Process Injection using QueueUserAPC Technique in Windows https://tbhaxor.com/windows-process-injection-using-asynchronous-threads-queueuserapc/
tbhaxor's Blog
Process Injection using QueueUserAPC Technique in Windows
You will learn the fundamentals of user mode asynchronous procedure calls in this post, as well as how to use them to inject shellcode into a remote process thread to obtain a reverse shell.
Ongoing Roaming Mantis smishing campaign targeting France https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/
Sekoia.io Blog
Ongoing Roaming Mantis smishing campaign targeting France
MoqHao (aka Wroba) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS.
The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups) https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/
snee.la
The Workings of WhatsApp’s Backups (and Why You Should Enable End-to-End Encrypted Backups)
About This Blog Post This blog post is a technical report of a presentation that I presented on June 10, 2022 for the second task of my Mobile Security course. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted…
nice series here » Lord Of The Ring0 - Part 1 | Introduction https://idov31.github.io/2022-07-14-lord-of-the-ring0-p1/
A Deep Dive Into ALPHV/BlackCat Ransomware https://securityscorecard.com/research/deep-dive-into-alphv-blackcat-ransomware
SecurityScorecard
A Deep Dive Into ALPHV/BlackCat Ransomware
ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (--access-token parameter), and other parameters can be specified. Learn about its particular behaviors.
Automated Volatility Plugin Generation with Dalvik Inspector https://www.504ensics.com/automated-volatility-plugin-generation-with-dalvik-inspector/
504ENSICS Labs
Automated Volatility Plugin Generation with Dalvik Inspector - 504ENSICS Labs
Introduction In this blog post we will be demonstrating a new feature to the Dalvik Inspector tool, which we are planning on releasing this summer at Black Hat USA. Specifically we have added functionality to the Dalvik Inspector GUI for automatic Volatility…
[CVE-2022-34918] A crack in the Linux firewall
https://www.randorisec.fr/crack-linux-firewall/
https://www.randorisec.fr/crack-linux-firewall/
Session On Android – An App Wrapped in Signal
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
The Binary Hick
Session On Android – An App Wrapped in Signal
NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusse…
The Return of Candiru: Zero-days in the Middle East https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/
Gendigital
The Return of Candiru: Zero-days in the Middle East
Zero-day vulnerability in Google Chrome discovery
Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion
RedSense Cyber Threat Intelligence
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…
Basics for Binary Exploitation https://o5wald.github.io/posts/binary_exploitation_basics/
o5wald.github.io
Basics for Binary Exploitation
we all know how C programs is get compiled.
first your C file goes to the compiler, then compiler convert it into sequence of operation that will be executed by computer each operation compiled into sequence of bytes called operation code or OP code Why Assembly…
first your C file goes to the compiler, then compiler convert it into sequence of operation that will be executed by computer each operation compiled into sequence of bytes called operation code or OP code Why Assembly…
Gitlab Project Import RCE Analysis (CVE-2022-2185) https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/
STAR Labs
Gitlab Project Import RCE Analysis (CVE-2022-2185)
At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9.
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…
How I Met Your Beacon – Overview https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
MDSec
PART 1: How I Met Your Beacon - Overview - MDSec
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader) https://artik.blue/malware5
artik.blue
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader)
All things cyber
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists
Proofpoint
APTs Targeting Journalists & Media Organizations | Proofpoint US
APTs regularly target and pose as journalists and media organizations to advance their state-aligned initiatives. Learn more about Proofpoint's research.
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials https://research.checkpoint.com/2022/check-point-research-exposes-an-iranian-phishing-campaign-targeting-former-israeli-foreign-minister-former-us-ambassador-idf-general-and-defense-industry-executives/
Check Point Research
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials - Check Point Research
Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks…
Attackers target Ukraine using GoMet backdoor https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html
Cisco Talos Blog
Attackers target Ukraine using GoMet backdoor
Executive summary
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Why the Equation Group (EQGRP) is NOT the NSA https://xorl.wordpress.com/2022/07/06/why-the-equation-group-eqgrp-is-not-the-nsa/
xorl %eax, %eax
Why the Equation Group (EQGRP) is NOT the NSA
I had covered this topic in my 2021 talk “In nation-state actor’s shoes” but after my recent blog post I saw again people referring to the EQGRP as the NSA which is not entirely c…
Let's code a TCP/IP stack, 1: Ethernet & ARP https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
saminiir's hacker blog
Let's code a TCP/IP stack, 1: Ethernet & ARP
Writing your own TCP/IP stack may seem like a daunting task. Indeed, TCP has accumulated many specifications over its lifetime of more than thirty years. The core specification, however, is seemingly compact[^tcp-roadmap] - the important parts being TCP header…