Jupyter Rising: An Update on Jupyter Infostealer https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html
VMware Security Blog
Jupyter Rising: An Update on Jupyter Infostealer
Contributor: Nikki Benoit Executive Summary New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling…
BlueNoroff strikes again with new macOS malware https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Jamf
Jamf Threat Labs Discovers Malware from BlueNoroff
Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.
nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation/
STAR Labs
nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248)
During my internship, I have been researching and trying to find bugs within the nftables subsystem. In this blog post, I will talk about a bug I have found, as well as the exploitation of an n-day discovered by Mingi Cho – CVE-2023-31248.
Introduction to…
Introduction to…
🔥1
Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust https://c4ebt.github.io/2021/01/22/House-of-Rust.html
c4e's Blog
Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust
The House of Rust is a heap exploitation technique that drops a shell against full PIE binaries that don’t leak any addresses.
The Swiss Knife - SystemBC | Coroxy https://rexorvc0.com/2023/11/12/Swiss-Knife-SystemBC-Coroxy/
RexorVc0
The Swiss Knife - SystemBC | Coroxy
Threat Researcher
Breaking out of Docker via runC – Explaining CVE-2019-5736 https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/
Unit 42
Breaking out of Docker via runC – Explaining CVE-2019-5736
Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed
Analyzing a Modern In-the-wild Android Exploit https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
👍1
LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR) https://asec.ahnlab.com/en/58919/
ASEC BLOG
LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR) - ASEC BLOG
AhnLab Security Emergency response Center (ASEC) detected circumstances of a malware strain being distributed through breached legitimate websites using various file names, prompting users to run them. This post will introduce how AhnLab EDR analyzes and…
Don’t throw a hissy fit; defend against Medusa https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja https://binary.ninja/2022/07/22/reverse-engineering-cobalt-strike.html
Binary Ninja
Binary Ninja - Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Tool Release: Cartographer https://research.nccgroup.com/2023/07/20/tool-release-cartographer/
Behind the Shield: Unmasking Scudo's Defenses https://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses
Synacktiv
Behind the Shield: Unmasking Scudo's Defenses
How does Linux start a process ...and how to ptrace the entry point and m3ss w1th da stack https://iq.thc.org/how-does-linux-start-a-process
Escaping the sandbox: A bug that speaks for itself https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction
👍1
Executing from Memory Using ActiveMQ CVE-2023-46604 https://vulncheck.com/blog/cve-2023-44604-activemq-in-memory
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
From email to phone number, a new OSINT approach https://www.martinvigo.com/email2phonenumber/
Martin Vigo
From email to phone number, a new OSINT approach - Martin Vigo
How to find out someone's phone number if you just know their email address and how it can be automated using a new OSINT tool: email2phonenumber
Plundering Postman with Porch Pirate https://mandconsulting.ca/plundering-postman-with-porch-pirate-osint/
Mand Consulting Group
Plundering Postman with Porch Pirate - Mand Consulting Group Inc.
Porch Pirate is a Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to public workspaces, collections, requests, users and teams. Porch Pirate can be used as a client…