Smoke and (screen) mirrors: A strange signed backdoor #SophosNews #BackdoorDiscovery #SignedExecutable #ThreatResearch #MaliciousBackdoor https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
Sophos
Smoke and (screen) mirrors: A strange signed backdoor
Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely
KExecDD: Admin to Kernel code execution using the KSecDD driver #KExecDD #AdminToKernel #KSecDDdriver #LSASS #KernelSecurity https://github.com/floesen/KExecDD
GitHub
GitHub - floesen/KExecDD: Admin to Kernel code execution using the KSecDD driver
Admin to Kernel code execution using the KSecDD driver - floesen/KExecDD
An Analysis of the DHEat DoS Against SSH in Cloud Environments #DHEat #SSH #DenialOfService #Cloud #Security https://www.positronsecurity.com/blog/2024-04-23-an-analysis-of-dheat-dos-against-ssh-in-cloud-environments/
CVE-2024-2389:
Command Injection Vulnerability
In Progress Flowmon #CVE #CommandInjection #PenetrationTesting #SecurityVulnerability #ProgressFlowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
Command Injection Vulnerability
In Progress Flowmon #CVE #CommandInjection #PenetrationTesting #SecurityVulnerability #ProgressFlowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
Rhino Security Labs
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Cisco Talos Blog
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.
Exploiting embedded mitel phones for unauthenticated remote code execution #MitelPhoneExploit #RemoteCodeExecution #Vulnerabilities #ReverseEngineering #RootAccess https://baldur.dk/blog/embedded-mitel-exploitation.html
baldur.dk
BALDUR. - Security Consultancy
How to achieve a working remote code execution exploit in an embedded phone without any previous access.
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials #ForestBlizzard #CVE202238028 #MicrosoftSecurityBlog #ThreatAnalysis #CredentialTheft https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
Microsoft News
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analysis of Forrest Blizzard's exploitation of the CVE-2022-38028 vulnerability in Windows Print Spooler that allows elevated permissions.
Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) #OpenDevin #AI #CyberSecurity #Vulnerabilities #Education https://evren.ninja/multiple-vulnerabilities-in-opendevin.html
How MFA Is Falling Short #MFArisks #MFAfallingshort #1PasswordExtendedAccess #UserFirstSecurity #KolideDeviceTrust https://www.kolide.com/blog/how-mfa-is-falling-short
1Password Blog
How MFA is falling short | 1Password Blog
MFA was supposed to solve our security problems, so why do attackers keep getting around it?
How I hacked into Google’s internal corporate assets #Google #cybersecurity #bugbounty #dependencyconfusion #digitalrisk https://observationsinsecurity.com/2024/04/25/how-i-hacked-into-googles-internal-corporate-assets/
Observations in Security
How I hacked into Google’s internal corporate assets
It’s raining command injections! Every now and then, I take some time to work on bug bounty projects to explore threat vectors into real world targets like Google, Tesla and many others…
Automating API Vulnerability Testing Using Postman Workflows #APIVulnerabilityTesting #PostmanWorkflows #AutomatedTesting #BugHunting #OWASP https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows/
haymiz@kali:~/blog$
Automating API Vulnerability Testing Using Postman Workflows
Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.
From IcedID to Dagon Locker Ransomware in 29 Days #IcedID #DagonLocker #Ransomware #DFIRReport #ThreatIntelligence https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis #MalwareAnalysis #Gemini1.5Pro #AIAssistance #ReverseEngineering #ZeroDayDetection https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis
Google Cloud Blog
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis | Google Cloud Blog
Gemini 1.5 Pro helps analysts manage the asymmetric volume of threats more effectively and efficiently.
🤮2🎉1
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller #NVMe #Linux #KernelFuzzer #NVMeOF #Subsystems https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion #MorphinTime #SelfModifyingCode #WriteProcessMemory #EDREvasion #ProcessMockingjay https://revflash.medium.com/its-morphin-time-self-modifying-code-sections-with-writeprocessmemory-for-edr-evasion-9bf9e7b7dced
Medium
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion
The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) #VoicePhishing #FinancialFraud #SecretCalls #KoreanFraudster #AntiAnalysisTechniques https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
Medium
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
Author: S2W TALON
Reverse Engineering Protobuf Definitions From Compiled Binaries #ReverseEngineering #Protobuf #Definitions #CompiledBinaries #SecurityBlog https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
Arkadiyt
Reverse Engineering Protobuf Definitions From Compiled Binaries
How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture