Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 #ZeroDayInitiative #PrivilegeEscalation #Windows #Vulnerabilities #DebuggingProtectedProcesses https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Zero Day Initiative
Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3
To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes useful when you have an on-boot arbitrary delete primitive that…
How to use Valgrind to identify and resolve memory-related bugs in a C program https://x.com/7etsuo/status/1819930222780919867?s=67
X (formerly Twitter)
BEELD 🐝/acc (@beeldcoin) on X
🧵1/2 Professor David J. Malan demonstrates how to use Valgrind to identify and resolve memory-related bugs in a C program.
👇The best introduction to computer science I have seen in my life👇
👇The best introduction to computer science I have seen in my life👇
kcachegrind: GUI to profilers such as Valgrind #KDE #kcachegrind #profilerGUI #Valgrind #visualization https://github.com/KDE/kcachegrind
GitHub
GitHub - KDE/kcachegrind: GUI to profilers such as Valgrind
GUI to profilers such as Valgrind. Contribute to KDE/kcachegrind development by creating an account on GitHub.
Code Execution in Chromium’s V8 Heap Sandbox
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
#V8HeapSandbox #CodeExecution #EscapeTheSandbox #ExploitPrimitives #ArbitraryCodeExecution https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
🔥3👍1
Threat Hunting - Suspicious Named pipes #ThreatHunting #NamedPipes #WindowsIPC #MaliciousUse #SecurityConcerns https://detect.fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8
Medium
Threat Hunting - Suspicious Named pipes
Named pipes are a mechanism for inter-process communication (IPC) in Windows operating systems. detect suspicious and malicious named pipe with splunk and these threat hunting searches
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms #StormBamboo #DNSpoisoning #SoftwareUpdateAbuse #MACMA #ThreatActor https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
Volexity
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families…
Heap overflow in JPEG loading in Samsung's Little Kernel bootloader (allows execution of persistent arbitrary code -- it survives reboots and factory reset) https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
🔥2
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities #BlankBot #AndroidBankingTrojan #MalwareIntelligence #Cyberthreat #SecurityResearch https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
3TOFU: Verifying Unsigned Releases #3TOFU #CryptographicVerification #ReducingRisk #SecurityProcess #DownloadingSoftware https://tech.michaelaltfield.net/2024/08/04/3tofu/
Michael Altfield's Tech Blog
3TOFU: Verifying Unsigned Releases - Michael Altfield's Tech Blog
Introducing 3TOFU -- a Harm-Reduction process to Supply Chain Security when downloading software that cannot be verified cryptographically
Interesting bug on Android CVE-2024-36971 leading to possible UAF and RCE https://x.com/xvonfers/status/1820561082726965421
CVE-2024-39877: Apache Airflow Arbitrary Code Execution #SecureLayer7 #CVE202439877 #PenetrationTesting #CyberSecurity #ApacheAirflow https://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
Apache Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring workflows. While it offers robust features for managing complex workflows, it has experienced...
Zola ransomware: The many faces of the Proton family #ZolaRansomware #ProtonFamily #CyberSecurity #RansomwareProtection #AcronisActiveProtection https://www.acronis.com/en-us/cyber-protection-center/posts/zola-ransomware-the-many-faces-of-the-proton-family/
Acronis
Zola ransomware: The many faces of the Proton family
While some ransomware will appear as quickly as they fade out of existence, some establish an extended stay, and others simply change their virtual clothes. We recently came across an example of the latter — calling itself Zola.
[Math] Cracking Wi-Fi password using combinatorics #CrackingWiFiPassword #Combinatorics #Aircrack #PythonCode #ShortPasswords https://yurichev.com/n/wifi_comb/
👍1
ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE #0day #ROP #Mipsel #BinaryExploitation #RCE https://0reg.dev/blog/tenda-ac8-rop
0reg.dev
Retr0's Register
Retr0's Threat Research
🔥2
Remediation and Guidance Hub: Channel File 291 Incident #CrowdStrike #RootCauseAnalysis #Remediation #ContentUpdate #ChannelFile291 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
crowdstrike.com
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Access consolidated remediation and guidance resources for the CrowdStrike Falcon content update affecting Windows hosts.
🔥3
Reverse Engineering for Noobs Part 2: Portable Executable Files #PE #Header #DOS #Stub #Executable https://x86re.com/2.html
CVE-2024-43425: Moodle Remote Code Execution Vulnerability, PoC Published #CVE202443425 #MoodleRCE #Vulnerability #PoC #UpgradeNow https://securityonline.info/cve-2024-43425-moodle-remote-code-execution-vulnerability-poc-published/
Daily CyberSecurity
CVE-2024-43425: Moodle Remote Code Execution Vulnerability, PoC Published
Explore the potential impact of a critical CVE-2024-43425 vulnerability in Moodle, a widely-used Learning Management System.
🍾1
Master Your Craft - Tavis Ormandy Analysis on The CrowdStrike Incident https://tahadraidia.com/posts/master-your-craft-tavis-ormandy-analysis-on-the-crowdstrike-incident/
Deep diving into F5 Secure Vault #F5SecureVault #CyberSecurity #AlmondBlog #OffensiveSecurity https://offsec.almond.consulting/deep-diving-f5-secure-vault.html