IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries https://bugprove.com/knowledge-hub/iot-bug-hunting-part-2-walkthrough-of-discovering-command-injections-in-firmware-binaries/
Bugprove
IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries
We present the steps that can lead you to another variation of an OS command injection vulnerability (CVE-2023-4249) in multiple Zavio IP camera models.
[Crypto] Length extension attack + HMAC explained https://yurichev.org/LEA/
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Blogspot
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...
Looking for CVE-2023-43261 in the Real World https://vulncheck.com/blog/real-world-cve-2023-43261
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Building Micro-CGC Events - Art of The Flag https://www.battleofthebots.net/building_micro_cgc_events.html
Battle of The Bots
Building Micro-CGC Events - Art of The Flag
Battle of The Bots Website
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
guard.io
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Cisco
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker.
Fix information can be found in the Fixed Software…
Fix information can be found in the Fixed Software…
PsMapExec: A PowerShell tool that takes strong inspiration from CrackMapExec. https://github.com/The-Viper-One/PsMapExec
GitHub
GitHub - The-Viper-One/PsMapExec: Dominate Active Directory with PowerShell.
Dominate Active Directory with PowerShell. . Contribute to The-Viper-One/PsMapExec development by creating an account on GitHub.
Synology NAS DSM Account Takeover: When Random is not Secure https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Claroty
Synology NAS DSM Account Takeover: When Random is not Secure
Claroty discovers the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system. Learn more.
Snapshot fuzzing direct composition with WTF https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
Cisco Talos Blog
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
The single-packet attack: making remote race-conditions 'local' https://portswigger.net/research/the-single-packet-attack-making-remote-race-conditions-local
PortSwigger Research
The single-packet attack: making remote race-conditions 'local'
The single-packet attack is a new technique for triggering web race conditions. It works by completing multiple HTTP/2 requests with a single TCP packet, which effectively eliminates network jitter an
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/
Microsoft News
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Microsoft has observed North Korean threat actors Diamond Sleet and Onyx Sleet exploiting Jet Brains TeamCity CVE-2023-42793 vulnerability.
Hardware Hacking to Bypass BIOS Passwords https://cybercx.co.nz/blog/bypassing-bios-password/
CyberCX
Hardware Hacking to Bypass BIOS Passwords
A beginners hardware hacking journey of performing a BIOS password bypass on Lenovo laptops. In this article we identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally identify why this attack works and…
EDR Evasion Techniques Using Syscalls https://hadess.io/edr-evasion-techniques-using-syscalls/
HADESS
EDR Evasion Techniques Using Syscalls - HADESS
In the age of DevOps and rapid software development cycles, Jenkins has emerged as a beacon of automation, aiding organizations in efficiently building, deploying, and automating their projects. Yet, as with any popular software, its wide adoption has also…
CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside https://www.zerodayinitiative.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
Zero Day Initiative
Zero Day Initiative — CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
In May 2023, we received a vulnerability report from an anonymous researcher regarding a vulnerability in Apple Safari. It turned out to be an interesting classic integer underflow vulnerability. Apple assigned CVE-2023-38600 to this issue and fixed it in…
MATA malware framework exploits EDR in attacks on defense firms https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms/
BleepingComputer
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
Uncovering RPC Servers through Windows API Analysis https://posts.specterops.io/uncovering-rpc-servers-through-windows-api-analysis-5d23c0459db6
SpecterOps
Uncovering RPC Servers through Windows API Analysis - SpecterOps
This article serves as a hand-holding walkthrough and documents how I analyzed a simple Win32 API: LogonUserA. Learn how to use some of IDA’s most common features.
👍1