Don’t throw a hissy fit; defend against Medusa https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja https://binary.ninja/2022/07/22/reverse-engineering-cobalt-strike.html
Binary Ninja
Binary Ninja - Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Tool Release: Cartographer https://research.nccgroup.com/2023/07/20/tool-release-cartographer/
Behind the Shield: Unmasking Scudo's Defenses https://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses
Synacktiv
Behind the Shield: Unmasking Scudo's Defenses
How does Linux start a process ...and how to ptrace the entry point and m3ss w1th da stack https://iq.thc.org/how-does-linux-start-a-process
Escaping the sandbox: A bug that speaks for itself https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction
👍1
Executing from Memory Using ActiveMQ CVE-2023-46604 https://vulncheck.com/blog/cve-2023-44604-activemq-in-memory
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
From email to phone number, a new OSINT approach https://www.martinvigo.com/email2phonenumber/
Martin Vigo
From email to phone number, a new OSINT approach - Martin Vigo
How to find out someone's phone number if you just know their email address and how it can be automated using a new OSINT tool: email2phonenumber
Plundering Postman with Porch Pirate https://mandconsulting.ca/plundering-postman-with-porch-pirate-osint/
Mand Consulting Group
Plundering Postman with Porch Pirate - Mand Consulting Group Inc.
Porch Pirate is a Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to public workspaces, collections, requests, users and teams. Porch Pirate can be used as a client…
CrushFTP Critical Vulnerability CVE-2023-43177 Unauthenticated Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Pellera Technologies
CrushFTP Critical Vulnerability CVE-2023-43177 Unauthenticated Remote Code Execution
Zero-day vulnerabilities chain in CrushFTP (CVE-20-23-43177) uncovered by Converge Red Team requires immediate attention with these remediation steps.
HavocExploit: A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc. https://github.com/syncwithali/HavocExploit
GitHub
GitHub - syncwithali/HavocExploit: A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc.
A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc. - syncwithali/HavocExploit
DIALStranger: details about DIAL protocol vulnerabilities https://github.com/yunuscadirci/DIALStranger
GitHub
GitHub - yunuscadirci/DIALStranger: details about DIAL protocol vulnerabilities
details about DIAL protocol vulnerabilities . Contribute to yunuscadirci/DIALStranger development by creating an account on GitHub.
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3) https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/
Sonarsource
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.
Mockingjay revisisted - Process stomping and loading beacon with sRDI https://naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html
Naksyn’s blog
Mockingjay revisisted - Process stomping and loading beacon with sRDI
Executables with RWX sections can be abused using a variation of a Process Overwriting technique dubbed Process Stomping. Using (a modified) sRDI and leveraging the new features of Cobalt Strike 4.9 has been possible to load beacon in the RWX section itself…
io_uring_LPE-CVE-2023-2598: LPE PoC of a vulnerability in the io_uring subsystem of the Linux Kernel. https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598
GitHub
GitHub - ysanatomic/io_uring_LPE-CVE-2023-2598: LPE PoC of a vulnerability in the io_uring subsystem of the Linux Kernel.
LPE PoC of a vulnerability in the io_uring subsystem of the Linux Kernel. - ysanatomic/io_uring_LPE-CVE-2023-2598
Great series here >> CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 1/4) https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
Process Injection - Avoiding Kernel Triggered Memory Scans https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html
www.r-tec.net
Blog Process Injection
This Blog will show a novel way to avoid detections for Process Injection triggered by ETWti from Kernel.
👍1