Nice mindmap 👇 https://x.com/f4rmpoet/status/1825859077039382941?s=67
LayeredSyscall – Abusing VEH to Bypass EDRs #LayeredSyscall #VEHBypass #IndirectSyscalls #LegitimateCallStack #EthicalHacking https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
🔥1
SSRFing the Web with the Help of Copilot Studio #SSRF #Microsoft #CopilotStudio #Vulnerability #Critical https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
The missing guide to the security of filesystems and file APIs (v1) https://gergelykalman.com/the-missing-guide-to-the-security-of-filesystems-and-file-apis.html
Gergely's hack blog
The missing guide to the security of filesystems and file APIs (v1)
These are the technical slides that I always have to cut from my presentations. I try to sprinkle them in, but it’s just always too much. So I decided that it’s big enough to be it’s own thing: The missing guide to the security of filesystems and …
Hacking as a pathway to building better Products #HackingInfluencesProductDesign #0ClickInstallations #EncryptedDNS #DefensiveDesign #HackersPhilosophy https://blog.thinkst.com/2024/08/hacking-as-a-pathway-to-building-better-products.html
Thinkst Thoughts
Hacking as a pathway to building better Products
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security an…
Creating a Dark Web Tor Onion Service/Website #DarkWeb #Tor #OnionService #Website #Tutorial https://charlie.fish/posts/2023/10/creating-dark-web-tor-onion-service-website/
Charlie's Blog
Creating a Dark Web Tor Onion Service/Website | Charlie's Blog
Learn how to create a dark web Tor Onion Service/Website to provide privacy and anonymity to your users.
Set Up Your Onion Service #TorProject #OnionService #SetupGuide #PrivacyTech #AnonymityTech https://community.torproject.org/onion-services/setup/
community.torproject.org
Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service
What are random numbers and how they are managed on Linux? #RandomNumbers #Linux #TrueRandom #Cryptography #Dieharder https://sergioprado.blog/what-are-random-numbers-and-how-they-are-managed-on-linux/
sergioprado.blog
What are random numbers and how they are managed on Linux?
In this article, we will deep dive into the major concepts behind random numbers and learn how to work with them on a Linux system.
Time-Memory Trade-Offs Sound the Death Knell for GPRS and GSM #TMTO #GPRS #GSM #Encryption #Security https://link.springer.com/chapter/10.1007/978-3-031-68385-5_7
SpringerLink
Time-Memory Trade-Offs Sound the Death Knell for GPRS and
This paper introduces a practical TMTO-based attack against GSM (A5/3) and GPRS (GEA-3), which are both technologies used in 2G mobile networks. Although designed in the 80 s, these networks are still quite active today, especially for embedded systems. While...
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
#ExploringWindowsDrivers #IOSystem #IRPs #IOCTLs #MaliciousDrivers https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-2/
#ExploringWindowsDrivers #IOSystem #IRPs #IOCTLs #MaliciousDrivers https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-2/
Cisco Talos Blog
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.
BLUUID: Firewallas, Diabetics, And… Bluetooth #GreyNoiseLabs #BluetoothDevices #SecurityResearch #HealthcareTech #BluetoothVulnerabilities https://www.labs.greynoise.io/grimoire/2024-08-20-bluuid-firewalla/
GreyNoise Labs
GreyNoise Labs - BLUUID: Firewallas, Diabetics, And… Bluetooth
Where I introduce the subject of remotely identifying bluetooth devices, propose that healthcare device oversight is lacking, and exploit a firewall for no reason other than to prove a point.
👍1
Authorization bypass due to cache misconfiguration #AuthorizationBypass #CacheMisconfiguration #SecurityVulnerability #BugBounty #GraphQLEndpoint https://rikeshbaniya.medium.com/authorization-bypass-due-to-cache-misconfiguration-fde8b2332d2d
Medium
Authorization bypass due to cache misconfiguration
This writeup is about one of my favorite findings as it was a very unexpected issue.
Sidekick in Action: Deobfuscating Strings in Amadey Malware #Sidekick #DeobfuscatingStrings #AmadeyMalware #MalwareAnalysis https://binary.ninja/2024/08/12/sidekick-in-action-deobfuscating-strings-in-amadey-malware.html
Binary Ninja
Binary Ninja - Sidekick in Action: Deobfuscating Strings in Amadey Malware
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
🔥2
Gotta cache 'em all: bending the rules of web cache exploitation #WebCacheExploitation #Delimiters #Normalization #ArbitraryCachePoisoning #WebCacheDeception https://portswigger.net/research/gotta-cache-em-all
PortSwigger Research
Gotta cache 'em all: bending the rules of web cache exploitation
Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet
CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing #SpringCloudDataflow #ArbitraryFileWriting #PatchDiffing #StaticAnalysis #LabSetup https://blog.securelayer7.net/spring-cloud-data-flow-exploit/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing
Introduction Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes, is vulnerable to an arbitrary file write issue. The...
Well, we already told this will eventually happen in 2015, check our paper in RFIDSec'15 :) » NGate Android malware relays NFC traffic to steal cash #NGate #Androidmalware #NFCtraffic #cashstealing #ESETresearch https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
🔥1
Splitting the email atom: exploiting parsers to bypass access controls #EmailParsing #AccessControlBypass #RCEFuzzing #UnicodeOverflows #EncodedWordParsing https://portswigger.net/research/splitting-the-email-atom
PortSwigger Research
Splitting the email atom: exploiting parsers to bypass access controls
Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an
👍3
Windows Cryptographic Services RCE CVE-2024-29050的介绍 (in Chinese) https://v-v.space/2024/08/23/CVE-2024-29050/
v-v.space
Windows Cryptographic Services RCE CVE-2024-29050的介绍 · VictorV的小博客
Windows Cryptographic Services RCE CVE-2024-29050的介绍 - VictorV
👍1
NTLM Credential Theft in Python Windows Applications #NTLMCredentialTheft #PythonWindowsApps #Horizon3ai #SecurityStrategies #NodeZeroTripwires https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Horizon3.ai
NTLM Credential Theft in Python Windows Applications
NTLM credential theft vulnerabilities in Python Windows applications: Jupyter Notebook CVE-2024-35178, Streamlit from Snowflake CVE-2024-42474 and Hugging Face Gradio CVE-2024-34510
Exploiting a remote heap overflow with a custom TCP stack #heapoverflow #TCPstack #exploit #vulnerability #networkingcongestion https://www.synacktiv.com/en/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack
Synacktiv
Exploiting a remote heap overflow with a custom TCP stack
In November 2021 our team took part in the ZDI Pwn2Own Austin 2021 competition [1] with multiple entries.
🔥1
ShellSweepX: A Precision Tool for Web Shell Detection #ShellSweepX #WebShellDetection #EntropyAnalysis #MultiLayeredProtection #OpenSourceTool https://securityonline.info/shellsweepx-a-precision-tool-for-web-shell-detection/
Daily CyberSecurity
ShellSweepX: A Precision Tool for Web Shell Detection
Protect your web applications from unauthorized access with ShellSweepX. Learn how this specialized tool detects and mitigates the threat of web shells.