In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military…

Cado and Permiso researchers team up to do a breakdown of Legion's toolset and discuss the review some of the differences between Legion and the likes of AndroxGh0st and Greenbot.

Search for c2 servers based on netlas. Contribute to michael2to3/c2-search-netlas development by creating an account on GitHub.

Awesome EDR Bypass Resources For Ethical Hacking. Contribute to tkmru/awesome-edr-bypass development by creating an account on GitHub.

Driver-based attacks against security products are on the rise

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.

Learn how to easily create deserialization exploit payloads in MessagePack’s Typeless mode.

Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…

CVE-2023-29084 analysis

In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog...

Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy…

CRIL analyzes the ongoing evolution of Qakbot malware and how it infects users using OneNote attachments and chm files.

Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy…

The question of automatic dependency updates came up in our Slack channel the other day. There was a lot of nodding on how it is a good thing. Tools like Dependabot and Renovate were mentioned. Yet I was a dissenting voice. Why?
The case for automatic dependency…

I reversed the firmware of my Garmin Forerunner 245 Music back in 2022 and found a dozen or so vulnerabilities in their support for Connect IQ applications. They can be exploited…

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…