Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/
SentinelOne
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services.
Building a Custom Mach-O Memory Loader for macOS - Part 1 https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/
XPN InfoSec Blog
@_xpn_ - Building a Custom Mach-O Memory Loader for macOS - Part 1
In this blog we'll look at what it takes to construct an in-memory loader for Mach-O bundles within MacOS Ventura without using dyld. We'll walk though the lower-level details of what makes up a Mach-O file, how dyld processes load commands to map areas into…
😱1
VBA: having fun with macros, overwritten pointers & R/W/X memory https://adepts.of0x.cc/vba-hijack-pointers-rwa/
VBA: having fun with macros, overwritten pointers & R/W/X memory |
VBA: having fun with macros, overwritten pointers & R/W/X memory | AdeptsOf0xCC
Article describing an alternative method to trigger shellcode execution
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887 https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
watchTowr Labs
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Did you have a good break? Have you had a chance to breathe? Wake up.
It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…
It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…
CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028 https://github.com/Vozec/CVE-2023-7028
GitHub
GitHub - Vozec/CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028
This repository presents a proof-of-concept of CVE-2023-7028 - Vozec/CVE-2023-7028
Restoring Dyld Memory Loading https://blog.xpnsec.com/restoring-dyld-memory-loading/
XPN InfoSec Blog
@_xpn_ - Restoring Dyld Memory Loading
Up until recently, we've enjoyed in-memory loading of Mach-O bundles courtesy of dyld and its NSCreateObjectFileImageFromMemory/NSLinkModule API methods. And while these methods still exist today, there is a key difference.. memory modules are now persisted…
CTF challenges including concepts within Hardware Hacking, Embedded Systems and IoT https://exploitthis.ctfd.io
Stealing the Bitlocker key from a TPM https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
MDSec
CVE-2024-20656 - Local Privilege Escalation in the VSStandardCollectorService150 Service - MDSec
Overview Visual Studio is a complex and powerful IDE developed by Microsoft and comes with a lot of features that can be interesting from a red team perspective. During this...
Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security https://securityonline.info/inside-cve-2024-20656-poc-exploit-threatens-visual-studio-security/
Cybersecurity News
Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security
Details and proof-of-concept (PoC) exploit code have emerged about a now-patched security flaw, CVE-2024-20656, in Microsoft Visual Studio
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/
Day 9 - XDR Incident Response insights https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day09-XDR-Insights-part1.md
GitHub
SecurityResearcher-Note/SecurityResearcher-Note-Folder/Day09-XDR-Insights-part1.md at main · LearningKijo/SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches. - LearningKijo/SecurityResearcher-Note
👏1
Analysis of Android settings during a forensic investigation https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
blog.digital-forensics.it
Analysis of Android settings during a forensic investigation
DFIR research
🥱1
New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html
Rooting the FiiO M6 - Part 1 - Using the "World's Worst Fuzzer" To Find A Kernel Bug https://stigward.github.io/posts/fiio-m6-kernel-bug/
Stigward’s Security Journal
Rooting the FiiO M6 - Part 1 - Using the “World’s Worst Fuzzer” To Find A Kernel Bug
Overview: A few months ago, I was cleaning off my hardware workbench when I came across my FiiO M6, an Android-based “portable high-resolution lossless music player”. I originally purchased the device to aid in my language learning studies and dabble in the…
Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug https://stigward.github.io/posts/fiio-m6-exploit/
Stigward’s Security Journal
Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug
Overview:
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Linux Kernel Teaching¶ https://linux-kernel-labs.github.io/refs/heads/master/index.html
Android-based PAX POS vulnerabilities (Part 1) https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.