Enhancing Subdomain Enumeration - ENTs and NOERROR https://www.securesystems.de/blog/enhancing-subdomain-enumeration-ents-and-noerror/
Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/
Researching Xiaomi’s TEE to get to Chinese money https://research.checkpoint.com/2022/researching-xiaomis-tee/
Check Point Research
Researching Xiaomi’s TEE to get to Chinese money - Check Point Research
Research By: Slava Makkaveev Introduction Have you ever wondered if it is safe to make payments from a mobile device? Can a malicious app steal money from your digital wallet? According to the latest statistics, the Far East and China accounted for two-thirds…
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders/
evilsocket
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
Process injection: breaking all macOS security layers with a single vulnerability https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Sector 7
Process injection: breaking all macOS security layers with a single vulnerability
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection…
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection…
Make your bets 🙂 » Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/
https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/
NCC Group Research Blog
Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
Authored by: Jesús Miguel Calderón Marín Introduction Two years ago I carried out research into online casino games specifically focusing on roulette. As a result, I composed a detailed guide with …
The LDT, a Perfect Home for All Your Kernel Payloads https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation/
RET2 Systems Blog
The LDT, a Perfect Home for All Your Kernel Payloads
With the broad adoption of Kernel Address Space Layout Randomization (KASLR) by modern systems, obtaining an information leak is a necessary component of mos...
JSSLoader: the shellcode edition https://www.malwarebytes.com/blog/threat-intelligence/2022/08/jssloader-the-shellcode-edition
ThreatDown by Malwarebytes
JSSLoader: the shellcode edition - ThreatDown by Malwarebytes
The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley…
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free https://accessvector.net/2022/linux-itimers-uaf
A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC) https://www.anshumanbhartiya.com/posts/secure-sdlc
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
Debugger Lies: Stack Corruption https://www.timdbg.com/posts/debugger-lies-part-1/
TimDbg
Debugger Lies: Stack Corruption
There are lots of reasons your debugger might be lying to you. Sometimes it’s because information is lost when compiling due to optimizations. Sometimes the symbolic debug information isn’t expressive enough. Other times it can be due to a bug in the debugger…
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 - CVE-2022-39028 https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Snakes on a Domain: An Analysis of a Python Malware Loader https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
Huntress
Snakes on a Domain: An Analysis of a Python Malware Loader | Huntress
Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.
Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe
Debugging Win32 binaries in Ghidra via Wine https://john-millikin.com/debugging-win32-binaries-in-ghidra-via-wine
John Millikin
Debugging Win32 binaries in Ghidra via Wine
QBOT Malware Analysis https://www.elastic.co/security-labs/qbot-malware-analysis
www.elastic.co
QBOT Malware Analysis — Elastic Security Labs
Elastic Security Labs releases a QBOT malware analysis report covering the execution chain. From this research, the team has produced a YARA rule, configuration-extractor, and indicators of compromises (IOCs).
From the last DEFCON, interesting talk » Exploitation in the era of formal verification - a peek at a new frontier with AdaCore/SPARK https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Adam%20Zabrocki%20%20%20Alex%20Tereshkin%20-%20Exploitation%20in%20the%20era%20of%20formal%20verification%20a%20peek%20at%20a%20new%20frontier%20with%20AdaCore-SPARK.pdf
Uncovering a ChromeOS remote memory corruption vulnerability https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
Microsoft News
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
YaraNG: Reinventing the YARA Scanner https://engineering.avast.io/yarang-reinventing-the-yara-scanner/