A Syscall Journey in the Windows Kernel
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
🔥4👍2🥰2
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/seh-based-buffer-overflow
https://www.exploit-db.com/exploits/47122
https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/seh-based-buffer-overflow
https://www.exploit-db.com/exploits/47122
www.ired.team
SEH Based Buffer Overflow | Red Team Notes
❤6👍2
In less than a couple of days, the first fixes for 0-day, discovered as part of the Pwn2Own Vancouver 2024 hacker competition, rolled out.
The first deals with out-of-bounds (OOB) writing (CVE-2024-29943) for remote code execution, and the second implements Mozilla Firefox sandbox escape via an untrusted function (CVE-2024-29944).
Mozilla says the first vulnerability could allow attackers to access a JavaScript object out of bounds by exploiting range-based bounds checking elimination on affected systems.
An attacker was able to perform an out-of-range read or write to a JavaScript object by tricking the elimination of range-based bounds checking.
The second flaw is described as privileged execution of JavaScript via event handlers, which could allow an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.
Mozilla has fixed security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1, blocking potential remote code execution attacks that target unpatched browsers.
The speed is certainly encouraging, especially considering that after the Pwn2Own competition, vendors are usually in no hurry to release fixes, counting on a 90-day delay until Trend Micro's Zero Day Initiative reveals them publicly.
In addition to Mozilla Firefox, the researcher also successfully uncovered Apple Safari, Google Chrome and Microsoft Edge, whose suppliers are now also analyzing the essence of the problems and preparing their patches.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943
The first deals with out-of-bounds (OOB) writing (CVE-2024-29943) for remote code execution, and the second implements Mozilla Firefox sandbox escape via an untrusted function (CVE-2024-29944).
Mozilla says the first vulnerability could allow attackers to access a JavaScript object out of bounds by exploiting range-based bounds checking elimination on affected systems.
An attacker was able to perform an out-of-range read or write to a JavaScript object by tricking the elimination of range-based bounds checking.
The second flaw is described as privileged execution of JavaScript via event handlers, which could allow an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.
Mozilla has fixed security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1, blocking potential remote code execution attacks that target unpatched browsers.
The speed is certainly encouraging, especially considering that after the Pwn2Own competition, vendors are usually in no hurry to release fixes, counting on a 90-day delay until Trend Micro's Zero Day Initiative reveals them publicly.
In addition to Mozilla Firefox, the researcher also successfully uncovered Apple Safari, Google Chrome and Microsoft Edge, whose suppliers are now also analyzing the essence of the problems and preparing their patches.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943
Mozilla
Security Vulnerabilities fixed in Firefox 124.0.1
🔥3👍1
Understanding the PE+ File Format
credit :allthingsida
[ 01 ] The Headers
[ 02 ] Imports
[ 03 ] Exports
[ 04 ] Entry Points and TLS Callbacks
———
@islemolecule_source
credit :allthingsida
[ 01 ] The Headers
[ 02 ] Imports
[ 03 ] Exports
[ 04 ] Entry Points and TLS Callbacks
———
@islemolecule_source
👍3🥰3❤1
Forwarded from SoheilSec (Soheil Hashemi)
Year_in_Review_of_ZeroDays.pdf
953.4 KB
A review of zero-day in-the-wild exploits in 2023 [ TAG + Mandiant ]
In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild. That’s over 50 percent more than in 2022, but still shy of 2021’s record of 106. Today, Google published its fifth annual review of zero-days exploited in-the-wild, marking the first time Google’s Threat Analysis Group (TAG) and Mandiant teamed up on the report.
https://blog.google/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023
In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild. That’s over 50 percent more than in 2022, but still shy of 2021’s record of 106. Today, Google published its fifth annual review of zero-days exploited in-the-wild, marking the first time Google’s Threat Analysis Group (TAG) and Mandiant teamed up on the report.
https://blog.google/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023
❤4👍3
Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys
https://github.com/S12cybersecurity/WinDefenderKiller
https://github.com/S12cybersecurity/WinDefenderKiller
👍5😁3🤣1
Forwarded from 1N73LL1G3NC3
Malware development: persistence - part 23. LNK files. Simple Powershell example.
