In-Memory Disassembly for EDR/AV Unhooking https://signal-labs.com/analysis-of-edr-hooks-bypasses-amp-our-rust-sample/
Signal Labs
In-Memory Disassembly for EDR/AV Unhooking | Advanced Offensive Cybersecurity Training
We’ll walk through the hooks of a particular AV (Sophos AV) and determine why many of the public methods fail, and how we created our Rust PoC to work against the self-protection techniques of similar hooking engines.
👍1
GHSL-2023-139: Use After Free (UAF) in accountsservice - CVE-2023-3297 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
GitHub Security Lab
GHSL-2023-139: Use After Free (UAF) in accountsservice - CVE-2023-3297
An unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
How I Got Hired On Google's Red Team https://grahamhelton.com/blog/jobs/
👏1🤡1
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service https://blog.silentsignal.eu/2023/07/03/ibm-i-dde-vulnerability-cve-2023-30990/
Silent Signal Techblog
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
Because we can!
👍1
Everyone Knows SAP, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_06/SEC_Consult_Whitepaper_SAP_RFC_Vulnerability_Research_From_RFC_To_RCE.pdf
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_06/SEC_Consult_Whitepaper_SAP_RFC_Vulnerability_Research_From_RFC_To_RCE.pdf
💩1
Hunting for Nginx Alias Traversals in the wild https://labs.hakaioffsec.com/nginx-alias-traversal/
Hakai
Vulnerability Research
The Linux Kernel Module Programming Guide (updated for Linux kernel 5.x) https://sysprog21.github.io/lkmpg/
Published CVSS v4.0: Common Vulnerability Scoring System Version 4.0 https://www.first.org/cvss/v4-0/
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System
👍1🤔1
Useful guide for learning Makefiles https://makefiletutorial.com
👌1
PoCs to help learning how to get SYSTEM privilege https://github.com/daem0nc0re/PrivFu/tree/main/ArtsOfGetSystem
GitHub
PrivFu/ArtsOfGetSystem at main · daem0nc0re/PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation. - daem0nc0re/PrivFu
👏1
Visualizing Android Code Coverage Pt.1 https://datalocaltmp.github.io/visualizing-android-code-coverage-pt-1.html
/data/local/tmp
Visualizing Android Code Coverage Pt.1
Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to investigate.
The WAF efficacy framework: measuring the effectiveness of your WAF https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf
Fastly
Fastly | Fastly
Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.
PWNASSISTANT - CONTROLLING /HOME'S VIA A HOME ASSISTANT RCE https://www.elttam.com/blog/pwnassistant/#content
Elttam
PwnAssistant - Controlling /home's via a Home Assistant RCE - elttam
elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.
Cloud Defense in Depth: Lessons from the Kinsing Malware https://sysdig.com/blog/cloud-defense-in-depth/
StackRot (CVE-2023-3269): Linux kernel privilege escalation
vulnerability https://www.openwall.com/lists/oss-security/2023/07/05/1
vulnerability https://www.openwall.com/lists/oss-security/2023/07/05/1
SSH Key Compromise Risks and Countermeasures https://sandflysecurity.com/blog/ssh-key-compromise-risks-and-countermeasures/
Sandfly Security - Agentless Linux EDR and Incident Response
SSH Key Compromise Risks and Countermeasures
SSH key compromise is a major risk to Linux. Learn how SSH keys are compromised and how to protect yourself.
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability https://www.rapid7.com/blog/post/2023/06/12/etr-cve-2023-27997-critical-fortinet-fortigate-remote-code-execution-vulnerability/
Rapid7
CVE-2023-27997: Critical Fortinet Fortigate RCE Vulnerability | Rapid7 Blog
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911) https://offsec.almond.consulting/windows-msiexec-eop-cve-2020-0911.html
👌1
Everything in Its Right Place: Improving DNS resilience (PhD Thesis) https://ris.utwente.nl/ws/portalfiles/portal/306181219/thesis_ebook.pdf
[CVE-2022-1786] A Journey To The Dawn https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
kylebot's Blog
[CVE-2022-1786] A Journey To The Dawn
IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera
❤3