Compromised WordPress site serves malware | LNK file MALWARE ANALYSIS and HTA Deobfuscation
https://www.youtube.com/watch?v=XxHFr2xvPFc
https://www.youtube.com/watch?v=XxHFr2xvPFc
YouTube
MALWARE on WordPress site | LNK file MALWARE ANALYSIS and HTA Deobfuscation
Analysis of a malicious LNK file which uses a compromised Uzbekistan website to launch a malicious HTA file, that in turn downloads and runs FormBook malware.
** Find me at **
Twitter/X - https://twitter.com/CyberRaiju
Blog - https://www.jaiminton.com/
Mastodon…
** Find me at **
Twitter/X - https://twitter.com/CyberRaiju
Blog - https://www.jaiminton.com/
Mastodon…
Electron Math: 8 Million User Note App Stored XSS -> RCE bypassing nodeintegration via preload.js in electron
https://0reg.dev/blog/electron-math
https://0reg.dev/blog/electron-math
0reg.dev
Retr0's Register
Retr0's Threat Research
Democratizing Fuzzing at Scale
https://drive.google.com/file/d/1lUFIugzEy1eBBWkLDHC_hzRfahZUCZYR/view
https://drive.google.com/file/d/1lUFIugzEy1eBBWkLDHC_hzRfahZUCZYR/view
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
https://pwning.tech/nftables/
https://pwning.tech/nftables/
Pwning Tech
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets…
A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files
https://github.com/SafeBreach-Labs/DoubleDrive
https://github.com/SafeBreach-Labs/DoubleDrive
GitHub
GitHub - SafeBreach-Labs/DoubleDrive: A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local…
A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files - SafeBreach-Labs/DoubleDrive
"Всё нижеизложенное является компиляцией собственного опыта и общедоступных наработок связанных со взломом Linux."
https://reeves0x0.gitbook.io/linux-under-attack/
https://reeves0x0.gitbook.io/linux-under-attack/
reeves0x0.gitbook.io
Предисловие | Linux under attack
Owasp level 4 Android Reversing Anti-Debugging/Root checks: r2pay 1.0.
https://medium.com/@ndsetobol/owasp-level-4-android-reversing-anti-debugging-root-checks-r2pay-1-0-239e224ec649
https://medium.com/@ndsetobol/owasp-level-4-android-reversing-anti-debugging-root-checks-r2pay-1-0-239e224ec649
Medium
Owasp level 4 Android Reversing Anti-Debugging/Root checks: r2pay 1.0.
This was one of the most challenging crackmes I’ve ever attempted to decipher. It took an extensive amount of time and effort, spanning…
слайды
Rhadamanthys & the 40 thieves
https://download.scrt.ch/insomnihack/ins24-slides/Rhadamanthys%20and%20the%2040%20thieves.pdf
Rhadamanthys & the 40 thieves
https://download.scrt.ch/insomnihack/ins24-slides/Rhadamanthys%20and%20the%2040%20thieves.pdf
слайды
From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory
https://kaist-hacking.github.io/pubs/2024/lee:v8-ctf-slides.pdf
exploit
https://github.com/kaist-hacking/CVE-2023-6702
From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory
https://kaist-hacking.github.io/pubs/2024/lee:v8-ctf-slides.pdf
exploit
https://github.com/kaist-hacking/CVE-2023-6702
Интересная тема - хукинг голанг функций. Он отличается. В сети нашел всего две статьи =*( В первой рассматривается очень частный случай, когда намеренно импортируется libc, во второй я потерялся в исходниках (очень интересно, но нихуя непонятно)
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html#
https://metalbear.co/blog/hooking-go-from-rust-hitchhikers-guide-to-the-go-laxy/
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html#
https://metalbear.co/blog/hooking-go-from-rust-hitchhikers-guide-to-the-go-laxy/
Quarkslab
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
Molding lies into reality || Exploiting CVE-2024-4358
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
Summoning Team
Molding lies into reality || Exploiting CVE-2024-4358
Discovering a zero-day authentication bypass and chaining a .NET deserialization to achieve pre-auth RCE on Progress Report Server
FunctionInliner is an IDA plugin that can be used to ease the reversing of binaries that have been space-optimized with function outlining (e.g. clang --moutline).
https://github.com/cellebrite-labs/FunctionInliner
https://github.com/cellebrite-labs/FunctionInliner
GitHub
GitHub - cellebrite-labs/FunctionInliner: An IDA plugin that eases reversing of binaries that have been code-size-optimized with…
An IDA plugin that eases reversing of binaries that have been code-size-optimized with function outlining - cellebrite-labs/FunctionInliner
Слайды и видео с конференции Objective for the We (по mac malware)
https://objective-see.org/oftw/v1.html
https://objective-see.org/oftw/v1.html
objective-see.org
Objective for the We v1.0
Our student-focused conference providing free talks & trainings from some of the world's top Apple security researchers, providing an invaluable learning opportunity for the community.
delve into windows memory internals, understand how memory is managed in windows as well as process internals
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20III/
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20III/
azr43lkn1ght.github.io
Malware Development, Analysis and DFIR Series - Part III
Delve into windows memory internals! here is the 3rd post of Malware Development, Analysis and DFIR Series.
CVE-2024-27822: macOS PackageKit Privilege Escalation
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
Mykola’s blog
CVE-2024-27822: macOS PackageKit Privilege Escalation
Another fun exploit! This time with local privilege escalation through Apple’s PackageKit.framework when running ZSH-based PKGs 🎉.