Starting with macOS Sonoma 14.0, Apple has introduced a new TCC category kTCCServiceSystemPolicyAppData to protect the App Container Data. This is designed to address one of my reports (aka CVE-2023-42929):

We detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan.

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group…

TL;DR:

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from ...

In-depth analysis of CVE-2024-21338, a Windows Kernel Elevation of Privileges vulnerability, its root cause, exploitation challenges and POC

Team82 has uncovered a security bypass vulnerability in a Rockwell Automation ControlLogix 1756 local chassis security feature called the trusted slot, which is designed to deny untrusted communication from untrusted network cards on the chassis plane.

As part of our continuous threat hunting efforts, the BlackBerry Threat Research and Intelligence team has discovered a new campaign by the threat actor SideWinder, targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
titled Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…

Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…

Android 14 kernel exploit for Pixel7/8 Pro. Contribute to 0x36/Pixel_GPU_Exploit development by creating an account on GitHub.

TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84…

The number of link following vulnerabilities submitted to the Trend Micro ZDI program has been increasing rapidly over the past several years. These submissions have provided us with insight into how these vulnerabilities are being found and exploited. …

Pre-RequisitesSystem calls, eBPF, C, basics of low-level programming. IntroductioneBPF (Extended Berkeley Packet Filter) is a technology that allows users to run custom programs within the kernel. BPF

The number of vulnerabilities that we see through the program provides significant insight into the attack surfaces of each product that we purchase bugs in. These submissions sometimes reveal not only potential variants but also broader architectural flaws.…

To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes useful when you have an on-boot arbitrary delete primitive that…

🧵1/2 Professor David J. Malan demonstrates how to use Valgrind to identify and resolve memory-related bugs in a C program.

👇The best introduction to computer science I have seen in my life👇

GUI to profilers such as Valgrind. Contribute to KDE/kcachegrind development by creating an account on GitHub.