Automated Volatility Plugin Generation with Dalvik Inspector https://www.504ensics.com/automated-volatility-plugin-generation-with-dalvik-inspector/
504ENSICS Labs
Automated Volatility Plugin Generation with Dalvik Inspector - 504ENSICS Labs
Introduction In this blog post we will be demonstrating a new feature to the Dalvik Inspector tool, which we are planning on releasing this summer at Black Hat USA. Specifically we have added functionality to the Dalvik Inspector GUI for automatic Volatility…
[CVE-2022-34918] A crack in the Linux firewall
https://www.randorisec.fr/crack-linux-firewall/
https://www.randorisec.fr/crack-linux-firewall/
Session On Android – An App Wrapped in Signal
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
The Binary Hick
Session On Android – An App Wrapped in Signal
NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusse…
The Return of Candiru: Zero-days in the Middle East https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/
Gendigital
The Return of Candiru: Zero-days in the Middle East
Zero-day vulnerability in Google Chrome discovery
Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion
RedSense Cyber Threat Intelligence
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…
Basics for Binary Exploitation https://o5wald.github.io/posts/binary_exploitation_basics/
o5wald.github.io
Basics for Binary Exploitation
we all know how C programs is get compiled.
first your C file goes to the compiler, then compiler convert it into sequence of operation that will be executed by computer each operation compiled into sequence of bytes called operation code or OP code Why Assembly…
first your C file goes to the compiler, then compiler convert it into sequence of operation that will be executed by computer each operation compiled into sequence of bytes called operation code or OP code Why Assembly…
Gitlab Project Import RCE Analysis (CVE-2022-2185) https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/
STAR Labs
Gitlab Project Import RCE Analysis (CVE-2022-2185)
At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9.
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…
How I Met Your Beacon – Overview https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
MDSec
PART 1: How I Met Your Beacon - Overview - MDSec
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader) https://artik.blue/malware5
artik.blue
Malware analysis with IDA/Radare2 2 - From unpacking to config extraction to full reversing (IceID Loader)
All things cyber
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists
Proofpoint
APTs Targeting Journalists & Media Organizations | Proofpoint US
APTs regularly target and pose as journalists and media organizations to advance their state-aligned initiatives. Learn more about Proofpoint's research.
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials https://research.checkpoint.com/2022/check-point-research-exposes-an-iranian-phishing-campaign-targeting-former-israeli-foreign-minister-former-us-ambassador-idf-general-and-defense-industry-executives/
Check Point Research
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials - Check Point Research
Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks…
Attackers target Ukraine using GoMet backdoor https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html
Cisco Talos Blog
Attackers target Ukraine using GoMet backdoor
Executive summary
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine…
Why the Equation Group (EQGRP) is NOT the NSA https://xorl.wordpress.com/2022/07/06/why-the-equation-group-eqgrp-is-not-the-nsa/
xorl %eax, %eax
Why the Equation Group (EQGRP) is NOT the NSA
I had covered this topic in my 2021 talk “In nation-state actor’s shoes” but after my recent blog post I saw again people referring to the EQGRP as the NSA which is not entirely c…
Let's code a TCP/IP stack, 1: Ethernet & ARP https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
saminiir's hacker blog
Let's code a TCP/IP stack, 1: Ethernet & ARP
Writing your own TCP/IP stack may seem like a daunting task. Indeed, TCP has accumulated many specifications over its lifetime of more than thirty years. The core specification, however, is seemingly compact[^tcp-roadmap] - the important parts being TCP header…
When Hypervisor Met Snapshot Fuzzing https://www.usmacd.com/2022/07/21/2022-07-21-When-Hypervisor-Met-Snapshot-Fuzzing/
The End of PPLdump https://itm4n.github.io/the-end-of-ppldump/
itm4n’s blog
The End of PPLdump
A few days ago, an issue was opened for PPLdump on GitHub, stating that it no longer worked on Windows 10 21H2 Build 19044.1826. I was skeptical at first so I fired up a new VM and started investigating. Here is what I found…
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID https://medium.com/@DCSO_CyTec/attack-chain-d%C3%A9j%C3%A0-vu-the-infection-vector-used-by-svcready-gozi-and-icedid-585bb326a666
Medium
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID
Technical analysis of the SVCReady, Gozi and IcedID attack chain
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
Securelist
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.
Zyxel authentication bypass patch analysis (CVE-2022-0342) https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/
hn security
Zyxel authentication bypass patch analysis (CVE-2022-0342) - hn security
A few months ago, new firmware […]