Authorization bypass due to cache misconfiguration #AuthorizationBypass #CacheMisconfiguration #SecurityVulnerability #BugBounty #GraphQLEndpoint https://rikeshbaniya.medium.com/authorization-bypass-due-to-cache-misconfiguration-fde8b2332d2d
Medium
Authorization bypass due to cache misconfiguration
This writeup is about one of my favorite findings as it was a very unexpected issue.
Sidekick in Action: Deobfuscating Strings in Amadey Malware #Sidekick #DeobfuscatingStrings #AmadeyMalware #MalwareAnalysis https://binary.ninja/2024/08/12/sidekick-in-action-deobfuscating-strings-in-amadey-malware.html
Binary Ninja
Binary Ninja - Sidekick in Action: Deobfuscating Strings in Amadey Malware
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
🔥2
Gotta cache 'em all: bending the rules of web cache exploitation #WebCacheExploitation #Delimiters #Normalization #ArbitraryCachePoisoning #WebCacheDeception https://portswigger.net/research/gotta-cache-em-all
PortSwigger Research
Gotta cache 'em all: bending the rules of web cache exploitation
Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet
CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing #SpringCloudDataflow #ArbitraryFileWriting #PatchDiffing #StaticAnalysis #LabSetup https://blog.securelayer7.net/spring-cloud-data-flow-exploit/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing
Introduction Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes, is vulnerable to an arbitrary file write issue. The...
Well, we already told this will eventually happen in 2015, check our paper in RFIDSec'15 :) » NGate Android malware relays NFC traffic to steal cash #NGate #Androidmalware #NFCtraffic #cashstealing #ESETresearch https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
🔥1
Splitting the email atom: exploiting parsers to bypass access controls #EmailParsing #AccessControlBypass #RCEFuzzing #UnicodeOverflows #EncodedWordParsing https://portswigger.net/research/splitting-the-email-atom
PortSwigger Research
Splitting the email atom: exploiting parsers to bypass access controls
Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an
👍3
Windows Cryptographic Services RCE CVE-2024-29050的介绍 (in Chinese) https://v-v.space/2024/08/23/CVE-2024-29050/
v-v.space
Windows Cryptographic Services RCE CVE-2024-29050的介绍 · VictorV的小博客
Windows Cryptographic Services RCE CVE-2024-29050的介绍 - VictorV
👍1
NTLM Credential Theft in Python Windows Applications #NTLMCredentialTheft #PythonWindowsApps #Horizon3ai #SecurityStrategies #NodeZeroTripwires https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Horizon3.ai
NTLM Credential Theft in Python Windows Applications
NTLM credential theft vulnerabilities in Python Windows applications: Jupyter Notebook CVE-2024-35178, Streamlit from Snowflake CVE-2024-42474 and Hugging Face Gradio CVE-2024-34510
Exploiting a remote heap overflow with a custom TCP stack #heapoverflow #TCPstack #exploit #vulnerability #networkingcongestion https://www.synacktiv.com/en/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack
Synacktiv
Exploiting a remote heap overflow with a custom TCP stack
In November 2021 our team took part in the ZDI Pwn2Own Austin 2021 competition [1] with multiple entries.
🔥1
ShellSweepX: A Precision Tool for Web Shell Detection #ShellSweepX #WebShellDetection #EntropyAnalysis #MultiLayeredProtection #OpenSourceTool https://securityonline.info/shellsweepx-a-precision-tool-for-web-shell-detection/
Daily CyberSecurity
ShellSweepX: A Precision Tool for Web Shell Detection
Protect your web applications from unauthorized access with ShellSweepX. Learn how this specialized tool detects and mitigates the threat of web shells.
Binary type inference in Ghidra #BTIGhidra #BinaryTypeInference #Ghidra #ReverseEngineering #TrailOfBits https://blog.trailofbits.com/2024/02/07/binary-type-inference-in-ghidra/
The Trail of Bits Blog
Binary type inference in Ghidra
Trail of Bits is releasing BTIGhidra, a Ghidra extension that helps reverse engineers by inferring type information from binaries. The analysis is inter-procedural, propagating and resolving type constraints between functions while consuming user input to…
👍2🔥2
GNU/Linux Sandboxing - A Brief Review #GNU #Linux #Sandboxing #Security #OpenSource https://hardenedlinux.org/blog/2024-08-20-gnu/linux-sandboxing-a-brief-review/
hardenedlinux.org
GNU/Linux Sandboxing - A Brief Review
This paper is an incomplete review of the sandbox solutions on the GNU/Linux operating system, which covers the often-used or commonly studied solutions. It also introduces the interfaces to be restricted by an application sandbox and discusses the idea of…
CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys) #GitHub #CVE-2024-38063 #RCE #tcpip.sys #poc https://github.com/ynwarcs/CVE-2024-38063
GitHub
GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys)
poc for CVE-2024-38063 (RCE in tcpip.sys). Contribute to ynwarcs/CVE-2024-38063 development by creating an account on GitHub.
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle #RedTeamPentesting #BacktoSchool #MoodleVulnerability #RemoteCodeExecution #Exploit https://blog.redteam-pentesting.de/2024/moodle-rce/
RedTeam Pentesting - Blog
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …
🔥1
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6 #CVE202438063 #KernelExploit #IPv6 #VulnerabilityResearch #ASLRBypass https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
CVE Hunting Made Easy #CVEHunting #AutomatedDiscovery #SourceCodeScanning #EasyMethodology #WordPressPlugins https://projectblack.io/blog/cve-hunting-at-scale/
Research Blog | Project Black
CVE Hunting Made Easy
In just three Sunday afternoons, I discovered 14 CVEs - and you can too! CVE hunting is more accessible than many realise, and the methodology outlined here requires only a bit of coding knowledge.
👍1
BlackSuit Ransomware #BlackSuitRansomware #DFIR #ThreatIntelligence #DetectionRules #RealIntrusions https://thedfirreport.com/2024/08/26/blacksuit-ransomware/
The DFIR Report
BlackSuit Ransomware
Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor leveraged va…
Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware #BlingLibra #ShinyHunters #Ransomware #AWS #ThreatActor https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
Unit 42
Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials.
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
Google
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
Bypassing airport security via SQL injection #AirportSecurity #SQLInjection #KCM #CASS #CybersecurityVulnerability https://ian.sh/tsa
Bypassing airport security via SQL injection
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents #CVE202443044 #JenkinsRCE #ArbitraryFileRead #JenkinsSecurity #CodeExploit https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044
Conviso AppSec
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files