Inside Doppelganger – How Russia uses EU companies for its propaganda #Doppelganger #RussiaPropaganda #EUCompanies #Disinformation #Investigation https://correctiv.org/en/fact-checking-en/2024/07/22/inside-doppelganger-how-russia-uses-eu-companies-for-its-propaganda/
CORRECTIV
Inside Doppelganger – How Russia uses EU companies for its propaganda
How Doppelganger, one of the biggest Russian disinformation campaigns, is using EU companies to keep spreading its propaganda – despite sanctions.
👍2🤡1
edr_blocker: Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. #GitHub #TierZeroSecurity #EDR #Telemetry #iptables https://github.com/TierZeroSecurity/edr_blocker
GitHub
GitHub - TierZeroSecurity/edr_blocker: Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is…
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Cli...
CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation #AppleCVE #EndpointSecurityPrivilegeEscalation #PenetrationTesting #CyberSecuritySolution #SecureLayer7 https://blog.securelayer7.net/applied-endpointsecurity-framework-previlege-escalation/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation
CVE-2019-8805 is a privilege escalation vulnerability found in macOS Catalina 10.15 by Scott Knight. This vulnerability occurs through the Endpoint Security framework introduced in Catalina 10.15....
NO_WILDCARD: How I discovered the Organization ID of any AWS Account #AWSAccountID #VPC #VpcEndpoint #OrganizationID #SecurityResearch https://tracebit.com/blog/no-wildcard-how-i-discovered-the-organization-id-of-any-aws-account
Tracebit
NO_WILDCARD: How I discovered the Organization ID of any AWS Account | Tracebit
Our latest research into VPC Endpoint Policy causes AWS to introduce significant changes!
👍1
Abusing RCU callbacks with a Use-After-Free read to defeat KASLR #UseAfterFree #AbusingRCUcallbacks #DefeatingKASLR #AnatomicalPrecision #LeakingAddresses https://anatomic.rip/abusing_rcu_callbacks_to_defeat_kaslr/
a place of anatomical precision
Abusing RCU callbacks with a Use-After-Free read to defeat KASLR
Introduction In this article, I will be walking you through a clever technique that can be used to leak addresses and defeat KASLR in the Linux Kernel when you have a certain type of Use-After-Free by abusing RCU callbacks. It is by no means a novel technique…
Double Dipping Cheat Developer Gets Caught Red-Handed #Developer #Cheating #InformationSecurity #CyberArk #DoubleDipping https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed
Cyberark
Double Dipping Cheat Developer Gets Caught Red-Handed
Following our post “A Brief History of Game Cheating,” it’s safe to say that cheats, no matter how lucrative or premium they might look, always carry a degree of danger. Today’s story revolves...
An Introduction to Chrome Exploitation - Maglev Edition #ChromeExploitation #V8Pipeline #ChromiumSecurity #JITCompiler #AbstractSyntaxTree https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
Matteomalvica
An Introduction to Chrome Exploitation - Maglev Edition
🔥1
Thread Name-Calling – using Thread Name for offense #ThreadNameCalling #ProcessInjection #AVevasion #ThreadNameOffense #NextGenMalware https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
Check Point Research
Thread Name-Calling - using Thread Name for offense - Check Point Research
Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory…
👍1
From Windows drivers to a almost fully working EDR #LearningThroughExperimentations #WindowsKernelDriver #EDRCallbacks #SSDT https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr/
blog.whiteflag.io
From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
Issue 2547: Telegram for Android: Use-after-free in Connection::onReceivedData https://bugs.chromium.org/p/project-zero/issues/detail?id=2547
There is no fix for Intel’s crashing 13th and 14th Gen CPUs — any damage is permanent #IntelCPUcrash #PermanentDamage #NoRecall #BiosUpdate #InvisibleDegradation https://www.theverge.com/2024/7/26/24206529/intel-13th-14th-gen-crashing-instability-cpu-voltage-q-a
The Verge
There is no fix for Intel’s crashing 13th and 14th Gen CPUs — any damage is permanent
We got some answers from Intel, and more are on the way.
😡1
CVE-2021-4440: A Linux CNA Case Study #LinuxCNA #CVE2021-4440 #LinuxKernel #VulnerabilityManagement https://grsecurity.net/cve-2021-4440_linux_cna_case_study
grsecurity.net
grsecurity - CVE-2021-4440: A Linux CNA Case Study
This blog serves as a case study into how the newly-formed Linux CNA (CVE Numbering Authority) has affected Linux kernel vulnerability management, through the mishandling of a vulnerability we reported this year in the upstream 5.10 LTS kernel.
Onyx Sleet uses array of malware to gather intelligence for North Korea #RiskIQ #CommunityEdition #Cybersecurity #ThreatIntelligence #FreeProtection https://community.riskiq.com/article/31828df1
Engineering Learnings from the CrowdStrike Falcon Outage #EngineeringLearnings #CrowdStrikeOutage #PreventionThroughEngineering #EngineeringCultures #TestingPractices https://mazinahmed.net/blog/crowdstrike-incident-engineering-learnings/
Mazin Ahmed
Engineering Learnings from the CrowdStrike Falcon Outage
🤡2
CVE-2023-42929: Why do we need the App Container Protection #CVE2023-42929 #AppContainerProtection #SecurityVulnerability #ApplePatch #BypassMethods https://jhftss.github.io/CVE-2023-42929-Why-Do-We-Need-The-App-Container-Protection/
jhftss.github.io
CVE-2023-42929: Why do we need the App Container Protection
Starting with macOS Sonoma 14.0, Apple has introduced a new TCC category kTCCServiceSystemPolicyAppData to protect the App Container Data. This is designed to address one of my reports (aka CVE-2023-42929):
UNC4393 Goes Gently into the SILENTNIGHT #UNC4393 #Silentnight #Ransomware #Malware #Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight
Google Cloud Blog
UNC4393 Goes Gently into the SILENTNIGHT | Google Cloud Blog
We detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan.
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption #RansomwareOperatos #ESXiVulnerability #MicrosoftSecurityBlog #MassEncryption #HypervisorVulnerability https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Microsoft News
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group…
From Limited file read to full access on Jenkins (CVE-2024-23897) #JenkinsVulnerability #CVE202423897 #RedTeam #BinaryFileRead #BruteForceDecryption https://xphantom.nl/posts/crypto-attack-jenkins/
Ahmed Sherif
From Limited file read to full access on Jenkins (CVE-2024-23897)
TL;DR:
DeadPotato: DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream. #DeadPotato #Windows #PrivilegeEscalation #SeImpersonate #CustomizedCode https://github.com/lypd0/DeadPotato
GitHub
GitHub - lypd0/DeadPotato: DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging…
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from ...