Tales of the Crimson Foes - Part 1 #CrimsonFoes #BreachingUnicorns #RedTeamTales #SecurityBlog #ForgottenScroll https://therealunicornsecurity.github.io/CrimsonFoes/
therealunicornsecurity.github.io
Tales of the Crimson Foes - Part 1
The Tales of the Crimson Foes
A compilation of red team and pentest stories
A compilation of red team and pentest stories
Microsoft Bookings – Facilitating Impersonation #MicrosoftBookings #SecurityRisk #Impersonation #CyberisLimited #DataProtection https://www.cyberis.com/article/microsoft-bookings-facilitating-impersonation
Cyberis Limited
Microsoft Bookings – Facilitating Impersonation
Microsoft Bookings introduces a significant security risk by allowing end users to create fully functional Entra accounts without administrative oversight. These accounts, tied to shared Booking pages, can be exploited for impersonation, phishing, and email…
Everyday Ghidra: Ghidra Data Types— When to Create Custom GDTs — Part 1 #Ghidra #DataTypes #CustomGDTs #ReverseEngineering #WindowsSDK https://medium.com/@clearbluejar/everyday-ghidra-ghidra-data-types-when-to-create-custom-gdts-part-1-143fe45777eb
Medium
Everyday Ghidra: Ghidra Data Types— When to Create Custom GDTs — Part 1
In this 2-part “Everyday Ghidra” series post, we’ll walk through creating custom Ghidra data types by parsing C header files. In Everyday…
🔥3
System prompt exposure: how AI image generators may leak sensitive instructions #AIImageGenerators #SystemPromptExposure #DiffusionModels #LLM #WebSecurityBlog https://www.invicti.com/blog/security-labs/system-prompt-exposure-how-ai-image-generators-may-leak-sensitive-instructions/
Invicti
System Prompt Exposure: How AI Image Generators May Leak Sensitive Instructions
Recraft's image generation service uses a unique architecture combining an LLM (Claude) with a diffusion model. Learn what led to the discovery that carefully crafted prompts could expose the system's internal instructions.
Beyond RCE: Autonomous Code Execution in Agentic AI #AgenticAI #ACE #PromptInjection #PhishingAgenticSystems #TakingControl https://www.securityrunners.io/post/beyond-rce-autonomous-code-execution-in-agentic-ai
www.securityrunners.io
Beyond RCE: Autonomous Code Execution in Agentic AI
This blog post explores how agentic AI systems, specifically the "Computer Use" feature, can be manipulated through prompt injections and phishing techniques to execute arbitrary commands.
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities s #macOSSandboxEscapes #NewVulnerabilities #CVEList #ConferencePresentation #SecurityResearch https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/
jhftss.github.io
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities
This is a blog post for my presentation at the conference POC2024. The slides are uploaded here.
A deep dive into Linux’s new mseal syscall #mseal #Linux #ExploitMitigations #MemorySealing #syscall https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/
The Trail of Bits Blog
A deep dive into Linux’s new mseal syscall
If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation…
🔥3
Breaking Down Multipart Parsers: File upload validation bypass #multipartformdataparsers #fileupload #validationbypass #WAF #inputvalidation https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Sicuranext Blog
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against…
We have released a new tool, MANTILLA, a powerful tool for malware analysis and vulnerability detection of libraries in statically-linked (and stripped) Linux binaries. Read our latest blog post to learn more! (full paper here: https://doi.org/10.1016/j.future.2024.107602) https://reversea.me/index.php/identifying-runtime-libraries-in-statically-linked-binaries-with-mantilla/
🔥6
Citrix-Virtual-Apps-XEN-Exploit: Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE #Citrix #VirtualApps #XEN #Exploit #RCE https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
GitHub
GitHub - watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit: Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE
Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE - watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight #RubySAML #CVE202445409 #SecurityFlaw #WorstCaseScenario #OpenSourceVulnerability https://workos.com/blog/ruby-saml-cve-2024-45409
Workos
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight — WorkOS
On September 10th, 2024, a critical security flaw was disclosed in the Ruby-SAML and OmniAuth-SAML libraries, exposing a vulnerability that allows complete authentication bypass. This flaw, CVE-2024-45409, earned the highest possible score of 10 on GitHub's…
The cost of a NAND chip off attack is 170.87€ #NANDchip #hardwareattack #170.87€ #toolsused #vulnerabilities https://www.errno.fr/NAND_chip_off_attack
Attestations: A new generation of signatures on PyPI #PyPI #Attestations #PEP740 #Sigstore #SoftwareSecurity https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/
The Trail of Bits Blog
Attestations: A new generation of signatures on PyPI
For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been…
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 # FortiManager # Vulnerability # Fortinet # FortiJump # CVE-2024-47575 https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…
The Definitive Guide to Linux Process Injection #LinuxProcessInjection #SecurityResearch #LinuxvsWindows #RemoteProcessInteractions #PtraceProcfsProcess_VMWritv https://www.akamai.com/blog/security-research/the-definitive-guide-to-linux-process-injection
Akamai
The Definitive Guide to Linux Process Injection | Akamai
In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.
Windows Drivers Reverse Engineering Methodology #WindowsSecurity #WindowsDrivers #ReverseEngineering https://voidsec.com/windows-drivers-reverse-engineering-methodology/
VoidSec
Windows Drivers Reverse Engineering Methodology
Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.
🔥4
Research Case Study: Supply Chain Security at Scale – Insights into NPM Account Takeovers #LaburityResearch #NPM #AccountTakeovers #SupplyChainSecurity #ResearchCaseStudy https://laburity.com/research-npm-account-takeovers/
Laburity - Cyber Security Services
Research Case Study: Supply Chain Security at Scale – Insights into NPM Account Takeovers - Laburity
Software supply chains are complex ecosystems where even a single vulnerability can lead to widely spread security issues. This blog focuses on supply chain account takeovers, particularly in NPM packages, and explains how attackers exploit expired email…
OpenBMC Remote OS Deployment: A Simplified Approach #OpenBMC #RemoteOS #Deployment #SimplifiedApproach #VaultLabs https://hardenedvault.net/blog/2024-11-17-openbmc-remote-deployment/
hardenedvault.net
OpenBMC Remote OS Deployment: A Simplified Approach
OpenBMC Remote OS Deployment: A Simplified Approach Many BMC implementations can accept a disk image and present it as a read-only USB mass storage device inserted into the host machine, allowing the host machine to boot from this “disk” for remote installation…
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 #PaloAlto #SSLVPN #Vulnerabilities #CVE2024 #CommandInjection https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
watchTowr Labs
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances.
Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN…
Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN…
RpcInvestigator: Exploring RPC interfaces on Windows #WindowsRPC #RPCInvestigator #WindowsSecurity #ETW #RPCClient https://github.com/trailofbits/RpcInvestigator
GitHub
GitHub - trailofbits/RpcInvestigator: Exploring RPC interfaces on Windows
Exploring RPC interfaces on Windows. Contribute to trailofbits/RpcInvestigator development by creating an account on GitHub.