Nice analysis on low-level details of x86 assembly associated to memset/memcpy https://twitter.com/nadavrot/status/1464364562409422852?t=xuCmg9OLp5gy7wdzdVKKIg&s=09
Twitter
Nadav Rotem
I spent some time optimizing memset and memcpy in x86 assembly. Here are a few interesting things about memset and memcpy. 1/
CONTInuing the Bazar Ransomware Story https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
The DFIR Report
CONTInuing the Bazar Ransomware Story
In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomw…
ScarCruft surveilling North Korean defectors and human rights activists https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
Securelist
ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.
The Water Bear that Wasn’t: Tardigrade https://medium.com/@semisi.ganon/the-water-bear-that-wasnt-tardigrade-6d3ed4d8e86b
Medium
The Water Bear that Wasn’t: Tardigrade
In mid November 2021 the world’s tech commentators including Wired, The Washington Post, Bleeping Computer and Tripwire lit up with news of…
POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) flaw has been disclosed https://securityonline.info/cve-2021-43267-poc/
Cybersecurity News
POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) flaw has been disclosed
The POC of Linux Kernel TIPC remote code execution (CVE-2021-43267) vulnerability has been disclosed, the vulnerability level is serious
Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809) https://blog.assetnote.io/2021/11/30/jamf-ssrf/
An Illustrated Guide to Elliptic Curve Cryptography Validation https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/
Nice write-up (in Korean) » Virtualbox 6.1.18 0-day(였던) http://blog.howdays.kr/index.php/2021/11/26/virtualbox-6-1-18-0-day/
What does APT Activity Look Like on macOS? https://themittenmac.com/what-does-apt-activity-look-like-on-macos/
The Mitten Mac
What does APT Activity Look Like on MacOS?
What does APT Activity Look Like on macOS?I often get asked what Advanced Persistent Activity (APT) or nation state hacking looks like on a macOS system. This is a great question and the answer is no
Tracking a P2P network related to TA505
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
This shouldn't have happened: A vulnerability postmortem https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
Blogspot
This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...
Popping iOS <=14.7 with IOMFB https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html
Justin’s Blog
Popping iOS <=14.7 with IOMFB
During the last two weeks of my summer (as of writing, summer 2021), I decided to try and take a crack at iOS 14 kernel exploitation with the IOMobileFramebuffer OOB pointer read (CVE-2021-30807). Unfortunately, a couple days after I moved back into school…
All our team wishes you and yours a Happy New Year! ❤️
The Re-Emergence of Emotet https://www.deepinstinct.com/blog/the-re-emergence-of-emotet
Deep Instinct
The Re-Emergence of Emotet | Deep Instinct
Emotet, the malware botnet, has resurfaced after almost 10 months. The operation was originally taken down by multiple international law enforcement agencies this past January. These agencies took control of the infrastructure and scheduled an un-installation…
Unpacking and decryption tools for the Emotet malware https://github.com/deepinstinct/DeMotet
GitHub
GitHub - deepinstinct/DeMotet: Unpacking and decryption tools for the Emotet malware
Unpacking and decryption tools for the Emotet malware - deepinstinct/DeMotet
Protecting Windows Credentials against Network Attacks https://securitycafe.ro/2021/12/02/protecting-windows-credentials-against-network-attacks/
Security Café
Protecting Windows Credentials against Network Attacks
Over the years I’ve seen a lot of misconfigurations or a lack of configurations when it comes to protecting Windows credentials, hashes or Kerberos tickets. The main difficulty here comes fro…
Impact of an Insecure Deep Link https://securityflow.io/impact-of-an-insecure-deep-link/
Just another analysis of the njRAT malware – A step-by-step approach https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
Google Cloud Blog
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again | Google Cloud Blog
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver https://syst3mfailure.io/sixpack-slab-out-of-bounds
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf…