Hacking Brightway scooters: A case study https://robocoffee.de/?p=436
Bypassing major EDRs using Pool Party process injection techniques https://securityaffairs.com/155464/hacking/pool-party-bypassing-edr.html
Security Affairs
Bypassing major EDRs using Pool Party process injection techniques
Researchers devised novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions.
New botnet malware exploits zero-day CVE-2023-49897 flaw in routers https://securityonline.info/new-botnet-malware-exploits-zero-day-cve-2023-49897-flaw-in-routers/
Cybersecurity News
New botnet malware exploits zero-day CVE-2023-49897 flaw in routers
This vulnerability cataloged as CVE-2023-49897 with a CVSS v3 score of 8.0, allows authenticated attackers to execute OS commands remotely
⚡1
Understanding Dirty Pagetable - m0leCon Finals 2023 CTF Writeup https://ptr-yudai.hatenablog.com/entry/2023/12/08/093606
CTFするぞ
Understanding Dirty Pagetable - m0leCon Finals 2023 CTF Writeup - CTFするぞ
About I participated m0leCon Finals 2023 CTF, which was held in Politecnico di Torino, Italy, as a member of std::weak_ptr<moon>*1. Among the pwnable challenges…
👍1
Reverse engineering natively-compiled .NET apps: Digging into internals of apps built with native AOT https://migeel.sk/blog/2023/09/15/reverse-engineering-natively-compiled-dotnet-apps/
Michal's low level corner
Reverse engineering natively-compiled .NET apps
Digging into internals of apps built with native AOT.
🔥1
Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/
Unit 42
Fighting Ursa Aka APT28: Illuminating a Covert Campaign
In three campaigns over the past 20 months, Russian APT Fighting Ursa has targeted over 30 organizations of likely strategic intelligence value using CVE-2023-23397.
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF https://www.fortinet.com/blog/threat-research/mranon-stealer-spreads-via-email-with-fake-hotel-booking-pdf
Fortinet Blog
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF
FortiGuard Labs uncovers a sophisticated phishing campaign deploying MrAnon Stealer via fake booking PDF. Learn more.…
Unraveling The Story of Multiple Admin Panel Compromises https://vedanttekale20.medium.com/unraveling-the-story-of-multiple-admin-panel-compromises-baac4444285f
Medium
Unraveling The Story of Multiple Admin Panel Compromises
Welcome back, fellow hackers and cyber security enthusiasts! I’m Vedant, also known as Vegeta on Twitter 😁. It’s been a while, but I’m…
👍2
23 Open Problems for Digital Self-Replicators https://tmpout.sh/3/21.html
DanaBot's Latest Move: Deploying Latrodectus https://www.esentire.com/blog/danabots-latest-move-deploying-icedid
eSentire
DanaBot's Latest Move: Deploying Latrodectus
Learn more about DanaBot banking Trojan and get security recommendations from our Threat Response Unit (TRU) to protect your business from this cyber…
👍1
Information about Windows persistence mechanisms https://persistence-info.github.io/
👌2
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction https://embee-research.ghost.io/ghidra-basics-shellcode-analysis/
Embee Research
How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) https://seanpesce.blogspot.com/2023/03/leveraging-ssh-keygen-for-arbitrary.html
Blogspot
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
TL;DR The ssh-keygen command can be used to load a shared library with the -D flag. This can be useful for privilege ...
Cramming a Tiny Program into a Tiny ELF File: A Case Study https://tmpout.sh/3/22.html
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
SafeBreach
Process Injection Using Windows Thread Pools | Safebreach
Researchers have developed 8 new undetectable process injection techniques exploiting Windows thread pools to bypass leading EDR solutions.
👍2
PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools https://github.com/SafeBreach-Labs/PoolParty
GitHub
GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
A set of fully-undetectable process injection techniques abusing Windows Thread Pools - SafeBreach-Labs/PoolParty
POSTDump: perform minidump of LSASS process using few technics to avoid detection https://securityonline.info/postdump-perform-minidump-of-lsass-process-using-few-technics-to-avoid-detection/
New payload to exploit Error-based SQL injection - Oracle database https://www.mannulinux.org/2023/12/New-payload-to-exploit-Error-based-SQL-injection-Oracle-database.html
www.mannulinux.org
New payload to exploit Error-based SQL injection - Oracle database
Learn Basic Concepts of Linux. Best site to learn Linux from beginner to Advanced.
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans https://fourcore.io/blogs/rhysida-ransomware-history-ttp-adversary-emulation
FourCore
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans
Rhysida is a new player in the Ransomware space, first appearing in May 2023, and has been targeting industries all across the globe. In recent months, Rhysida has run campaigns compromising and extorting organizations from the government, education, healthcare…
JMP slide: A NOP-sled alternative https://tin-z.github.io/intel/assembly/exploit/2023/12/12/jmp_slide.html
Lambda driver blog
JMP slide: A NOP-sled alternative
In the following blog post, I will introduce you to two techniques similar to NOP-sled or NOP slide, but with the advantage that they are faster. Those techniques are: JMP slide and JCC slide.