Exploring Token Members Part 2 https://jsecurity101.medium.com/exploring-token-members-part-2-2a09d13cbb3
Medium
Exploring Token Members Part 2
Introduction
Exploring SCCM by Unobfuscating Network Access Accounts https://blog.xpnsec.com/unobfuscating-network-access-accounts/
XPN InfoSec Blog
@_xpn_ - Exploring SCCM by Unobfuscating Network Access Accounts
In this post we'll explore just how SCCM uses its HTTP API to initialise a client, take a look at how Network Access Accounts are retrieved from SCCM, and see how we can decrypt these credentials without having to go anywhere near DPAPI.
Abusing forgotten permissions on computer objects in Active Directory https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
dirkjanm.io
Abusing forgotten permissions on computer objects in Active Directory
A while back, I read an interesting blog by Oddvar Moe about Pre-created computer accounts in Active Directory. In the blog, Oddvar also describes the option to configure who can join the computer to the domain after the object is created. This sets an interesting…
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) https://worthdoingbadly.com/coretrust/
Worth Doing Badly
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.
Converting a malware dropper to x64 assembly
https://www.accidentalrebel.com/converting-a-malware-dropper-to-x64-assembly.html
https://www.accidentalrebel.com/converting-a-malware-dropper-to-x64-assembly.html
Accidentalrebel
Converting a malware dropper to x64 assembly
In this post I'll be listing down lessons I learned while converting a simple malware dropper written in C to x64 assembly. I started this project as a way to deepen my understanding of assembly so I could be better in malware development and reverse engineering…
Remote Process Enumeration with WTS Set of Windows APIs https://dazzyddos.github.io/posts/Remote-Process-Enumeration-with-WTS-Set-Of-APIs/
Dazzy Ddos
Remote Process Enumeration with WTS Set of Windows APIs
Introduction
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
Microsoft News
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…
Exploit Development: Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP https://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/
Connor McGarr’s Blog
Exploit Development: Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP
Revisiting token stealing payloads on Windows 10 x64 and diving into mitigations such as SMEP.
The Long Tail of Log4Shell Exploitation https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
Horizon3.ai
The Long Tail of Log4Shell Exploitation
It’s been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.
Mantis - the most powerful botnet to date https://blog.cloudflare.com/mantis-botnet/
Retbleed: Arbitrary Speculative Code Execution with Return Instructions https://comsec.ethz.ch/research/microarch/retbleed/
CVE-2022-32223 Discovery: DLL Hijacking via npm CLI https://blog.aquasec.com/cve-2022-32223-dll-hijacking
Aqua
CVE-2022-32223 Discovery: DLL Hijacking via npm CLI
Team Nautilus has recently discovered a vulnerability in Node.js that can lead to DLL hijacking on Windows via npm CLI if OpenSSL is installed on the host
Decoding Cobalt Strike: Understanding Payloads https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/
Gendigital
Decoding Cobalt Strike: Understanding payloads
Identifying and Parsing Cobalt Payloads
Genesis - The Birth of a Windows Process (Part 1 & Part 2) https://fourcore.io/blogs/how-a-windows-process-is-created-part-1 https://fourcore.io/blogs/how-a-windows-process-is-created-part-2
FourCore
Genesis - The Birth of a Windows Process (Part 1)
What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the APIs and structures involved, and the Process Internals.
Reversing C++, Qt based applications using Ghidra https://ktln2.org/reversing-c%2B%2B-qt-applications-using-ghidra/
Gianluca Pacchiella
Reversing C++, Qt based applications using Ghidra
This post is going to be too ambitious probably: I want to introduce you to
reversing C++ code, applying this knowledge in particular to Qt
applications and since we are at it, explaining some ghidra
reversing C++ code, applying this knowledge in particular to Qt
applications and since we are at it, explaining some ghidra
Process Injection using QueueUserAPC Technique in Windows https://tbhaxor.com/windows-process-injection-using-asynchronous-threads-queueuserapc/
tbhaxor's Blog
Process Injection using QueueUserAPC Technique in Windows
You will learn the fundamentals of user mode asynchronous procedure calls in this post, as well as how to use them to inject shellcode into a remote process thread to obtain a reverse shell.
Ongoing Roaming Mantis smishing campaign targeting France https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/
Sekoia.io Blog
Ongoing Roaming Mantis smishing campaign targeting France
MoqHao (aka Wroba) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS.
The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups) https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/
snee.la
The Workings of WhatsApp’s Backups (and Why You Should Enable End-to-End Encrypted Backups)
About This Blog Post This blog post is a technical report of a presentation that I presented on June 10, 2022 for the second task of my Mobile Security course. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted…
nice series here » Lord Of The Ring0 - Part 1 | Introduction https://idov31.github.io/2022-07-14-lord-of-the-ring0-p1/