The Anatomy of an ALPHA SPIDER Ransomware Attack https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
CrowdStrike.com
The Anatomy of an ALPHA SPIDER Ransomware Attack
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
A Look at Software Composition Analysis https://blog.doyensec.com/2024/03/14/supplychain.html
Doyensec
A Look at Software Composition Analysis
At Doyensec, we specialize in performing white and gray box application security audits. So, in addition to dynamically testing applications, we typically audit our clients’ source code as well. This process is often software-assisted, with open source and…
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
www.assetnote.io
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…
Analyzing Pipedream / Incontroller with MITRE/STIX https://diablohorn.com/2024/03/17/analyzing-pipedream-incontroller-with-mitre-stix/
DiabloHorn
Analyzing Pipedream / Incontroller with MITRE/STIX
This blog post is intended to further practice with MITRE data as well as understand some OT attack techniques implemented by OT malware. For this we are going to look at Pipedream (researched by D…
Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
Akamai
Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains | Akamai
A new malicious privilege escalation technique can be disastrous. In this post, get context and defensive measures against this threat.
👍1
Hunting Vulnerable Kernel Drivers https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
VMware Security Blog
Hunting Vulnerable Kernel Drivers
In information security, even seemingly insignificant issues could pose a significant threat. One notable vector of attack is through device drivers used by legitimate software developers. There are numerous available drivers to support legacy hardware in…
Security Advisory: Remote Command Execution in Cisco Access Point WAP Products https://onekey.com/blog/security-advisory-remote-command-execution-in-cisco-access-point-wap-products/
Onekey
Security Advisory: Remote Command Execution in Cisco Access Point WAP Products | ONEKEY Research | Research | ONEKEY
Learn about the vulnerabilities affecting Cisco's WAP371 and other Small Business Wireless APs, and the importance of binary static analysis.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations using…
GoFecth: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers https://gofetch.fail/
gofetch.fail
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
A new microarchitectural side-channel attack exploiting data memory-dependent prefetchers in Apple silicons.
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques https://pwning.tech/nftables/
Pwning Tech
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets…
Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors https://therecord.media/zero-day-exploits-jumped-in-2023-spyware
therecord.media
Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors
Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they’re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks.
DJI - The ART of obfuscation https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
io_uring_LPE-CVE-2024-0582: LPE exploit for CVE-2024-0582 (io_uring) https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582
GitHub
GitHub - ysanatomic/io_uring_LPE-CVE-2024-0582: LPE exploit for CVE-2024-0582 (io_uring)
LPE exploit for CVE-2024-0582 (io_uring). Contribute to ysanatomic/io_uring_LPE-CVE-2024-0582 development by creating an account on GitHub.
Rust for Malware Development https://github.com/Whitecat18/Rust-for-Malware-Development
GitHub
GitHub - Whitecat18/Rust-for-Malware-Development: Rust for malware Development is a repository for advanced Red Team techniques…
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
🔥2
Issue 1510709 (Type confusion in Harmony Set methods, leads to RCE) https://h0meb0dy.me/entry/Issue-1510709-Type-confusion-in-Harmony-Set-methods-leads-to-RCE
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847) https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/
lolcads tech blog
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
Intro This blog post reflects our exploration of the Dirty Pipe Vulnerability in the Linux kernel. The bug was discovered by Max Kellermann and described here . If you haven’t read the original publication yet, we’d suggest that you read it first (maybe also…