Forwarded from Source Byte
First time we see details related to gonjeshke darande ( an Israeli APT )
https://iscisc2025.sbu.ac.ir/fa/Home/Content?id=58
https://iscisc2025.sbu.ac.ir/fa/Home/Content?id=58
🐳1
Forwarded from Source Byte
What I Learned from Reverse Engineering Windows Containers
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
🐳1
Forwarded from Source Byte
How to mitigate symbolic link attacks on Windows?
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
🐳3
Forwarded from CyberSecurityTechnologies
#exploit
High severity Windows vulnerabilities:
1⃣ CVE-2025-26686:
RCE in Windows 10/11/Srv TCP/IP stack
// leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch now..
2⃣ CVE-2025-60710:
LPE in Taskhost Windows Tasks
// Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally
3⃣ CVE-2025-54110:
Windows Kernel Integer Overflow Privilege Escalation
// high-severity vulnerability in Windows Kernel that arises from improper handling of integer values during memory allocation
4⃣ CVE-2025-54918:
Improper authentication in Windows NTLM
// Simulated exploitation and mitigation of CVE-2025-54918 (Win NTLM flaw). Incl. detection noscripts, Ansible patching, CI/CD hardening. Demonstrates PrivEsc from low-level access to SYSTEM in hybrid cloud environments
// Disclaimer
High severity Windows vulnerabilities:
1⃣ CVE-2025-26686:
RCE in Windows 10/11/Srv TCP/IP stack
// leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch now..
2⃣ CVE-2025-60710:
LPE in Taskhost Windows Tasks
// Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally
3⃣ CVE-2025-54110:
Windows Kernel Integer Overflow Privilege Escalation
// high-severity vulnerability in Windows Kernel that arises from improper handling of integer values during memory allocation
4⃣ CVE-2025-54918:
Improper authentication in Windows NTLM
// Simulated exploitation and mitigation of CVE-2025-54918 (Win NTLM flaw). Incl. detection noscripts, Ansible patching, CI/CD hardening. Demonstrates PrivEsc from low-level access to SYSTEM in hybrid cloud environments
// Disclaimer
❤🔥1
Forwarded from [ deprecated_bytes ]
❤1
A site for sharing packet capture (pcap) files and malware samples.
I started this blog in 2013 to share pcaps and malware samples. Due to issues with Google, I took down most of my old blog posts. I've been slowly restoring these with a new pattern for the password-protected zip archives. 2014 and 2015 have yet to be fully restored. All other years are currently online.
http://Malware-Traffic-Analysis.net
I started this blog in 2013 to share pcaps and malware samples. Due to issues with Google, I took down most of my old blog posts. I've been slowly restoring these with a new pattern for the password-protected zip archives. 2014 and 2015 have yet to be fully restored. All other years are currently online.
http://Malware-Traffic-Analysis.net
❤3