On the first day I tried the OCR challenge but failed to solve it, and on the second day I spent the whol...
From NtObjectManager to PetitPotam https://clearbluejar.github.io/posts/from-ntobjectmanager-to-petitpotam/
clearbluejar
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.
One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11 https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
WarCon 2022 – Modern Initial Access and Evasion Tactics https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics/
Automating binary vulnerability discovery with Ghidra and Semgrep https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
HN Security
HN Security Automating binary vulnerability discovery with Ghidra and Semgrep
Introducing new binary vulnerability research tools and methodology, based on custom Ghidra plugins and Semgrep.
Nice interesting discussion and research on forensics here » University of Adelaide's Dr. Matthew Sorell on Evidentiary Health Data at DFRWS-APAC 2022 https://www.forensicfocus.com/podcast/university-of-adelaides-dr-matthew-sorell-on-evidentiary-health-data-at-dfrws-apac-2022/
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules https://socfortress.medium.com/windows-registry-forensic-analysis-using-chainsaw-wazuh-agent-and-sigma-rules-40dbceba7201
Medium
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules
Introduction.
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
Intezer
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
OrBit is a new Linux malware that hijacks the execution flow, evading and gaining persistence to get remote access and steal information.
Exploring Token Members Part 2 https://jsecurity101.medium.com/exploring-token-members-part-2-2a09d13cbb3
Medium
Exploring Token Members Part 2
Introduction
Exploring SCCM by Unobfuscating Network Access Accounts https://blog.xpnsec.com/unobfuscating-network-access-accounts/
XPN InfoSec Blog
@_xpn_ - Exploring SCCM by Unobfuscating Network Access Accounts
In this post we'll explore just how SCCM uses its HTTP API to initialise a client, take a look at how Network Access Accounts are retrieved from SCCM, and see how we can decrypt these credentials without having to go anywhere near DPAPI.
Abusing forgotten permissions on computer objects in Active Directory https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
dirkjanm.io
Abusing forgotten permissions on computer objects in Active Directory
A while back, I read an interesting blog by Oddvar Moe about Pre-created computer accounts in Active Directory. In the blog, Oddvar also describes the option to configure who can join the computer to the domain after the object is created. This sets an interesting…
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) https://worthdoingbadly.com/coretrust/
Worth Doing Badly
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.
Converting a malware dropper to x64 assembly
https://www.accidentalrebel.com/converting-a-malware-dropper-to-x64-assembly.html
https://www.accidentalrebel.com/converting-a-malware-dropper-to-x64-assembly.html
Accidentalrebel
Converting a malware dropper to x64 assembly
In this post I'll be listing down lessons I learned while converting a simple malware dropper written in C to x64 assembly. I started this project as a way to deepen my understanding of assembly so I could be better in malware development and reverse engineering…
Remote Process Enumeration with WTS Set of Windows APIs https://dazzyddos.github.io/posts/Remote-Process-Enumeration-with-WTS-Set-Of-APIs/
Dazzy Ddos
Remote Process Enumeration with WTS Set of Windows APIs
Introduction
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
Microsoft News
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…
Exploit Development: Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP https://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/
Connor McGarr’s Blog
Exploit Development: Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP
Revisiting token stealing payloads on Windows 10 x64 and diving into mitigations such as SMEP.
The Long Tail of Log4Shell Exploitation https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
Horizon3.ai
The Long Tail of Log4Shell Exploitation
It’s been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.
Mantis - the most powerful botnet to date https://blog.cloudflare.com/mantis-botnet/