Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…
All cops are broadcasting: TETRA under scrutiny https://assets-global.website-files.com/64a2900ed5e9bb672af9b2ed/64d42fcc2e3fdcf3d323f3d9_All_cops_are_broadcasting_TETRA_under_scrutiny.pdf?ref=0xor0ne.xyz
CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access https://securityonline.info/cve-2023-6817-linux-kernel-netfilter-flaw-opens-root-access/
Cybersecurity News
CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access
CVE-2023-6817, poses a severe threat with a CVSS score of 7.8, categorizing it as a high-severity issue, also PoC exploit published.
👍1
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1 https://eaton-works.com/2023/12/18/aditaas-cve-2023-6483/
Eaton-Works
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
OilRig’s persistent attacks using cloud service-powered downloaders https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Welivesecurity
OilRig’s persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.
Retro Gaming Vulnerability Research: Warcraft 2 https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-research-warcraft-2/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
👌1
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
Akamai
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 | Akamai
In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.
👍2
universal-doom: A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything in between). https://github.com/nneonneo/universal-doom
GitHub
GitHub - nneonneo/universal-doom: A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything…
A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything in between). - nneonneo/universal-doom
🔥3
avred: antivirus reducer - AV signature identificator https://avred.r00ted.ch/
Terrapin Attack https://terrapin-attack.com/
Terrapin-Attack
Terrapin Attack
PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows https://www.kitploit.com/2023/12/pipeviewer-tool-that-shows-detailed.html
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
Pwning Pixel 6 with a leftover patch https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
The GitHub Blog
Pwning Pixel 6 with a leftover patch
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain…
Writing a decent win32 keylogger [1/3] https://www.synacktiv.com/en/publications/writing-a-decent-win32-keylogger-13.html
Synacktiv
Writing a decent win32 keylogger [1/3]
👍1👌1
pryingdeep: Prying Deep - An OSINT tool to collect intelligence on the dark web. https://github.com/iudicium/pryingdeep
GitHub
GitHub - iudicium/pryingdeep: Prying Deep - An OSINT tool to collect intelligence on the dark web.
Prying Deep - An OSINT tool to collect intelligence on the dark web. - iudicium/pryingdeep
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html
CVE-2023-7102: A zero-day flaw affects Barracuda Email Security Gateway https://securityonline.info/cve-2023-7101-cve-2023-7102-two-0-day-flaws-affect-barracuda-email-security-gateway/
Daily CyberSecurity
CVE-2023-7102: A zero-day flaw affects Barracuda Email Security Gateway
Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101
Live Debugging Techniques for the Linux Kernel, Part 1 of 3 https://blogs.oracle.com/linux/post/live-kernel-debugging-1
Oracle
Live Debugging Techniques for the Linux Kernel, Part 1 of 3
The first of a three part series providing detailed instructions on how to debug a live Linux kernel. In this first part Alex Thorlton provides setup instructions to create an environment that will facilitate playing with the various techniques that will…
Ghidriff: Ghidra Binary Diffing Engine https://clearbluejar.github.io/posts/ghidriff-ghidra-binary-diffing-engine/
clearbluejar
Ghidriff: Ghidra Binary Diffing Engine
As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security…
Windows CLFS and five exploits used by ransomware operators https://securelist.com/windows-clfs-exploits-ransomware/111560/
Securelist
Windows CLFS and five exploits used by ransomware operators
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions…
StarCraft Remastered: Emulating a buffer overflow for fun and profit https://www.youtube.com/watch?v=fcdUEpI0gyE
YouTube
REcon 2018 - StarCraft Remastered: Emulating a buffer overflow for fun and profit
This video is a re-run of my REcon 2018 presentation in Brussels.
Chapters:
00:00 Introduction
01:54 Fun facts
05:35 Presentation
Abstract:
StarCraft 1.16.1 and older had a buffer overflow bug in the map parsing code. The hackers in South Korea leveraged…
Chapters:
00:00 Introduction
01:54 Fun facts
05:35 Presentation
Abstract:
StarCraft 1.16.1 and older had a buffer overflow bug in the map parsing code. The hackers in South Korea leveraged…