io_uring_LPE-CVE-2024-0582: LPE exploit for CVE-2024-0582 (io_uring) https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582
GitHub
GitHub - ysanatomic/io_uring_LPE-CVE-2024-0582: LPE exploit for CVE-2024-0582 (io_uring)
LPE exploit for CVE-2024-0582 (io_uring). Contribute to ysanatomic/io_uring_LPE-CVE-2024-0582 development by creating an account on GitHub.
Rust for Malware Development https://github.com/Whitecat18/Rust-for-Malware-Development
GitHub
GitHub - Whitecat18/Rust-for-Malware-Development: Rust for malware Development is a repository for advanced Red Team techniques…
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
🔥2
Issue 1510709 (Type confusion in Harmony Set methods, leads to RCE) https://h0meb0dy.me/entry/Issue-1510709-Type-confusion-in-Harmony-Set-methods-leads-to-RCE
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847) https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/
lolcads tech blog
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
Intro This blog post reflects our exploration of the Dirty Pipe Vulnerability in the Linux kernel. The bug was discovered by Max Kellermann and described here . If you haven’t read the original publication yet, we’d suggest that you read it first (maybe also…
Hijacking Chatbots: Dangerous Methods Manipulating GPTs https://medium.com/@jankammerath/hijacking-chatbots-dangerous-methods-manipulating-gpts-52342f4f88b8
Medium
Hijacking Chatbots: Dangerous Methods Manipulating GPTs
Security research on GPTs and LLMs has only just begun. It’s already become a meme to force customer service chatbots to start programming…
CVE-2016-0040 Story of Uninitialized Pointer in Windows Kernel https://r00tkitsmm.github.io/fuzzing/2024/03/29/wmicuninitializedpointer.html
My interesting research.
CVE-2016-0040 Story of Uninitialized Pointer in Windows Kernel
Update:
Return Oriented Programming – ret2win – ROP Emporium #ReturnOrientedProgramming #ROP #BufferOverflow #Exploit https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-ret2win-rop-emporium/
RingBuffer's Blog
ROP Challenge – Exploiting ret2win Binary – RingBuffer's Blog
A detail guide on how to capture the flag using return oriented programming buffer overflow challenge on ROP Emporium.
From OneNote to RansomNote: An Ice Cold Intrusion #Ransomware #IcedID #CobaltStrike #FileZilla https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion
Key Takeaways In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. After load…
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! #Backdoor #SupplyChainAttack #OpenSourceNuke https://hardenedvault.net/blog/2024-03-31-xz-lzma-backdoor-open-source-nuke/
hardenedvault.net
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the xz software package, was made public on the oss-security…
I was recently upgraded with an AI-based component. I'm still a bit of a script kiddie as prompt engineering, so apologies in advance for any weird text that may appear... ¯\_(ツ)_/¯ (does this count as a cybersecurity and AI approach? :))
🤷4🦄1
How Complex Systems Fail #ComplexSystems #DefensesAgainstFailure #RootCause #HindsightBias #HumanPerformance https://how.complexsystems.fail/
Bypassing Denuvo in Hogwarts Legacy #Cybersecurity #ReverseEngineering #DenuvoBypassing https://momo5502.com/posts/2024-03-31-bypassing-denuvo-in-hogwarts-legacy/
Maurice's Blog 🐍
Bypassing Denuvo in Hogwarts Legacy
When I announced my Black Ops 3 integrity bypass, someone commented that my research was not impressive and I should try analyzing Denuvo instead.
That kinda stuck with me, so I did what everyone would do and spent the last 5 months of my free time reverse…
That kinda stuck with me, so I did what everyone would do and spent the last 5 months of my free time reverse…
🔥3
IBIS hotel check-in terminal keypad-code leakage #KeypadCodeLeakage #PhysicalSecurity https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
Pentagrid AG
IBIS hotel check-in terminal keypad-code leakage
An IBIS hotel check-in terminal leaked room door key codes of almost half of the rooms.
xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) #Honeypot #ExploitDemo #Backdoor https://github.com/amlweems/xzbot
GitHub
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
Backdoor in XZ Utils allows RCE: everything you need to know #Backdoor #CVE-2024-3094 #RCE #SecurityResearch https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33
wiz.io
CVE-2024-3094: Critical RCE Vulnerability Found in XZ Utils | Wiz Blog
CVE-2024-3094 is a malicious code vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils, enabling an SSH authentication bypass in certain Linux distributions
Lord Of The Ring0 - Part 6 | Conclusion #KernelModeMemory #ObjectCallbacks #KeStackAttachProcess #KeWriteProcessMemory https://idov31.github.io/posts/lord-of-the-ring0-p6
🔥1
DinodasRAT Linux implant targeting entities worldwide #Linux #Malware #RAT #MalwareReports #ThreatsDescriptions https://securelist.com/dinodasrat-linux-implant/112284/
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
EM Eye: Eavesdropping on Security Camera via Unintentional RF Emissions #EMEye #Eavesdropping #RF #UnintentionalEmissions https://www.rtl-sdr.com/em-eye-eavesdropping-on-security-camera-via-unintentional-rf-emissions/
rtl-sdr.com
EM Eye: Eavesdropping on Security Camera via Unintentional RF Emissions
Researchers from the University of Michigan and Zhejiang University have recently published their findings on how it's possible to eavesdrop and wirelessly recover images from security cameras via RF unintentionally leaking from the camera electronics. EM…