Let's code a TCP/IP stack, 1: Ethernet & ARP https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
saminiir's hacker blog
Let's code a TCP/IP stack, 1: Ethernet & ARP
Writing your own TCP/IP stack may seem like a daunting task. Indeed, TCP has accumulated many specifications over its lifetime of more than thirty years. The core specification, however, is seemingly compact[^tcp-roadmap] - the important parts being TCP header…
When Hypervisor Met Snapshot Fuzzing https://www.usmacd.com/2022/07/21/2022-07-21-When-Hypervisor-Met-Snapshot-Fuzzing/
The End of PPLdump https://itm4n.github.io/the-end-of-ppldump/
itm4n’s blog
The End of PPLdump
A few days ago, an issue was opened for PPLdump on GitHub, stating that it no longer worked on Windows 10 21H2 Build 19044.1826. I was skeptical at first so I fired up a new VM and started investigating. Here is what I found…
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID https://medium.com/@DCSO_CyTec/attack-chain-d%C3%A9j%C3%A0-vu-the-infection-vector-used-by-svcready-gozi-and-icedid-585bb326a666
Medium
Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID
Technical analysis of the SVCReady, Gozi and IcedID attack chain
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
Securelist
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.
Zyxel authentication bypass patch analysis (CVE-2022-0342) https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/
hn security
Zyxel authentication bypass patch analysis (CVE-2022-0342) - hn security
A few months ago, new firmware […]
Winshark - Wireshark plugin to work with Event Tracing for Windows https://hakin9.org/winshark-wireshark-plugin-to-work-with-event-tracing-for-windows/
Hakin9 - IT Security Magazine
Winshark - Wireshark plugin to work with Event Tracing for Windows
Windows Kernel Exploitation – HEVD x64 Use-After-Free https://vulndev.io/2022/07/14/windows-kernel-exploitation-hevd-x64-use-after-free/
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products https://blog.talosintelligence.com/2022/07/vulnerability-spotlight-how-code-re-use.html
Cisco Talos Blog
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
Recently, I was performing some research on a wireless router and noticed the following piece of code:
This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check…
This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check…
How to analyze Linux malware – A case study of Symbiote https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/
CVE-2022-31813: Forwarding addresses is hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
Synacktiv
CVE-2022-31813: Forwarding addresses is hard
Extracting Ghidra Decompiler Output with Python https://medium.com/tenable-techblog/extracting-ghidra-decompiler-output-with-python-a737e9ed8fce
Medium
Extracting Ghidra Decompiler Output with Python
Ghidra’s decompiler, while not perfect, is pretty darn handy. Ghidra’s user interface, however, leaves a lot to be desired. I often find…
Manipulating Windows Tokens with Go https://fourcore.io/blogs/manipulating-windows-tokens-with-golang
FourCore
Manipulating Windows Tokens with Go
Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malicious behaviours. Security professionals can use the wintoken library for token manipulation.
CVE-2022-36123 – A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 https://sick.codes/sick-2022-128/
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
CVE-2022-36123 - A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables…
Title A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution…
Corrupting memory without memory corruption https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/
The GitHub Blog
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights…
DDoS Attack Case Study: 20 Hours of Unprovoked Aggression https://blog.criminalip.io/2022/07/27/ddos-attack-case/
CIP Blog
DDoS Attack Case Study: 20 Hours of Unprovoked Aggression
Recently, there was a GET Flooding Attack-type DDoS attack case on a web services company for about 20 hours. Various attack traffic was detected on the login page, which caused a serious load on the server and ultimately paralyzed the entire login function.…
Creating Processes Using System Calls
https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
Coresecurity
Creating Processes Using System Calls | Core Security
This article discusses weaponizing NtCreateUserProcess so that it can be used on defended environments in a way that is reliable and useful.
Inside Matanbuchus: A Quirky Loader https://www.cyberark.com/resources/threat-research-blog/inside-matanbuchus-a-quirky-loader
Cyberark
Inside Matanbuchus: A Quirky Loader
An in-depth analysis of Matanbuchus loader’s tricks and loading techniques Matanbuchus is a Malware-as-a-Service loader that has been sold on underground markets for more than one year....
A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-3-radio-communications/
hn security
A journey into IoT - Unknown Chinese alarm - Part 3 - Radio communications - hn security
Disclaimer: as many other security researchers […]
A Detailed Analysis of the RedLine Stealer https://securityscorecard.com/research/detailed-analysis-redline-stealer
SecurityScorecard
A Detailed Analysis of the RedLine Stealer
RedLine is a stealer distributed as cracked games, applications, and services. See how this malware affected FileZilla, Telegram, and more.