CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability #ZeroDayInitiative #CVE202420697 #Windows #Libarchive #RemoteCodeExecution https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
Zero Day Initiative
Zero Day Initiative — CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Microsoft Windows. This bug was originally…
EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile #EvilGophish #AdvancedBotDetection #CloudflareTurnstile #PhishingInfrastructure #CybersecurityTools https://fin3ss3g0d.net/index.php/2024/04/08/evilgophishs-approach-to-advanced-bot-detection-with-cloudflare-turnstile/
fin3ss3g0d's Blog -
EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile - fin3ss3g0d's Blog
Introduction Bots pose a significant threat to the integrity of phishing infrastructure, primarily by automating detection and countermeasures that can prematurely expose and neutralize simulated phishing campaigns. These automated agents can range from security…
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers #Shielder #ElementAndroid #CVE2024-26131 #CVE2024-26132 #NeverTakeIntentsFromStrangers https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
🔥1
Breaking Custom Encryption Using Frida (Mobile Application Pentesting) #CustomEncryption #Frida #MobileApp #PenTesting #ApplicationSecurity https://labs.cognisys.group/posts/Breaking-Custom-Ecryption-Using-Frida-Mobile-Application-pentesting/
Cognisys Group Labs
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
Overview
🔥1
The Windows Registry Adventure #1: Introduction and research results #ProjectZero #WindowsRegistryAdventure #ResearchResults #CVEs #LocalPrivilegeEscalation https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
projectzero.google
The Windows Registry Adventure #1: Introduction and research results - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in sear...
How Hackers Use Wireshark for Password Sniffing: What does Wireshark do? #Hackers #Wireshark #PasswordSniffing #Cybersecurity #ProtectYourself https://hackproofhacks.com/password-sniffing/
HackProofHacks
How Hackers Use Wireshark for Password Sniffing: What does Wireshark do? - HackProofHacks
Hey there, let's dive deep into the world of password sniffing and understand how hackers operate to steal sensitive information like login credentials.
The Windows Registry Adventure #2: A brief history of the feature #ProjectZero #WindowsRegistry #History #Google #Windows11 https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
projectzero.google
The Windows Registry Adventure #2: A brief history of the feature - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in...
Abusing WSUS with MITM to perform ADCS ESC8 attack #WSUS #MITM #ADCS #ESC8 #PrivilegeEscalation https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
Belette Timorée’s blog post
Abusing WSUS with MITM to perform ADCS ESC8 attack
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution #GoogleChrome #V8 #CodeExecution #VulnerabilityAnalysis #ExodusIntelligence https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
Exodus Intelligence
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in a Chrome update on 16 January 2024 and assigned CVE-2024…
🔥3
NTLM v1 and NTLM v2 vs Kerberos #NTLM #Kerberos #ServerHardeningAutomation #SecurityUpdates #MITREATT&CK https://www.calcomsoftware.com/ntlm-v1-and-v2-vs-kerberos/
CalCom
NTLMv1, NTLMv2 vs Kerberos – Key Differences & Best Practices
Compare NTLMv1, NTLMv2 and Kerberos authentication protocols — pros, cons, and when to use each. See latest security guidance & hardening tips.
Smoke and (screen) mirrors: A strange signed backdoor #SophosNews #BackdoorDiscovery #SignedExecutable #ThreatResearch #MaliciousBackdoor https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
Sophos
Smoke and (screen) mirrors: A strange signed backdoor
Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely
KExecDD: Admin to Kernel code execution using the KSecDD driver #KExecDD #AdminToKernel #KSecDDdriver #LSASS #KernelSecurity https://github.com/floesen/KExecDD
GitHub
GitHub - floesen/KExecDD: Admin to Kernel code execution using the KSecDD driver
Admin to Kernel code execution using the KSecDD driver - floesen/KExecDD
An Analysis of the DHEat DoS Against SSH in Cloud Environments #DHEat #SSH #DenialOfService #Cloud #Security https://www.positronsecurity.com/blog/2024-04-23-an-analysis-of-dheat-dos-against-ssh-in-cloud-environments/
CVE-2024-2389:
Command Injection Vulnerability
In Progress Flowmon #CVE #CommandInjection #PenetrationTesting #SecurityVulnerability #ProgressFlowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
Command Injection Vulnerability
In Progress Flowmon #CVE #CommandInjection #PenetrationTesting #SecurityVulnerability #ProgressFlowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
Rhino Security Labs
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Cisco Talos Blog
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.
Exploiting embedded mitel phones for unauthenticated remote code execution #MitelPhoneExploit #RemoteCodeExecution #Vulnerabilities #ReverseEngineering #RootAccess https://baldur.dk/blog/embedded-mitel-exploitation.html
baldur.dk
BALDUR. - Security Consultancy
How to achieve a working remote code execution exploit in an embedded phone without any previous access.
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials #ForestBlizzard #CVE202238028 #MicrosoftSecurityBlog #ThreatAnalysis #CredentialTheft https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
Microsoft News
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analysis of Forrest Blizzard's exploitation of the CVE-2022-38028 vulnerability in Windows Print Spooler that allows elevated permissions.
Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) #OpenDevin #AI #CyberSecurity #Vulnerabilities #Education https://evren.ninja/multiple-vulnerabilities-in-opendevin.html