Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro #GitHub #Pixel_GPU_Exploit #Android #Kernel #Vulnerabilities https://github.com/0x36/Pixel_GPU_Exploit
GitHub
GitHub - 0x36/Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro
Android 14 kernel exploit for Pixel7/8 Pro. Contribute to 0x36/Pixel_GPU_Exploit development by creating an account on GitHub.
prctl anon_vma_name: An Amusing Linux Kernel Heap Spray #LinuxKernelHeapSpray #prctlAnonVMAName #HeapSprayTechniques #KernelPwnCTF #STARLabs https://starlabs.sg/blog/2023/07-prctl-anon_vma_name-an-amusing-heap-spray/
STAR Labs
prctl anon_vma_name: An Amusing Linux Kernel Heap Spray
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84…
🔥1
FAQ: The tragedy of low-level exploitation https://gynvael.coldwind.pl/?id=791
gynvael.coldwind.pl
FAQ: The tragedy of low-level exploitation
😢3🔥1
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 #ZeroDayInitiative #WindowsPrivilegeEscalation #LinkFollowingVulnerabilities #LegacyFunctionalityExploits #DeveloperSecurityMitigations https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1
The number of link following vulnerabilities submitted to the Trend Micro ZDI program has been increasing rapidly over the past several years. These submissions have provided us with insight into how these vulnerabilities are being found and exploited. …
Writing a system call tracer using eBPF #eBPF #SystemCallTracer #LowLevelProgramming #Linux #CProgramming https://sh4dy.com/2024/08/03/beetracer/
sh4dy's blog
Writing a system call tracer using eBPF
Pre-RequisitesSystem calls, eBPF, C, basics of low-level programming. IntroductioneBPF (Extended Berkeley Packet Filter) is a technology that allows users to run custom programs within the kernel. BPF
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 #ZeroDayInitiative #PrivilegeEscalation #WindowsTechniques #VulnerabilityDiscovery #ExploitTechniques https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
The number of vulnerabilities that we see through the program provides significant insight into the attack surfaces of each product that we purchase bugs in. These submissions sometimes reveal not only potential variants but also broader architectural flaws.…
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 #ZeroDayInitiative #PrivilegeEscalation #Windows #Vulnerabilities #DebuggingProtectedProcesses https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3
To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes useful when you have an on-boot arbitrary delete primitive that…
How to use Valgrind to identify and resolve memory-related bugs in a C program https://x.com/7etsuo/status/1819930222780919867?s=67
X (formerly Twitter)
BEELD 🐝/acc (@beeldcoin) on X
🧵1/2 Professor David J. Malan demonstrates how to use Valgrind to identify and resolve memory-related bugs in a C program.
👇The best introduction to computer science I have seen in my life👇
👇The best introduction to computer science I have seen in my life👇
kcachegrind: GUI to profilers such as Valgrind #KDE #kcachegrind #profilerGUI #Valgrind #visualization https://github.com/KDE/kcachegrind
GitHub
GitHub - KDE/kcachegrind: GUI to profilers such as Valgrind
GUI to profilers such as Valgrind. Contribute to KDE/kcachegrind development by creating an account on GitHub.
Code Execution in Chromium’s V8 Heap Sandbox
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
🔥3👍1
Threat Hunting - Suspicious Named pipes #ThreatHunting #NamedPipes #WindowsIPC #MaliciousUse #SecurityConcerns https://detect.fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8
Medium
Threat Hunting - Suspicious Named pipes
Named pipes are a mechanism for inter-process communication (IPC) in Windows operating systems. detect suspicious and malicious named pipe with splunk and these threat hunting searches
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms #StormBamboo #DNSpoisoning #SoftwareUpdateAbuse #MACMA #ThreatActor https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
Volexity
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families…
Heap overflow in JPEG loading in Samsung's Little Kernel bootloader (allows execution of persistent arbitrary code -- it survives reboots and factory reset) https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
🔥2
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities #BlankBot #AndroidBankingTrojan #MalwareIntelligence #Cyberthreat #SecurityResearch https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
3TOFU: Verifying Unsigned Releases #3TOFU #CryptographicVerification #ReducingRisk #SecurityProcess #DownloadingSoftware https://tech.michaelaltfield.net/2024/08/04/3tofu/
Michael Altfield's Tech Blog
3TOFU: Verifying Unsigned Releases - Michael Altfield's Tech Blog
Introducing 3TOFU -- a Harm-Reduction process to Supply Chain Security when downloading software that cannot be verified cryptographically
Interesting bug on Android CVE-2024-36971 leading to possible UAF and RCE https://x.com/xvonfers/status/1820561082726965421
CVE-2024-39877: Apache Airflow Arbitrary Code Execution #SecureLayer7 #CVE202439877 #PenetrationTesting #CyberSecurity #ApacheAirflow https://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
Apache Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring workflows. While it offers robust features for managing complex workflows, it has experienced...
Zola ransomware: The many faces of the Proton family #ZolaRansomware #ProtonFamily #CyberSecurity #RansomwareProtection #AcronisActiveProtection https://www.acronis.com/en-us/cyber-protection-center/posts/zola-ransomware-the-many-faces-of-the-proton-family/
Acronis
Zola ransomware: The many faces of the Proton family
While some ransomware will appear as quickly as they fade out of existence, some establish an extended stay, and others simply change their virtual clothes. We recently came across an example of the latter — calling itself Zola.
[Math] Cracking Wi-Fi password using combinatorics #CrackingWiFiPassword #Combinatorics #Aircrack #PythonCode #ShortPasswords https://yurichev.com/n/wifi_comb/
👍1
ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE #0day #ROP #Mipsel #BinaryExploitation #RCE https://0reg.dev/blog/tenda-ac8-rop
0reg.dev
Retr0's Register
Retr0's Threat Research
🔥2
Remediation and Guidance Hub: Channel File 291 Incident #CrowdStrike #RootCauseAnalysis #Remediation #ContentUpdate #ChannelFile291 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
crowdstrike.com
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Access consolidated remediation and guidance resources for the CrowdStrike Falcon content update affecting Windows hosts.