A tool for profiling heap usage and memory management https://github.com/zznop/vizzy
GitHub
GitHub - zznop/vizzy: Tool for profiling heap usage and memory management
Tool for profiling heap usage and memory management - zznop/vizzy
The Art of PerSwaysion: Investigation of a Long-Lived Phishing Kit https://www.seclarity.io/resources/blog/the-art-of-perswaysion-phishing-kit/
www.seclarity.io
Blog - The Art of PerSwaysion: Investigation of a Long-Lived Phishing Kit
Instant. Actionable. Insights.
[Conti] Ransomware Group In-Depth Analysis https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis
PRODAFT
PRODAFT – Cyber Threat Intelligence and Risk Intelligence
Explore advanced cybersecurity solutions, providing proactive defense against emerging threats. Learn more about our tailored intelligence, and cybercrime investigation solutions.
Abusing Google Drive's Email File Functionality https://mrd0x.com/abusing-google-drives-email-file-functionality/
Mrd0X
Security Research | mr.d0x
Providing security research and red team techniques
Nice summary of router security vulnerabilities » https://modemly.com/m1/pulse
Modemly
Router Bugs and Security Vulnerabilities
Router Bugs, Hacks, Security Vulnerabilities and remediation checklists
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-user-after-free.html
Cisco Talos Blog
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser…
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser…
Skrull: run malware on the victim using the Process Ghosting technique https://securityonline.info/skrull-run-malware-on-the-victim-using-the-process-ghosting-technique/
Cybersecurity News
Skrull: run malware on the victim using the Process Ghosting technique
Skrull is a malware DRM. It generates launchers that can run malware on the victim using the Process Ghosting technique
The Complete Guide to Understanding Apple Mac Security for Enterprise https://www.sentinelone.com/blog/the-complete-guide-to-understanding-apple-mac-security-for-enterprise-read-the-free-ebook/
SentinelOne
The Complete Guide to Understanding Apple Mac Security for Enterprise | Read the Free Ebook
Learn how to secure macOS devices in the enterprise with this in-depth review of the strengths and weaknesses of Apple's security technologies.
Advanced threat predictions for 2022 https://securelist.com/advanced-threat-predictions-for-2022/104870/
Securelist
Advanced threat predictions for 2022
Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year.
Unlocking the Vault :: Unauthenticated Remote Code Execution against CommVault Command Center https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
New ransomware actor uses password-protected archives to bypass encryption protection https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/
Sophos News
New ransomware actor uses password-protected archives to bypass encryption protection
Calling themselves “Memento team”, actors use Python-based ransomware that they reconfigured after setbacks.
Multiple Concrete CMS vulnerabilities (part1 – RCE) https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-concrete-cms-part1-rce/
Cyber Security Services - London
Multiple Concrete CMS vulnerabilities ( part1 - RCE )
Multiple vulnerabilities in concrete cms. A race condition in the file upload which resulted in RCE in Concrete CMS
All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients https://claroty.com/2021/11/19/blog-research-all-roads-lead-to-openvpn-pwning-industrial-remote-access-clients/
Claroty
All Roads Lead to OpenVPN: Pwning Industrial Remote Access Clients
Claroty's researchers discovered a new attack concept to target VPNs. Learn more.
Kernel Karnage – Part 3 (Challenge Accepted) https://blog.nviso.eu/2021/11/16/kernel-karnage-part-3-challenge-accepted/
NVISO Labs
Kernel Karnage – Part 3 (Challenge Accepted)
While I was cruising along, taking in the views of the kernel landscape, I received a challenge … 1. Player 2 has entered the game The past weeks I mostly experimented with existing tooling and got…
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Trend Micro
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell.
CVE-2021-41277 Metabase Local File Inclusion https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
NetSPI
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
The vulnerability, found by NetSPI’s cloud pentesting practice director, Karl Fosaaen, affects any organization that uses Automation Account "Run as" accounts in Azure.
Hotpatching on Windows https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/hotpatching-on-windows/ba-p/2959541
TECHCOMMUNITY.MICROSOFT.COM
Hotpatching on Windows
Introduction A core priority of the Windows Kernel team is to keep the operating system, applications, and users secure. Like many operating systems, Windows has a large codebase, a driver ecosystem, and a complex set of dependencies. Every day, many malicious…
Babadeda Crypter targeting crypto, NFT, and DeFi communities https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
Morphisec
Babadeda Crypter Targeting Crypto, NFT, and DeFi Communities
Morphisec Labs encountered a new malware called Babadeda targeting cryptocurrency enthusiasts through Discord. We reveal how it can be stopped.
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos http://www.righto.com/2021/11/reverse-engineering-yamaha-dx7.html?m=1
Righto
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos
The Yamaha DX7 digital synthesizer was released in 1983 and became "one of the most important advances in the history of modern popular mu...
CVE-2021-22048: VMware vCenter Server Privilege Escalation Vulnerability https://securityonline.info/cve-2021-22048-vmware-vcenter-server-privilege-escalation-vulnerability/
Cybersecurity News
CVE-2021-22048: VMware vCenter Server Privilege Escalation Vulnerability
VMware officially released a risk notice for vCenter Server privilege escalation, the vulnerability number is CVE-2021-22048