2023 Top Vulnerabilities

CVE-2023-28252 1– Windows Common Log File System Driver Elevation of Privilege Vulnerability.

CVE-2023-7024– Google Chromium WebRTC Heap Buffer Overflow Vulnerability.

CVE-2023-23397 2– Microsoft Outlook Elevation of Privilege Vulnerability.

CVE-2023-34362– Progress MOVEit Transfer SQL Injection Vulnerability.

CVE-2023-38831– RARLAB WinRAR Code Execution Vulnerability

CVE-2023-21674– Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.

CVE-2023-23376– Windows Common Log File System Driver Elevation of Privilege Vulnerability.

CVE-2023-32434– Apple Multiple Products Integer Overflow Vulnerability.

CVE-2023-41763– Skype for Business Elevation of Privilege Vulnerability.

CVE-2023-36033– Windows DWM Core Library Elevation of Privilege Vulnerability

https://malware.news/t/2023-top-vulnerabilities/79315

Complete Guide to Advanced Persistent Threat (APT) Security
https://securityboulevard.com/2024/03/complete-guide-to-advanced-persistent-threat-apt-security/

open source RAT on the scene Xeno Rat

https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/

https://github.com/moom825/xeno-rat

How we applied advanced fuzzing techniques to cURL


https://blog.trailofbits.com/2024/03/01/toward-more-effective-curl-fuzzing/

Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338
Beyond BYOVD with an Admin-to-Kernel Zero-Day
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/

Password : GREENARMOR

Thanks " ./h4x Forensics " and others for sharing

Windows persistence mechanisms

https://persistence-info.github.io/

MIT Operating System Engineering 6.1810(6.S081) Course
labs, pdfs, books, links, videos included

https://github.com/yaruwangway/6.S081

https://youtube.com/playlist?list=PLTsf9UeqkReZHXWY9yJvTwLJWYYPcKEqK&si=zt7GV6w5zFD-Vau4

CS 162 Berkley
https://youtube.com/playlist?list=PLF2K2xZjNEf97A_uBCwEl61sdxWVP7VWC&si=iQHM_2XyWPerIW4P

Несколько переведённых глав из книжки об операционной системе, разбирающейся в курсе:


Глава 6. Блокировки
https://habr.com/ru/articles/789478

Глава 5. Прерывания и драйверы устройств
https://habr.com/ru/articles/791058

Глава 4. Прерывания и системные вызовы
https://habr.com/ru/articles/791286

Глава 3. Таблицы страниц
https://habr.com/ru/articles/792808

Инструменты для сборки и запуска xv6 под QEMU
https://habr.com/ru/articles/794326

Глава 2. Устройство операционной системы
https://habr.com/ru/articles/795735

Глава 1. Интерфейсы операционной системы
https://habr.com/ru/articles/797557

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

https://lab52.io/blog/pelmeni-wrapper-new-wrapper-of-kazuar-turla-backdoor/

Scam .pdf files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads

Introducing APT-Hunter : Threat Hunting Tool via Windows Event Log

https://shells.systems/introducing-apt-hunter-threat-hunting-tool-via-windows-event-log/

#tools

Keylogging in the Windows kernel with undocumented data structures

https://eversinc33.com/posts/kernel-mode-keylogging/

 Initial Access Operations Part 2: Offensive DevOps

https://www.blackhillsinfosec.com/initial-access-operations-part-2/

"Introduction to Reverse Engineering with Ghidra"
https://voidstarsec.com/ghidra.html#:~:text=Introduction%20to%20Reverse%20Engineering%20with%20Ghidra

Reverse engineering of Android Phoenix RAT

Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3

Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d

ساختار فایل PE
- header
https://mrpythonblog.ir/pe1/
- section
https://mrpythonblog.ir/pe2/
-exports
https://mrpythonblog.ir/pe3/
-imports
https://mrpythonblog.ir/pe4/
-relocation
https://mrpythonblog.ir/pe5/


#pe

@MrPythonBlog