StarCraft Remastered: Emulating a buffer overflow for fun and profit https://www.youtube.com/watch?v=fcdUEpI0gyE
YouTube
REcon 2018 - StarCraft Remastered: Emulating a buffer overflow for fun and profit
This video is a re-run of my REcon 2018 presentation in Brussels.
Chapters:
00:00 Introduction
01:54 Fun facts
05:35 Presentation
Abstract:
StarCraft 1.16.1 and older had a buffer overflow bug in the map parsing code. The hackers in South Korea leveraged…
Chapters:
00:00 Introduction
01:54 Fun facts
05:35 Presentation
Abstract:
StarCraft 1.16.1 and older had a buffer overflow bug in the map parsing code. The hackers in South Korea leveraged…
SSH ProxyCommand == unexpected code execution (CVE-2023-51385) https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
Vin01’s Blog
SSH ProxyCommand == unexpected code execution (CVE-2023-51385)
Summary
❤2
ETW internals for security research and forensics https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/
The Trail of Bits Blog
ETW internals for security research and forensics
Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also…
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
SpecterOps
Less SmartScreen More Caffeine | SpecterOps Blog
With the barrier to entry for initial access ever increasing, we spent some time digging into potentially lesser-known weaponization options for ClickOnce deployments...
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
AtlasLdr: Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls https://github.com/Krypteria/AtlasLdr
GitHub
GitHub - Krypteria/AtlasLdr: Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls - Krypteria/AtlasLdr
CVE-2023-6817: Linux kernel: use-after-free in nf_tables https://www.openwall.com/lists/oss-security/2023/12/22/6
Full Chain Baseband Exploits, Part 1 https://labs.taszk.io/articles/post/full_chain_bb_part1/
labs.taszk.io
Full Chain Baseband Exploits, Part 1
Full Chain Baseband Exploitation, Part 1
Threat Actor “UAC-0099”: Exploiting CVE-2023-38831 Against Ukraine https://securityonline.info/threat-actor-uac-0099-exploiting-cve-2023-38831-against-ukraine/
Daily CyberSecurity
Threat Actor "UAC-0099": Exploiting CVE-2023-38831 Against Ukraine
Cyber threat actor UAC-0099 has been actively targeting Ukraine since mid-2022, according to insights from the Deep Instinct Threat Lab
Rust Binary Analysis, Feature by Feature https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
Check Point Research
Rust Binary Analysis, Feature by Feature - Check Point Research
Problem Statement You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s…
👌3
CVE-2023-42465: SUDO Affected by Stack/Register Flaw, OpenSSH, OpenSSL, and MySQL are Vulnerable https://securityonline.info/cve-2023-42465-sudo-affected-by-stack-register-flaw-openssh-openssl-and-mysql-are-vulnerable/
Daily CyberSecurity
CVE-2023-42465: SUDO Affected by Stack/Register Flaw, OpenSSH, OpenSSL, and MySQL are Vulnerable
Researchers issued CVE-2023-42465 for SUDO for this vulnerability. This flaw classified as critical has been found in sudo up to 1.9.14.
🔥2
Patching DLLs with BDF https://cryptonominom.com/2023/12/22/DLL-Patching.html
Cryptonominom
Patching DLLs with BDF
TL;DR
Biometric Bypass: Chameleon Banking Trojan Evolves, Android 13 Vulnerable https://securityonline.info/biometric-bypass-chameleon-banking-trojan-evolves-android-13-vulnerable/
Cybersecurity News
Biometric Bypass: Chameleon Banking Trojan Evolves, Android 13 Vulnerable
ThreatFabric detected "Chameleon," a banking trojan first identified in early 2023. This malicious entity, thriving in the digital ecosystem
fnoios: Redirect spawned iOS application stdout and stderr to pty https://github.com/NSEcho/fnoios
GitHub
GitHub - NSEcho/fnoios: Redirect spawned iOS application stdout and stderr to pty
Redirect spawned iOS application stdout and stderr to pty - NSEcho/fnoios
Phishing for Secrets: Operation RusticWeb Casts Net on Indian Officials https://securityonline.info/phishing-for-secrets-operation-rusticweb-casts-net-on-indian-officials/
Daily CyberSecurity
Phishing for Secrets: Operation RusticWeb Casts Net on Indian Officials
Dubbed Operation RusticWeb, this campaign, uncovered in October 2023, demonstrates a nuanced approach to cyber espionage.
Parsing MSDN for (Documented) Technique Development https://signal-labs.com/parsing-msdn-for-documented-technique-dev/
Signal Labs
Parsing MSDN for (Documented) Technique Development | Advanced Offensive Cybersecurity Training
Parsing MSDN to discover potentially abusable APIs
👌1
Operation Triangulation: The last (hardware) mystery https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Securelist
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
CrushFTP - CVE-2023-43177 Unauthenticated Remote Code Execution https://blog.projectdiscovery.io/crushftp-rce/
ProjectDiscovery
CrushFTP - CVE-2023-43177 Unauthenticated Remote Code Execution — ProjectDiscovery Blog
CVE-2023-43177 is a critical vulnerability in CrushFTP. The vulnerability could potentially allow unauthenticated attackers with network access to the CrushFTP Instance to write files in the local file system and eventually in some versions could allow the…
The Present Threat of Row Hammer Attacks https://medium.com/@don.aust/the-present-threat-of-row-hammer-attacks-f504e3017047
Medium
The Present Threat of Row Hammer Attacks
In 2014 Google researchers discovered strange interference between memory locations in DDR3, DDR4, and DDR5 Random Access Memory (RAM.) On…