Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap #NCCGroup #RealWorldCVE #SecurityResearch #ThreatAdvisory https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit #SinglePacketAttack #SequenceSync #LimitOverrun #SecurityResearch #ExploitDetection https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/
GMO Flatt Security Research
Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit
Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
titled Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
titled Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs #GolangDynamicHooking #RuntimeHooking #ForeignFunctionInterface #CGO #QuarkslabBlog https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-2-the-challenges-of-dynamically-hooking-golang-program.html
Quarkslab
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro #GitHub #Pixel_GPU_Exploit #Android #Kernel #Vulnerabilities https://github.com/0x36/Pixel_GPU_Exploit
GitHub
GitHub - 0x36/Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro
Android 14 kernel exploit for Pixel7/8 Pro. Contribute to 0x36/Pixel_GPU_Exploit development by creating an account on GitHub.
prctl anon_vma_name: An Amusing Linux Kernel Heap Spray #LinuxKernelHeapSpray #prctlAnonVMAName #HeapSprayTechniques #KernelPwnCTF #STARLabs https://starlabs.sg/blog/2023/07-prctl-anon_vma_name-an-amusing-heap-spray/
STAR Labs
prctl anon_vma_name: An Amusing Linux Kernel Heap Spray
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84…
🔥1
FAQ: The tragedy of low-level exploitation https://gynvael.coldwind.pl/?id=791
gynvael.coldwind.pl
FAQ: The tragedy of low-level exploitation
😢3🔥1
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 #ZeroDayInitiative #WindowsPrivilegeEscalation #LinkFollowingVulnerabilities #LegacyFunctionalityExploits #DeveloperSecurityMitigations https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1
The number of link following vulnerabilities submitted to the Trend Micro ZDI program has been increasing rapidly over the past several years. These submissions have provided us with insight into how these vulnerabilities are being found and exploited. …
Writing a system call tracer using eBPF #eBPF #SystemCallTracer #LowLevelProgramming #Linux #CProgramming https://sh4dy.com/2024/08/03/beetracer/
sh4dy's blog
Writing a system call tracer using eBPF
Pre-RequisitesSystem calls, eBPF, C, basics of low-level programming. IntroductioneBPF (Extended Berkeley Packet Filter) is a technology that allows users to run custom programs within the kernel. BPF
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 #ZeroDayInitiative #PrivilegeEscalation #WindowsTechniques #VulnerabilityDiscovery #ExploitTechniques https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
The number of vulnerabilities that we see through the program provides significant insight into the attack surfaces of each product that we purchase bugs in. These submissions sometimes reveal not only potential variants but also broader architectural flaws.…
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 #ZeroDayInitiative #PrivilegeEscalation #Windows #Vulnerabilities #DebuggingProtectedProcesses https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3
To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes useful when you have an on-boot arbitrary delete primitive that…
How to use Valgrind to identify and resolve memory-related bugs in a C program https://x.com/7etsuo/status/1819930222780919867?s=67
X (formerly Twitter)
BEELD 🐝/acc (@beeldcoin) on X
🧵1/2 Professor David J. Malan demonstrates how to use Valgrind to identify and resolve memory-related bugs in a C program.
👇The best introduction to computer science I have seen in my life👇
👇The best introduction to computer science I have seen in my life👇
kcachegrind: GUI to profilers such as Valgrind #KDE #kcachegrind #profilerGUI #Valgrind #visualization https://github.com/KDE/kcachegrind
GitHub
GitHub - KDE/kcachegrind: GUI to profilers such as Valgrind
GUI to profilers such as Valgrind. Contribute to KDE/kcachegrind development by creating an account on GitHub.
Code Execution in Chromium’s V8 Heap Sandbox
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
🔥3👍1
Threat Hunting - Suspicious Named pipes #ThreatHunting #NamedPipes #WindowsIPC #MaliciousUse #SecurityConcerns https://detect.fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8
Medium
Threat Hunting - Suspicious Named pipes
Named pipes are a mechanism for inter-process communication (IPC) in Windows operating systems. detect suspicious and malicious named pipe with splunk and these threat hunting searches
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms #StormBamboo #DNSpoisoning #SoftwareUpdateAbuse #MACMA #ThreatActor https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
Volexity
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families…
Heap overflow in JPEG loading in Samsung's Little Kernel bootloader (allows execution of persistent arbitrary code -- it survives reboots and factory reset) https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
🔥2
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities #BlankBot #AndroidBankingTrojan #MalwareIntelligence #Cyberthreat #SecurityResearch https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
3TOFU: Verifying Unsigned Releases #3TOFU #CryptographicVerification #ReducingRisk #SecurityProcess #DownloadingSoftware https://tech.michaelaltfield.net/2024/08/04/3tofu/
Michael Altfield's Tech Blog
3TOFU: Verifying Unsigned Releases - Michael Altfield's Tech Blog
Introducing 3TOFU -- a Harm-Reduction process to Supply Chain Security when downloading software that cannot be verified cryptographically
Interesting bug on Android CVE-2024-36971 leading to possible UAF and RCE https://x.com/xvonfers/status/1820561082726965421
CVE-2024-39877: Apache Airflow Arbitrary Code Execution #SecureLayer7 #CVE202439877 #PenetrationTesting #CyberSecurity #ApacheAirflow https://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
Apache Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring workflows. While it offers robust features for managing complex workflows, it has experienced...
Zola ransomware: The many faces of the Proton family #ZolaRansomware #ProtonFamily #CyberSecurity #RansomwareProtection #AcronisActiveProtection https://www.acronis.com/en-us/cyber-protection-center/posts/zola-ransomware-the-many-faces-of-the-proton-family/
Acronis
Zola ransomware: The many faces of the Proton family
While some ransomware will appear as quickly as they fade out of existence, some establish an extended stay, and others simply change their virtual clothes. We recently came across an example of the latter — calling itself Zola.