A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC) https://www.anshumanbhartiya.com/posts/secure-sdlc
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
Debugger Lies: Stack Corruption https://www.timdbg.com/posts/debugger-lies-part-1/
TimDbg
Debugger Lies: Stack Corruption
There are lots of reasons your debugger might be lying to you. Sometimes it’s because information is lost when compiling due to optimizations. Sometimes the symbolic debug information isn’t expressive enough. Other times it can be due to a bug in the debugger…
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 - CVE-2022-39028 https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Snakes on a Domain: An Analysis of a Python Malware Loader https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
Huntress
Snakes on a Domain: An Analysis of a Python Malware Loader | Huntress
Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.
Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe
Debugging Win32 binaries in Ghidra via Wine https://john-millikin.com/debugging-win32-binaries-in-ghidra-via-wine
John Millikin
Debugging Win32 binaries in Ghidra via Wine
QBOT Malware Analysis https://www.elastic.co/security-labs/qbot-malware-analysis
www.elastic.co
QBOT Malware Analysis — Elastic Security Labs
Elastic Security Labs releases a QBOT malware analysis report covering the execution chain. From this research, the team has produced a YARA rule, configuration-extractor, and indicators of compromises (IOCs).
From the last DEFCON, interesting talk » Exploitation in the era of formal verification - a peek at a new frontier with AdaCore/SPARK https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Adam%20Zabrocki%20%20%20Alex%20Tereshkin%20-%20Exploitation%20in%20the%20era%20of%20formal%20verification%20a%20peek%20at%20a%20new%20frontier%20with%20AdaCore-SPARK.pdf
Uncovering a ChromeOS remote memory corruption vulnerability https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
Microsoft News
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
YaraNG: Reinventing the YARA Scanner https://engineering.avast.io/yarang-reinventing-the-yara-scanner/
Good summary of infosec newsletter » Awesome Cyber Security Newsletters https://github.com/TalEliyahu/awesome-security-newsletters
GitHub
GitHub - TalEliyahu/awesome-security-newsletters: Periodic cyber security newsletters that capture the latest news, summaries of…
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...
Linux Kernel Exploit (CVE-2022-32250) with mqueue https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Theori BLOG
Empowering Innovation with Security
Explore expert insights into offensive security and threat intelligence.
Explore expert insights into offensive security and threat intelligence.
A technical analysis of Pegasus for Android – Part 1 https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Attacking Titan M with Only One Byte https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
Quarkslab
Attacking Titan M with Only One Byte - Quarkslab's blog
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.
Anatomy of an exploit in Windows win32k – CVE-2022-21882 https://www.avira.com/en/blog/anatomy-of-an-exploit-in-windows-win32k-cve-2022-21882
Avira Blog
Anatomy of an exploit in Windows win32k - CVE-2022-21882 - Avira Blog
CVE-2022-21882: A new manipulation technique of window objects in kernel memory that leads to privilege escalation
Windows Kernel Introspection (WKI) https://amonsec.net/posts/2022/09/0000000d/
amonsec.net
Windows Kernel Introspection (WKI)
Table of contents Table of contents Introduction User-Mode Application Kernel-Mode Driver Example: Listing Kernel Memory Pool Tag Final Thoughts Introduction Over the last few years that I spent learning more and more about Microsoft Windows, it has been…
Reviewing macOS Unified Logs https://www.mandiant.com/resources/blog/reviewing-macos-unified-logs
Mandiant
macOS Unified Logs | Challenges Related to the Unified Logs
Reviewing macOS Unified Logs. We cover an overview of macOS Unified Logs and the challenges presented in using them during an investigation.
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/
SentinelOne
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.
Profiling DEV-0270: PHOSPHORUS’ ransomware operations https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/
Microsoft News
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.