Exploiting Zenbleed from Chrome https://vu.ls/blog/exploiting-zenbleed-from-chrome/
👌1
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html
Hackers Exploit QR Codes with QRLJacking for Malware Distribution https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/
Hackread
Hackers Exploit QR Codes with QRLJacking for Malware Distribution
Follow us on Twitter @Hackread - Facebook @ /Hackread.
Lord Of The Ring0 - Part 1 | Introduction https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive-and-iocs/
Horizon3.ai
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
Technical deep-dive, indicators of compromise, and exploit POC for CVE-2023-34051 which affects VMware vRealize Log Insight RCE as reported in VMSA-2023-0021. This vulnerability leads to remote code execution and full system compromise.
Lord Of The Ring0 - Part 2 | A tale of routines, IOCTLs and IRPs https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Lord Of The Ring0 - Part 3 | Sailing to the land of the user (and debugging the ship) https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Sshimpanzee (fork of openssh server packaged with different network tunnels) https://blog.lexfo.fr/sshimpanzee.html
NVMe: New Vulnerabilities Made Easy https://www.cyberark.com/resources/all-blog-posts/nvme-new-vulnerabilities-made-easy
Cyberark
NVMe: New Vulnerabilities Made Easy
As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could...
Lord Of The Ring0 - Part 4 | The call back home https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
Lord Of The Ring0 - Part 5 | Saruman's Manipulation https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
Researching Xiaomi’s TEE to get to Chinese money https://research.checkpoint.com/2022/researching-xiaomis-tee/
Check Point Research
Researching Xiaomi’s TEE to get to Chinese money - Check Point Research
Research By: Slava Makkaveev Introduction Have you ever wondered if it is safe to make payments from a mobile device? Can a malicious app steal money from your digital wallet? According to the latest statistics, the Far East and China accounted for two-thirds…
👍1
Low-Level Software Security for Compiler Developers https://llsoftsec.github.io/llsoftsecbook/
👍1
Evolution of Data Lifecycle Management at Uber https://www.uber.com/en-GB/blog/evolution-of-data-lifecycle-management-at-uber/
Your Comprehensive Guide to Kubernetes Security https://medium.com/@paritoshblogs/your-comprehensive-guide-to-kubernetes-security-0a215518b710
Medium
Your Comprehensive Guide to Kubernetes Security
Kubernetes, often referred to as K8s, has revolutionized the world of container orchestration and application deployment. Its flexibility…
👍1
People who say “PHP is insecure” are uninformed https://hakluke.com/people-who-say-php-is-insecure-are-uninformed/
Hakluke
People who say “PHP is insecure” are uninformed
I hear a lot of folks parrot the opinion that PHP is somehow less secure than other languages. This simply isn't true. Here's why.
Abusing gdb Features for Data Ingress & Egress https://www.archcloudlabs.com/projects/debuginfod/
Archcloudlabs
Abusing gdb Features for Data Ingress & Egress
About The Project Modern Software Development environments have significant debugging capabilities to troubleshoot issues with the complex nature of modern software . These debugging capabilities typically manifest in Interactive Development Environment (IDE)…
Java Deserialization Vulnerability Still Alive https://blog.pyn3rd.com/2023/10/20/Java-Deserialization-Vulnerability-Still-Alive/
Pyn3Rd
Java Deserialization Vulnerability Still Alive
Several months ago, the Constrast Security Team reported a Java deserialization vulnerability about Spring Kafka to VMWare Security Team. It immediately attracted my attention and I got started to ana
LXD for security research https://bo-tato.github.io/2023/10/22/lxd-for-security-research.html
Ramblings of a misspelled potato
LXD for security research
Doing security research we are constantly setting up local installations of software we are testing, and running many noscripts and utilities. To avoid risking or polluting our computer with this, we do most things isolated in virtual machines or containers.…
👏2