It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion #MorphinTime #SelfModifyingCode #WriteProcessMemory #EDREvasion #ProcessMockingjay https://revflash.medium.com/its-morphin-time-self-modifying-code-sections-with-writeprocessmemory-for-edr-evasion-9bf9e7b7dced
Medium
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion
The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) #VoicePhishing #FinancialFraud #SecretCalls #KoreanFraudster #AntiAnalysisTechniques https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
Medium
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
Author: S2W TALON
Reverse Engineering Protobuf Definitions From Compiled Binaries #ReverseEngineering #Protobuf #Definitions #CompiledBinaries #SecurityBlog https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
Arkadiyt
Reverse Engineering Protobuf Definitions From Compiled Binaries
How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture
Identifying ESD damage using an electron microscope #MBSItem #ElectronMicroscope #IdentifyingESDdamage #MachineBuildingSystems #Automation https://mbsitem.co.uk/identifying-esd-damage-using-an-electron-microscope/
MBS Item
Identifying ESD damage using an electron microscope - MBS Item
MBS Item Identifying ESD damage using an electron microscope. When microchips are faulty, it’s the job of the Dresden-based experts at SGS Institut Fresenius to find out why.
Hunting M365 Invaders: Dissecting Email Collection Techniques #M365 #EmailCollection #HuntingInvaders #Splunk #SecurityDetection https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-dissecting-email-collection-techniques.html
Splunk
Hunting M365 Invaders: Dissecting Email Collection Techniques | Splunk
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
master: Half-Life 1 engine based games #GitHub #ValveSoftware #halflife #HalfLifeEngine #games https://github.com/ValveSoftware/halflife/tree/master
GitHub
GitHub - ValveSoftware/halflife: Half-Life 1 engine based games
Half-Life 1 engine based games. Contribute to ValveSoftware/halflife development by creating an account on GitHub.
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) #GLIBC #heapoverflow #FengShui #CVE-2023-6246 #exploitation https://medium.com/@elpepinillo/heap-heap-hooray-unveiling-glibc-heap-overflow-vulnerability-cve-2023-6246-0c6412423269
Medium
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) INTRODUCTION In January 30th, Qualys team found a heap overflow in the __vsyslog_internal function of the Glibc …
XZ Utils Made Me Paranoid #TrustedSec #XZUtils #Paranoid #Backdoor #SecurityScanner https://trustedsec.com/blog/xz-utils-made-me-paranoid
TrustedSec
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard #GitHub #pcapAnalysis #Zeek #Grafana #NetworkMonitoring https://github.com/hackertarget/pcap-did-what
GitHub
GitHub - hackertarget/pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard
Analyze pcaps with Zeek and a Grafana Dashboard. Contribute to hackertarget/pcap-did-what development by creating an account on GitHub.
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 #EverydayGhidra #ReverseEngineeringSymbols #GhidraTips #SymbolInformationSources https://medium.com/@clearbluejar/everyday-ghidra-symbols-prescription-lenses-for-reverse-engineers-part-1-d3efe9279a0b
Medium
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1
In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to…
🔥3
16 years of CVE-2008-0166 #16YearsCVE2008 #DebianOpenSSLBug #DKIMBIMI2024 #EmailVulnerability #SecurityIssues https://16years.secvuln.info/
16years.secvuln.info
16 years of CVE-2008-0166 - Debian OpenSSL Bug
Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.
"Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides (by Solar Designer) #OffensiveCon2024 #PasswordCracking #SecurityTalk #Evolution https://www.openwall.com/lists/announce/2024/05/14/1
🔥1
QakBot attacks with Windows zero-day (CVE-2024-30051) #QakBot #CVE202430051 #WindowsZeroDay #Kaspersky #Cybersecurity https://securelist.com/cve-2024-30051/112618/
Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot…
Executing Cobalt Strike's BOFs on ARM-based Linux devices #CobaltStrike #BOFs #ARM #Linux #Zig https://blog.z-labs.eu/2024/05/10/bofs-on-arm-based-devices.html
To the Moon and back(doors): Lunar landing in diplomatic missions #ESETResearch #LunarToolset #CyberSecurity #TurlaAPT #RussianCyberEspionage https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Welivesecurity
To the Moon and back(doors): Lunar landing in diplomatic missions
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) #QNAP #QTS #CVE-2024-27130 #bugdiscovery #NASdevices https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
watchTowr Labs
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with…
Discover Proton Mail registration date with one weird trick… https://iq.thc.org/discover-proton-mail-registration-date-with-one-weird-trick
Knowledge Base
Discover Proton Mail registration date with one weird trick…
TL;DR: Proton Mail generates PGP key and publishes it upon account creation using Web Key Directory (WKD) standard. The key contains account creation timestamp, with second precision, which reflects the account creation date.
Proton, a privacy-orient...
Proton, a privacy-orient...
Microsoft Entra Private Access for on-prem users #Microsoft #PrivateAccess #OnPrem #Security #HybridWork https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
TECHCOMMUNITY.MICROSOFT.COM
Microsoft Entra Private Access for on-prem users | Microsoft Community Hub
Enable secure access to private apps that use Domain Controller for authentication
Emulating inline decryption for triaging C++ malware #C++ #Malware #ReverseEngineering #InlineDecryption #Emulation https://viuleeenz.github.io/posts/2024/05/emulating-inline-decryption-for-triaging-c-malware/
Security Undisguised
Emulating inline decryption for triaging C++ malware
What we need to know? C and C++ binaries share several commonalities, however, some additional features and complexities introduced by C++ can make reverse engineering C++ binaries more challenging compared to C binaries. Some of the most important features…