Supply-Chain ⛓ attack via Python.
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.
https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.
https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html
Pegasus, The Notorious Spyware. ANDROID variant with leaked manual
Pegasus Android variant. Pegasus is the malware developed by NSO Group to spy on high-profile individuals. Rumors used by indian gov and more.
- Notes contain what Pegasus is, how it works, some countermeasures.
- Leaked Manual contains alot of juicy info about the spyware.
- Files contains the android variant of Pegasus from it's early stages till now.
Note: The zip file here contains the android variant of Pegasus if an ethical hacker interested to to see how are they written, the manual of Pegasus which was leaked, and notes which contains some countermeasures against Pegasus. If you don't trust opening the zip file or the pdf, you can open them in a virtual environment, and all of the files included here are scanned with virus total in the links down below.
https://www.mediafire.com/file/qwq0rtow20c7rz7/Pegasus-(Manual,+Notes,+Pegasus+files).zip/file
Pegasus Android variant. Pegasus is the malware developed by NSO Group to spy on high-profile individuals. Rumors used by indian gov and more.
- Notes contain what Pegasus is, how it works, some countermeasures.
- Leaked Manual contains alot of juicy info about the spyware.
- Files contains the android variant of Pegasus from it's early stages till now.
Note: The zip file here contains the android variant of Pegasus if an ethical hacker interested to to see how are they written, the manual of Pegasus which was leaked, and notes which contains some countermeasures against Pegasus. If you don't trust opening the zip file or the pdf, you can open them in a virtual environment, and all of the files included here are scanned with virus total in the links down below.
https://www.mediafire.com/file/qwq0rtow20c7rz7/Pegasus-(Manual,+Notes,+Pegasus+files).zip/file
Windows Privilege Escalation
https://jlajara.gitlab.io/others/2020/11/22/Potatoes_Windows_Privesc.html
https://jlajara.gitlab.io/others/2020/11/22/Potatoes_Windows_Privesc.html
Jorge Lajara Website
Personal Blog
Conti Unpacked | Understanding Ransomware Development As a Response to Detection
https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/
https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
Analysis of Qualcomm Secure Boot Chains:
https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html
https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html
Quarkslab
Analysis of Qualcomm Secure Boot Chains - Quarkslab's blog
Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest…
Implications of a Stealth Hard-Drive Backdoor
https://www.ibr.cs.tu-bs.de/users/kurmus/papers/acsac13.pdf
#Backdoor
https://www.ibr.cs.tu-bs.de/users/kurmus/papers/acsac13.pdf
#Backdoor
ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server
Orange Tsai at DEFCON 29
https://www.youtube.com/watch?v=5mqid-7zp8k
Orange Tsai at DEFCON 29
https://www.youtube.com/watch?v=5mqid-7zp8k
YouTube
DEF CON 29 - Orange Tsai - ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server
Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it is an integral part of both their daily operations and security. Needless to say, vulnerabilities in Exchange have long been the Holy Grail for attackers…
Chaining PHP Exploits with the help of Magic (and luck)
https://www.reddit.com/r/netsec/comments/p4dyuh/chaining_php_exploits_with_the_help_of_magic_and/
https://www.reddit.com/r/netsec/comments/p4dyuh/chaining_php_exploits_with_the_help_of_magic_and/
reddit
Chaining PHP Exploits with the help of Magic (and luck)
Posted in r/netsec by u/_creosote • 10 points and 6 comments