Windows Triaging with Powershell — Part 1: Parsing Event Logs https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Medium
Windows Triaging with Powershell — Part 1: Parsing Event Logs
This is the part 1 for Triaging a Windows system with Powershell. On a Windows machine, Event Logs play an important role in determining a…
❤2
Windows Triaging with Powershell — Part 2: Artifacts Collection https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
Medium
Windows Triaging with Powershell — Part 2: Artifacts Collection
The current blog is in continuation of Part 1 of Windows Triaging with Powershell. Part 1 described how the Powershell functions can be…
👍1
Leveraging Android Permissions: A Solver Approach https://blog.thalium.re/posts/leveraging-android-permissions/
blog.thalium.re
Leveraging Android Permissions: A Solver Approach
The Android permission management system has already suffered from several vulnerabilities in the past. Such weaknesses can grant dangerous permissions to a malevolent application, an example being CALL_LOG, which gives access to all incoming and outgoing…
Cadet Blizzard emerges as a novel and distinct Russian threat actor https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/
Microsoft News
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard.
A Truly Graceful Wipe Out https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/
The DFIR Report
A Truly Graceful Wipe Out
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment of …
Investigating the Wink Hub 2 https://sensepost.com/blog/2023/investigating-the-wink-hub-2/
Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/
STAR Labs
Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability
Background The discovery and analysis of vulnerabilities is a critical aspect of cybersecurity research. Today, we will dive into CVE-2023-1829, a vulnerability in the cls_tcindex network traffic classifier found by Valis. We will explore the process of exploiting…
TurboRand: V8 Type Confusion Private Property Leak https://ssd-disclosure.com/turborand-v8-type-confusion-private-property-leak/
SSD Secure Disclosure
TurboRand: V8 Type Confusion Private Property Leak - SSD Secure Disclosure
Introduction TurboRand is a v8 exploitation during the TyphoonCTF 2023, this challenge (a.k.a TruboFan is no Fun) centred around a TurboFan (V8’s optimising compiler) type confusion bug. For the challenge we provided contenders with multiple files: Looking…
LibreOffice Arbitrary File Write (CVE-2023-1883) https://secfault-security.com/blog/libreoffice.html
👍2
Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing https://airbus-seclab.github.io/AFLplusplus-blogpost/
IoT devices and Linux-based systems targeted by OpenSSH trojan campaign https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/
Microsoft News
IoT devices and Linux-based systems targeted by OpenSSH trojan campaign
Microsoft discovered an attack using a patched version of OpenSSH to take control of impacted devices and install cryptomining malware.
Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. https://github.com/Idov31/Jormungandr
GitHub
GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute…
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. - GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementa...
👍1
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services https://blog.thalium.re/posts/fuzzing-samsung-system-services/
THALIUM
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…
‘Open’ mobile phones blocked via Bluetooth: experts from Tarlogic, a Spanish cybersecurity company, share use cases for their BlueTrust solution https://rivaltimes.com/open-mobile-phones-blocked-via-bluetooth-experts-from-tarlogic-a-spanish-cybersecurity-company-share-use-cases-for-their-bluetrust-solution/
Rival Times
‘Open’ mobile phones blocked via Bluetooth: experts from Tarlogic, a Spanish cybersecurity company, share use cases for their BlueTrust…
Last March, experts from the Spanish cybersecurity company Tarlogic shared their findings regarding a vulnerability in communications bluetooth used every day
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
👍1
A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation https://cybergeeks.tech/a-technical-analysis-of-the-saltwater-backdoor-used-in-barracuda-0-day-vulnerability-cve-2023-2868-exploitation/
Why ORMs and Prepared Statements Can't (Always) Win https://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win/
Sonarsource
Why ORMs and Prepared Statements Can't (Always) Win
We always assume prepared statements and ORMs are enough to protect us from SQL injection, but be careful not to misuse their APIs! Let's look into a real-world case and see what we can learn from it.
👍1
Inside KangaPack: the Kangaroo packer with native decryption https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
Medium
Inside KangaPack: the Kangaroo packer with native decryption
In this blog post, we unpack a malicious sample sha256: 2c05efa757744cb01346fe6b39e9ef8ea2582d27481a441eb885c5c4dcd2b65b . The core…
👍1
Hashing Phone Numbers For 2-Factor Authentication https://theabbie.github.io/blog/2FA-phone-number-hashing
TheAbbie
Hashing Phone Numbers For 2-Factor Authentication
With the rise of internet and increasing risks of getting hacked, it's more than necessary nowadays that we have an extra layer of security on our accounts, since password alone is not enough. Thus, using Phone numbers for 2FA sounds much more secure, but…
👎1🤡1