Android-PIN-Bruteforce
https://github.com/urbanadventurer/Android-PIN-Bruteforce
https://github.com/urbanadventurer/Android-PIN-Bruteforce
GitHub
GitHub - urbanadventurer/Android-PIN-Bruteforce: Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your…
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb) - urbanadventurer/Android...
Exploiting Windows RPC to bypass CFG mitigation: analysis of CVE-2021-26411 in-the-wild sample
The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called by ROP chain to modify the shellcode memory to PAGE_EXECUTE_READWRITE, and the code execution flow is jumped to shellcode by ROP chain finally. After Windows 8.1, Microsoft introduced CFG (Control Flow Guard)[1] mitigation to verify the indirect function call, which mitigates the exploitation of tampering with vtable to get code execution.
However, the confrontation is not end. Some new methods to bypass CFG mitigation have emerged. For example, in chakra/jnoscript9, the code execution flow is hijacked by tampering with the function return address on the stack; in v8, WebAssembly with executable memory property is used to execute shellcode. In December 2020, Microsoft introduced CET(Control-flow Enforcement Technology)[2] mitigation technology based on Intel Tiger Lake CPU in Windows 10 20H1, which protects the exploitation of tampering with the function return address on the stack. Therefore, how to bypass CFG in a CET mitigation environment has become a new problem for vulnerability exploitation.
https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html
The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called by ROP chain to modify the shellcode memory to PAGE_EXECUTE_READWRITE, and the code execution flow is jumped to shellcode by ROP chain finally. After Windows 8.1, Microsoft introduced CFG (Control Flow Guard)[1] mitigation to verify the indirect function call, which mitigates the exploitation of tampering with vtable to get code execution.
However, the confrontation is not end. Some new methods to bypass CFG mitigation have emerged. For example, in chakra/jnoscript9, the code execution flow is hijacked by tampering with the function return address on the stack; in v8, WebAssembly with executable memory property is used to execute shellcode. In December 2020, Microsoft introduced CET(Control-flow Enforcement Technology)[2] mitigation technology based on Intel Tiger Lake CPU in Windows 10 20H1, which protects the exploitation of tampering with the function return address on the stack. Therefore, how to bypass CFG in a CET mitigation environment has become a new problem for vulnerability exploitation.
https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html
iamelli0t’s blog
Exploiting Windows RPC to bypass CFG mitigation: analysis of CVE-2021-26411 in-the-wild sample
The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called…
Exclusive: #RUMINT Rumor Intelligence from Iran 🇮🇷 via Israel 🇮🇱.
Nuclear facility at Natanz, Iran has suffered major damage by an attack.
Rumor 1: Israel launched a cyber attack at the facility.
Rumor 2: Israel used local assets and used explosives (likely a sabotage) and / or cyber tactics during the attack.
Rumor 3: It was an accident.
However, the facility sustained power damage and no nuclear leak occurred, as per reliable source.
Nuclear facility at Natanz, Iran has suffered major damage by an attack.
Rumor 1: Israel launched a cyber attack at the facility.
Rumor 2: Israel used local assets and used explosives (likely a sabotage) and / or cyber tactics during the attack.
Rumor 3: It was an accident.
However, the facility sustained power damage and no nuclear leak occurred, as per reliable source.
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Census-Labs
CENSUS | Cybersecurity Engineering
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities…
Forwarded from Security Analysis
1-click RCE in Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
https://ift.tt/3gcdx6d
https://ift.tt/3gcdx6d
positive.security
Allow arbitrary URLs, expect arbitrary code execution | Positive Security
Insecure URL handling leading to 1-click code execution vulnerabilities in Telegram, Nextcloud (CVE-2021-22879), VLC, LibreOffice (CVE-2021-25631), OpenOffice (CVE-2021-30245), Bitcoin/Dogecoin Wallets, Wireshark (CVE-2021-22191) and Mumble (CVE-2021-27229).
Telegram bug bounties: XSS, privacy issues, official bot exploitation and more…
https://davtur19.medium.com/telegram-bug-bounties-xss-privacy-issues-official-bot-exploitation-and-more-5277fa78435
https://davtur19.medium.com/telegram-bug-bounties-xss-privacy-issues-official-bot-exploitation-and-more-5277fa78435
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.
https://cve.reconshell.com/cve/CVE-2021-31546
https://cve.reconshell.com/cve/CVE-2021-31546
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years. RotaJakiro
https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html
https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html
The Hacker News
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
Automatic and platform-independent unpacker for Windows binaries based on emulation
https://github.com/unipacker/unipacker
https://github.com/unipacker/unipacker
GitHub
GitHub - unipacker/unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
Automatic and platform-independent unpacker for Windows binaries based on emulation - unipacker/unipacker