TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html
Detecting and preventing LSASS credential dumping attacks https://www.microsoft.com/en-us/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/
Microsoft News
Detecting and preventing LSASS credential dumping attacks
LSASS credential dumping is becoming prevalent, especially with the rise of human-operated ransomware. In May 2022, Microsoft participated in an evaluation conducted by AV-Comparatives specifically on detecting and blocking this attack technique and we’re…
Breaking Fortinet Firmware Encryption https://bishopfox.com/blog/breaking-fortinet-firmware-encryption
Bishop Fox
Breaking Fortinet Firmware Encryption
Review our latest Fortinet analysis that breaks encryption on firmware images, leading to improved detection, fingerprinting, and exploit development.
Directory Listing to RCE https://blog.hks.ec/posts/directory-listing-to-rce/
Hakisec
Directory Listing to RCE | Hakisec
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption https://www.securityweek.com/beyond-quantum-memcomputing-asics-could-shatter-2048-bit-rsa-encryption/
SecurityWeek
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.
vmlinux-to-elf: A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms) https://github.com/marin-m/vmlinux-to-elf
GitHub
GitHub - marin-m/vmlinux-to-elf: A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol…
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms) - marin-m/vmlinux-to-elf
Protobuf Magic: extension for Burp Suite designed to intuitively handle Protobuf (Protocol Buffers) messages, even in the absence of complete .proto definitions https://github.com/DeiteriyLab/protobuf-magic
GitHub
GitHub - DeiteriyLab/protobuf-magic
Contribute to DeiteriyLab/protobuf-magic development by creating an account on GitHub.
Exploiting Zenbleed from Chrome https://vu.ls/blog/exploiting-zenbleed-from-chrome/
👌1
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html
Hackers Exploit QR Codes with QRLJacking for Malware Distribution https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/
Hackread
Hackers Exploit QR Codes with QRLJacking for Malware Distribution
Follow us on Twitter @Hackread - Facebook @ /Hackread.
Lord Of The Ring0 - Part 1 | Introduction https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive-and-iocs/
Horizon3.ai
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
Technical deep-dive, indicators of compromise, and exploit POC for CVE-2023-34051 which affects VMware vRealize Log Insight RCE as reported in VMSA-2023-0021. This vulnerability leads to remote code execution and full system compromise.
Lord Of The Ring0 - Part 2 | A tale of routines, IOCTLs and IRPs https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Lord Of The Ring0 - Part 3 | Sailing to the land of the user (and debugging the ship) https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Sshimpanzee (fork of openssh server packaged with different network tunnels) https://blog.lexfo.fr/sshimpanzee.html
NVMe: New Vulnerabilities Made Easy https://www.cyberark.com/resources/all-blog-posts/nvme-new-vulnerabilities-made-easy
Cyberark
NVMe: New Vulnerabilities Made Easy
As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could...
Lord Of The Ring0 - Part 4 | The call back home https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
Lord Of The Ring0 - Part 5 | Saruman's Manipulation https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
Researching Xiaomi’s TEE to get to Chinese money https://research.checkpoint.com/2022/researching-xiaomis-tee/
Check Point Research
Researching Xiaomi’s TEE to get to Chinese money - Check Point Research
Research By: Slava Makkaveev Introduction Have you ever wondered if it is safe to make payments from a mobile device? Can a malicious app steal money from your digital wallet? According to the latest statistics, the Far East and China accounted for two-thirds…
👍1