Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties #ChromeRenderer #RCE #DuplicateObjectProperties #ObjectCorruptionBug #OriginTrials https://github.blog/security/vulnerability-research/attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
The GitHub Blog
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
Exploiting Steam: Usual and Unusual Ways in the CEF Framework #ExploitingSteam #CEFframework #RemoteCodeExecution #CommandInjection #HistoricalVulnerabilities https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
DARKNAVY
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023 #POS #PenetrationTesting #CyberSecurity #DataBreach #PointOfSale https://cybersecuritynews.com/pos-device-penetration-testing/
Cyber Security News
Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
🔥2👍1
CVE-2022-22265 Samsung npu driver #SamsungCVE2022-22265 #KernelExploit #CrossCacheOperations #PageTableSpray #KernelSearch https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/
File-Tunnel: Tunnel TCP connections through a file #GitHub #FileTunnel #TCPconnections #FirewallBypass #RDPtunneling https://github.com/fiddyschmitt/File-Tunnel
GitHub
GitHub - fiddyschmitt/File-Tunnel: Tunnel TCP connections through a file
Tunnel TCP connections through a file. Contribute to fiddyschmitt/File-Tunnel development by creating an account on GitHub.
🔥1
Open Broadcaster Software (OBS): Heap Overflow Vulnerability #OBS #HeapOverflow #Vulnerability #GitHub #SecurityResearch https://github.com/google/security-research/security/advisories/GHSA-mf24-5fxf-f4x5
GitHub
Open Broadcaster Software (OBS): Heap Overflow Vulnerability
### Summary
OBS (Open Broadcaster Software) is a well-known open source and cross platform software for screen recording and streaming. Unfortunately, a crafted GIF file with malicious LZW compres...
OBS (Open Broadcaster Software) is a well-known open source and cross platform software for screen recording and streaming. Unfortunately, a crafted GIF file with malicious LZW compres...
: HookChain: A new perspective for Bypassing EDR Solutions #HookChain #BypassingEDR #GitHub #Security #Innovation https://github.com/helviojunior/hookchain/
GitHub
GitHub - helviojunior/hookchain: HookChain: A new perspective for Bypassing EDR Solutions
HookChain: A new perspective for Bypassing EDR Solutions - helviojunior/hookchain
👍1
Limitations of the Kerberos Authentication System #KerberosAuthentication #Limitations https://academiccommons.columbia.edu/doi/10.7916/D84B372N
Academic Commons
Limitations of the Kerberos Authentication System
The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent…
BOFHound: Session Integration #BOFHound #SessionIntegration #LDAPenumeration #BloodHound #AttackPathMapping https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
SpecterOps
BOFHound: Session Integration - SpecterOps
In this post, we examine BOFHound-compatible BOFs and usage examples that allow an operator to take a manual and targeted approach to attack path mapping.
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently #LazarusGroup #MicrosoftZeroDay #CVE-2024-38193 #PatchUrgently #CybersecurityNews https://securityonline.info/lazarus-group-exploits-microsoft-zero-days-cve-2024-38193-patch-urgently/
Daily CyberSecurity
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently
Stay informed about the recent security vulnerabilities addressed by Microsoft. Explore the exploits of CVE-2024-38193 and its implications.
Web Browser Stored Credentials #WebBrowserStoredCredentials #PenetrationTestingLab #DPAPI #CredentialAccess #SharpDPAPI https://pentestlab.blog/2024/08/20/web-browser-stored-credentials/
Penetration Testing Lab
Web Browser Stored Credentials
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the CryptProtectDa…
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released #PoCExploit #Windows0DayFlaws #CVE202438202 #CVE202421302 #WindowsDowndate https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/
Daily CyberSecurity
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released
Discover the details of CVE-2024-38202 and CVE-2024-21302 in Windows and how attackers can exploit them to undermine system integrity
Nice mindmap 👇 https://x.com/f4rmpoet/status/1825859077039382941?s=67
LayeredSyscall – Abusing VEH to Bypass EDRs #LayeredSyscall #VEHBypass #IndirectSyscalls #LegitimateCallStack #EthicalHacking https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
🔥1
SSRFing the Web with the Help of Copilot Studio #SSRF #Microsoft #CopilotStudio #Vulnerability #Critical https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
The missing guide to the security of filesystems and file APIs (v1) https://gergelykalman.com/the-missing-guide-to-the-security-of-filesystems-and-file-apis.html
Gergely's hack blog
The missing guide to the security of filesystems and file APIs (v1)
These are the technical slides that I always have to cut from my presentations. I try to sprinkle them in, but it’s just always too much. So I decided that it’s big enough to be it’s own thing: The missing guide to the security of filesystems and …
Hacking as a pathway to building better Products #HackingInfluencesProductDesign #0ClickInstallations #EncryptedDNS #DefensiveDesign #HackersPhilosophy https://blog.thinkst.com/2024/08/hacking-as-a-pathway-to-building-better-products.html
Thinkst Thoughts
Hacking as a pathway to building better Products
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security an…
Creating a Dark Web Tor Onion Service/Website #DarkWeb #Tor #OnionService #Website #Tutorial https://charlie.fish/posts/2023/10/creating-dark-web-tor-onion-service-website/
Charlie's Blog
Creating a Dark Web Tor Onion Service/Website | Charlie's Blog
Learn how to create a dark web Tor Onion Service/Website to provide privacy and anonymity to your users.
Set Up Your Onion Service #TorProject #OnionService #SetupGuide #PrivacyTech #AnonymityTech https://community.torproject.org/onion-services/setup/
community.torproject.org
Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service