How I hacked into Google’s internal corporate assets #Google #cybersecurity #bugbounty #dependencyconfusion #digitalrisk https://observationsinsecurity.com/2024/04/25/how-i-hacked-into-googles-internal-corporate-assets/
Observations in Security
How I hacked into Google’s internal corporate assets
It’s raining command injections! Every now and then, I take some time to work on bug bounty projects to explore threat vectors into real world targets like Google, Tesla and many others…
Automating API Vulnerability Testing Using Postman Workflows #APIVulnerabilityTesting #PostmanWorkflows #AutomatedTesting #BugHunting #OWASP https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows/
haymiz@kali:~/blog$
Automating API Vulnerability Testing Using Postman Workflows
Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.
From IcedID to Dagon Locker Ransomware in 29 Days #IcedID #DagonLocker #Ransomware #DFIRReport #ThreatIntelligence https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis #MalwareAnalysis #Gemini1.5Pro #AIAssistance #ReverseEngineering #ZeroDayDetection https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis
Google Cloud Blog
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis | Google Cloud Blog
Gemini 1.5 Pro helps analysts manage the asymmetric volume of threats more effectively and efficiently.
🤮2🎉1
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller #NVMe #Linux #KernelFuzzer #NVMeOF #Subsystems https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion #MorphinTime #SelfModifyingCode #WriteProcessMemory #EDREvasion #ProcessMockingjay https://revflash.medium.com/its-morphin-time-self-modifying-code-sections-with-writeprocessmemory-for-edr-evasion-9bf9e7b7dced
Medium
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion
The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) #VoicePhishing #FinancialFraud #SecretCalls #KoreanFraudster #AntiAnalysisTechniques https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
Medium
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
Author: S2W TALON
Reverse Engineering Protobuf Definitions From Compiled Binaries #ReverseEngineering #Protobuf #Definitions #CompiledBinaries #SecurityBlog https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
Arkadiyt
Reverse Engineering Protobuf Definitions From Compiled Binaries
How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture
Identifying ESD damage using an electron microscope #MBSItem #ElectronMicroscope #IdentifyingESDdamage #MachineBuildingSystems #Automation https://mbsitem.co.uk/identifying-esd-damage-using-an-electron-microscope/
MBS Item
Identifying ESD damage using an electron microscope - MBS Item
MBS Item Identifying ESD damage using an electron microscope. When microchips are faulty, it’s the job of the Dresden-based experts at SGS Institut Fresenius to find out why.
Hunting M365 Invaders: Dissecting Email Collection Techniques #M365 #EmailCollection #HuntingInvaders #Splunk #SecurityDetection https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-dissecting-email-collection-techniques.html
Splunk
Hunting M365 Invaders: Dissecting Email Collection Techniques | Splunk
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
master: Half-Life 1 engine based games #GitHub #ValveSoftware #halflife #HalfLifeEngine #games https://github.com/ValveSoftware/halflife/tree/master
GitHub
GitHub - ValveSoftware/halflife: Half-Life 1 engine based games
Half-Life 1 engine based games. Contribute to ValveSoftware/halflife development by creating an account on GitHub.
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) #GLIBC #heapoverflow #FengShui #CVE-2023-6246 #exploitation https://medium.com/@elpepinillo/heap-heap-hooray-unveiling-glibc-heap-overflow-vulnerability-cve-2023-6246-0c6412423269
Medium
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) INTRODUCTION In January 30th, Qualys team found a heap overflow in the __vsyslog_internal function of the Glibc …
XZ Utils Made Me Paranoid #TrustedSec #XZUtils #Paranoid #Backdoor #SecurityScanner https://trustedsec.com/blog/xz-utils-made-me-paranoid
TrustedSec
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard #GitHub #pcapAnalysis #Zeek #Grafana #NetworkMonitoring https://github.com/hackertarget/pcap-did-what
GitHub
GitHub - hackertarget/pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard
Analyze pcaps with Zeek and a Grafana Dashboard. Contribute to hackertarget/pcap-did-what development by creating an account on GitHub.
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 #EverydayGhidra #ReverseEngineeringSymbols #GhidraTips #SymbolInformationSources https://medium.com/@clearbluejar/everyday-ghidra-symbols-prescription-lenses-for-reverse-engineers-part-1-d3efe9279a0b
Medium
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1
In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to…
🔥3
16 years of CVE-2008-0166 #16YearsCVE2008 #DebianOpenSSLBug #DKIMBIMI2024 #EmailVulnerability #SecurityIssues https://16years.secvuln.info/
16years.secvuln.info
16 years of CVE-2008-0166 - Debian OpenSSL Bug
Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.
"Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides (by Solar Designer) #OffensiveCon2024 #PasswordCracking #SecurityTalk #Evolution https://www.openwall.com/lists/announce/2024/05/14/1
🔥1
QakBot attacks with Windows zero-day (CVE-2024-30051) #QakBot #CVE202430051 #WindowsZeroDay #Kaspersky #Cybersecurity https://securelist.com/cve-2024-30051/112618/
Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot…