Dependency Confusions in Docker and remote pwning of your infra https://www.errno.fr/DockerDependencyConfusion
kasld: Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing Kernel Address Space Layout Randomization (KASLR). https://github.com/bcoles/kasld
GitHub
GitHub - bcoles/kasld: Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux…
Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing K...
Attack of the week: Airdrop tracing https://blog.cryptographyengineering.com/2024/01/11/attack-of-the-week-airdrop-tracing/
A Few Thoughts on Cryptographic Engineering
Attack of the week: Airdrop tracing
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…
A collection of weggli patterns for C/C++ vulnerability research https://security.humanativaspa.it/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research/
HN Security
A collection of weggli patterns for C/C++ vulnerability research - HN Security
Introducing a collection of weggli patterns for C/C++ SAST and vulnerability research.
👏2
[PATCH] tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux https://lore.kernel.org/all/[email protected]/
Frinet: reverse-engineering made easier https://www.synacktiv.com/publications/frinet-reverse-engineering-made-easier
Synacktiv
Frinet: reverse-engineering made easier
Privilege escalation using the XAML diagnostics API (CVE-2023-36003) https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
M417Z
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December’s Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or…
Debug Case Study: SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20SharePoint%20Pre-Auth%20Code%20Injection%20RCE%20chain%20CVE-2023-29357%20%26%20CVE-2023-24955
GitHub
InsightEngineering/Debugging Case Studies/Debug Case Study: SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023…
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
Atomic Stealer rings in the new year with updated version https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
Malwarebytes
Atomic Stealer rings in the new year with updated version
Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware is stealthy thanks to added encryption and obfuscation of its code.
How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty https://medium.com/@sahul1996l/how-i-discovered-an-rce-vulnerability-in-tesla-securing-a-10-000-bounty-62e725c2a6bd
Medium
The Hidden Gateway: How Extensive Recon Unlocked RCE on a Tesla Infrastructure
Myself: I am Raguraman , Security Researcher 🛡️ | Bug Hunter | CTF Player | Secured @ Tesla,Apple,Amazon,Oracle & more
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/
SentinelOne
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services.
Building a Custom Mach-O Memory Loader for macOS - Part 1 https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/
XPN InfoSec Blog
@_xpn_ - Building a Custom Mach-O Memory Loader for macOS - Part 1
In this blog we'll look at what it takes to construct an in-memory loader for Mach-O bundles within MacOS Ventura without using dyld. We'll walk though the lower-level details of what makes up a Mach-O file, how dyld processes load commands to map areas into…
😱1
VBA: having fun with macros, overwritten pointers & R/W/X memory https://adepts.of0x.cc/vba-hijack-pointers-rwa/
VBA: having fun with macros, overwritten pointers & R/W/X memory |
VBA: having fun with macros, overwritten pointers & R/W/X memory | AdeptsOf0xCC
Article describing an alternative method to trigger shellcode execution
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887 https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
watchTowr Labs
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Did you have a good break? Have you had a chance to breathe? Wake up.
It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…
It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…
CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028 https://github.com/Vozec/CVE-2023-7028
GitHub
GitHub - Vozec/CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028
This repository presents a proof-of-concept of CVE-2023-7028 - Vozec/CVE-2023-7028
Restoring Dyld Memory Loading https://blog.xpnsec.com/restoring-dyld-memory-loading/
XPN InfoSec Blog
@_xpn_ - Restoring Dyld Memory Loading
Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted…
CTF challenges including concepts within Hardware Hacking, Embedded Systems and IoT https://exploitthis.ctfd.io
Stealing the Bitlocker key from a TPM https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
MDSec
CVE-2024-20656 - Local Privilege Escalation in the VSStandardCollectorService150 Service - MDSec
Overview Visual Studio is a complex and powerful IDE developed by Microsoft and comes with a lot of features that can be interesting from a red team perspective. During this...