Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders https://www.evilsocket.net/2022/08/15/Process-behaviour-anomaly-detection-using-eBPF-and-unsupervised-learning-Autoencoders/
evilsocket
Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
Process injection: breaking all macOS security layers with a single vulnerability https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Sector 7
Process injection: breaking all macOS security layers with a single vulnerability
If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection…
- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app { return YES; } This was added to the Xcode template to address a process injection…
Make your bets 🙂 » Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/
https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/
NCC Group Research Blog
Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
Authored by: Jesús Miguel Calderón Marín Introduction Two years ago I carried out research into online casino games specifically focusing on roulette. As a result, I composed a detailed guide with …
The LDT, a Perfect Home for All Your Kernel Payloads https://blog.ret2.io/2022/08/17/macos-dblmap-kernel-exploitation/
RET2 Systems Blog
The LDT, a Perfect Home for All Your Kernel Payloads
With the broad adoption of Kernel Address Space Layout Randomization (KASLR) by modern systems, obtaining an information leak is a necessary component of mos...
JSSLoader: the shellcode edition https://www.malwarebytes.com/blog/threat-intelligence/2022/08/jssloader-the-shellcode-edition
ThreatDown by Malwarebytes
JSSLoader: the shellcode edition - ThreatDown by Malwarebytes
The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley…
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free https://accessvector.net/2022/linux-itimers-uaf
A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC) https://www.anshumanbhartiya.com/posts/secure-sdlc
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
Debugger Lies: Stack Corruption https://www.timdbg.com/posts/debugger-lies-part-1/
TimDbg
Debugger Lies: Stack Corruption
There are lots of reasons your debugger might be lying to you. Sometimes it’s because information is lost when compiling due to optimizations. Sometimes the symbolic debug information isn’t expressive enough. Other times it can be due to a bug in the debugger…
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 - CVE-2022-39028 https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Snakes on a Domain: An Analysis of a Python Malware Loader https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
Huntress
Snakes on a Domain: An Analysis of a Python Malware Loader | Huntress
Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.
Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe
Debugging Win32 binaries in Ghidra via Wine https://john-millikin.com/debugging-win32-binaries-in-ghidra-via-wine
John Millikin
Debugging Win32 binaries in Ghidra via Wine
QBOT Malware Analysis https://www.elastic.co/security-labs/qbot-malware-analysis
www.elastic.co
QBOT Malware Analysis — Elastic Security Labs
Elastic Security Labs releases a QBOT malware analysis report covering the execution chain. From this research, the team has produced a YARA rule, configuration-extractor, and indicators of compromises (IOCs).
From the last DEFCON, interesting talk » Exploitation in the era of formal verification - a peek at a new frontier with AdaCore/SPARK https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Adam%20Zabrocki%20%20%20Alex%20Tereshkin%20-%20Exploitation%20in%20the%20era%20of%20formal%20verification%20a%20peek%20at%20a%20new%20frontier%20with%20AdaCore-SPARK.pdf
Uncovering a ChromeOS remote memory corruption vulnerability https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
Microsoft News
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
YaraNG: Reinventing the YARA Scanner https://engineering.avast.io/yarang-reinventing-the-yara-scanner/
Good summary of infosec newsletter » Awesome Cyber Security Newsletters https://github.com/TalEliyahu/awesome-security-newsletters
GitHub
GitHub - TalEliyahu/awesome-security-newsletters: Periodic cyber security newsletters that capture the latest news, summaries of…
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...
Linux Kernel Exploit (CVE-2022-32250) with mqueue https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Theori BLOG
Empowering Innovation with Security
Explore expert insights into offensive security and threat intelligence.
Explore expert insights into offensive security and threat intelligence.
A technical analysis of Pegasus for Android – Part 1 https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.