Exploitation of a kernel pool overflow from a restrictive chunk size (CVE-2021-31969) #MemoryCorruption #WindowsVulnerability #CVE-2021-31969 #Exploit #KernelPoolOverflow https://starlabs.sg/blog/2023/11-exploitation-of-a-kernel-pool-overflow-from-a-restrictive-chunk-size-cve-2021-31969/
STAR Labs
Exploitation of a kernel pool overflow from a restrictive chunk size (CVE-2021-31969)
Introduction The prevalence of memory corruption bugs persists, posing a persistent challenge for exploitation. This increased difficulty arises from advancements in defensive mechanisms and the escalating complexity of software systems. While a basic proof…
🔥2
Exploiting Enterprise Backup Software For Privilege Escalation: Part One #ExploitingEnterpriseBackupSoftware #PrivilegeEscalation #KernelDriverVulnerability #CyberSecurity #PartOne https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-one
Exploiting Enterprise Backup Software For Privilege Escalation: Part Two #KernelDriverZeroDays #PrivilegeEscalation #ExploitationPrimitives #TechnicalIntricacies #HeapSpray https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-two
traceeshark: Deep Linux runtime visibility meets Wireshark #Traceeshark #Linux #Wireshark #MalwareAnalysis #SecurityVisibility https://github.com/aquasecurity/traceeshark
GitHub
GitHub - aquasecurity/traceeshark: Deep Linux runtime visibility meets Wireshark
Deep Linux runtime visibility meets Wireshark. Contribute to aquasecurity/traceeshark development by creating an account on GitHub.
👍1
CVE-2024-37084: Spring Cloud Remote Code Execution #SpringCloud #CVE-2024-37084 #SecureLayer7 #PenetrationTesting #APIScanner https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-37084: Spring Cloud Remote Code Execution
CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. The vulnerability arises from the use of the standard...
From a GLPI patch bypass to RCE #SensePost #GLPI #PatchBypass #RCE #SQLInjection https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/
EUCLEAK #SecureElement #Infineon #SideChannelAttack #EUCLEAK #YubiKey5Series https://ninjalab.io/eucleak/
NinjaLab
EUCLEAK - NinjaLab
Download the Writeup Illustration Romain Flamand – Flamingo Studio – [email protected] Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest…
Patch Tuesday Diffing: CVE-2024-20696 - Windows Libarchive RCE #PatchTuesday #CVE-2024-20696 #Windows #Libarchive #RCE https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/
clearbluejar
Patch Tuesday Diffing: CVE-2024-20696 - Windows Libarchive RCE
Patch Diffing CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability
👍3
Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078 #Windows #WiFiDriver #RCEVulnerability #CVE-2024-30078 #Crowdfense https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
Crowdfense
Windows Wi-Fi Driver RCE Vulnerability - CVE-2024-30078 - Crowdfense
Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.
👍1🔥1
LazyXss: Automation tool to testing and confirm the xss vulnerability. #LazyXss #XSSvulnerability #AutomationTool #GitHub #Security https://github.com/iamunixtz/LazyXss
GitHub
GitHub - iamunixtz/LazyXss: Automation tool to testing and confirm the xss vulnerability.
Automation tool to testing and confirm the xss vulnerability. - iamunixtz/LazyXss
Calculating the size of the Windows kernel subsystems #WindowsKernelSubsystems #SubsystemSizeCalculation #WindowsInternals #ReverseEngineeringTools #KernelFunctionPrefixes https://www.linkedin.com/pulse/calculating-size-windows-kernel-subsystems-artem-baranov-jnd1e
Linkedin
Calculating the size of the Windows kernel subsystems
Introduction As we know, Windows has a proprietary hybrid kernel, written in C, C++, and Asm, called ntoskrnl.exe (also ntkrnlpa.
Going Native - Malicious Native Applications #MaliciousNativeApplications #NtAPI #RemoteProcessInjection #EarlyBootAccess #WindowsDefenderPermissions https://www.protexity.com/post/going-native-malicious-native-applications
Protexity
Going Native - Malicious Native Applications
Part I: IntroductionWindows ApplicationsWindows applications normally perform operations by interacting with the Windows Application Program Interface (WinAPI). The WinAPI then performs some processing of parameters to normalize them or calculate additional…
👍2
A journey through KiUserExceptionDispatcher #EmulationEnvironment #KiUserExceptionDispatcher #ExceptionHandling #WindowsInternals #MauricesBlog https://momo5502.com/posts/2024-09-07-a-journey-through-kiuserexceptiondispatcher/
Maurice's Blog 🐍
A journey through KiUserExceptionDispatcher
I am currently working on an emulation environment similar to Qiling.
Unlike Qiling, it emulates the entire user-space, not just the target application.
As Qiling reimplements all APIs (kernel32, vcruntime, …) outside the emulator, it gains a lot of speed…
Unlike Qiling, it emulates the entire user-space, not just the target application.
As Qiling reimplements all APIs (kernel32, vcruntime, …) outside the emulator, it gains a lot of speed…
🔥2
The (Anti-)EDR Compendium #AntiEDR #ShellcodeLoader #AVSignatureScanning #MemoryScanning #WindowsDefender https://blog.deeb.ch/posts/how-edr-works/
Companion scanner for mockingjay injection #MockingjayInjection #GhostsInTheShell #HandlewalkAlgorithm #DLLSearch #MemoryProtections https://brunopincho.github.io/dllMemoryScanner/
Bypassing PatchGuard at runtime #PatchGuardBypass #Runtime #WinDbg #KDNET #HEXDEREF https://hexderef.com/patchguard-bypass
👍1
When Certificates Fail: A Story of Bypassed MFA in Remote Access #MFAFail #CertificateBypass #RemoteAccess #SecurityVulnerability #UserAuthentication https://edermi.github.io/post/2024/mfa_bypass_mtls/
edermi's Blog
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Long time no see! After 3 years of no new blog posts and also no conference talks from my side, I decided it’s time to write again. I’ll start easy with a fun story that happened a while …
🔥1
Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution #CriticalKibanaFlaws #ArbitraryCodeExecution #CVE202437288 #CVE202437285 #UpdateImmediately https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
Daily CyberSecurity
Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution
URGENT: Critical security advisory for Kibana users. Update to version 8.15.1 now to mitigate vulnerabilities CVE-2024-37288 and CVE-2024-37285.
(not related to cybersecurity, but worth mentioning :)) Web port of the original Diablo game https://d07riv.github.io/diabloweb/
🤪2
Decrypting and Replaying VPN Cookies #VPNcookie #reverseengineering #HIPchecks #keyderivation #redteamdefense https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
Medium
Decrypting and Replaying VPN Cookies
Reverse engineering VPN client software to hijack session cookies.
Bytecode Injection (Part 3) #BytecodeInjection #Exploitation #Android #Java #CommandExecution https://lolcads.github.io/posts/2024/09/bytecode_exploitation_2/
lolcads tech blog
Bytecode Injection (Part 3)
Bytecode Injection (Part 3) With all the basics out of the way, this blog post shows the first bytecode - based exploitation technique on Android: bytecode injection! This opens the door to many interesting exploits, where injected bytecode can function as…