Malware development: persistence - part 24. StartupApproved. Simple C example.
Malware and cryptography 22: encrypt/decrypt payload via XTEA. Simple C++ example.
Malware and cryptography 23: encrypt/decrypt file via TEA. Simple C/C++ example.
Malware and cryptography 24: encrypt/decrypt file via Madryga. Simple C/C++ example.
Malware and cryptography 25: encrypt/decrypt payload via RC6. Simple C/C++ example.
Malware development: persistence - part 24. StartupApproved. Simple C example.
Malware and cryptography 22: encrypt/decrypt payload via XTEA. Simple C++ example.
Malware and cryptography 23: encrypt/decrypt file via TEA. Simple C/C++ example.
Malware and cryptography 24: encrypt/decrypt file via Madryga. Simple C/C++ example.
Malware and cryptography 25: encrypt/decrypt payload via RC6. Simple C/C++ example.
cocomelonc
Malware development: persistence - part 23. LNK files. Simple Powershell example.
﷽
👍5🔥4🤔1
👍6🤔1
c2_obf.zip
4.2 MB
A basic concept of obfuscating command and control (C2) servers securely with Redirectors.
👍5🥰3
Go 101
an up-to-date knowledge base for Go programming self learning
https://go101.org/
———
@islemolecule_source
an up-to-date knowledge base for Go programming self learning
https://go101.org/
-= Go (Fundamentals) 101 =-
-= Go Generics 101 =-
-= Go Optimizations 101 =-
-= Go Details & Tips 101 =-
-= Go Quizzes 101 =-
-= Go 101 Apps & Libs =-
-= Go 101 Blog =-
———
@islemolecule_source
👍4
AWE Prep
OffSec EXP-401 Advanced Windows Exploitation (AWE)
credit : talson
https://talson.notion.site/AWE-Prep-c820706e05be43cf9fb434625914c171
OffSec EXP-401 Advanced Windows Exploitation (AWE)
credit : talson
Windows Kernel Exploitation
Ghidra Setup & Tips
Browser Exploitation
Hypervisor Exploitation
https://talson.notion.site/AWE-Prep-c820706e05be43cf9fb434625914c171
❤6👍1💔1
Low-Level x86-64 Architecture, Linking & Loading, Memory Management, etc...
from SANS sec660.4 (Exploiting Linux for Penetration Testers)
credit: Stephen Sims
https://www.youtube.com/watch?v=I37AJebKh2Y
———
@islemolecule_source
from SANS sec660.4 (Exploiting Linux for Penetration Testers)
credit: Stephen Sims
https://www.youtube.com/watch?v=I37AJebKh2Y
———
@islemolecule_source
👍7❤🔥5❤1
Structure-Aware linux kernel Fuzzing with libFuzzer
credit: Meysam
https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html
I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.
credit: Meysam
https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html
❤🔥5👍2
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
A little lifehack if you, like me, come across paid articles from Medium. These sites allow you to read paid Medium articles for free:
🔗 https://freedium.cfd/<URL>
🔗 https://medium-forall.vercel.app/
#medium #premium #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10
Forwarded from SoheilSec (Soheil Hashemi)
first set of YARA rules to detect the backdoored XZ packages
report:
https://www.openwall.com/lists/oss-security/2024/03/29/4
rules:
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
report:
https://www.openwall.com/lists/oss-security/2024/03/29/4
rules:
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
GitHub
signature-base/yara/bkdr_xz_util_cve_2024_3094.yar at master · Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
👍5
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
The xz package tar's were backdoored.
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://twitter.com/badsectorlabs/status/1773759444486177023
The xz package tar's were backdoored.
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://twitter.com/badsectorlabs/status/1773759444486177023
👍4🤡2
👍4
Media is too big
VIEW IN TELEGRAM
📹 CppCon 2017: James McNellis “Everything You Ever Wanted to Know about DLLs”
👤 CppCon
👤 CppCon
❤6🔥2👍1
Nim_Programming_Lang.rar
739.5 MB
Nim programming which malware developers like that
Nim's cross-compilation features empower attackers to write a single malware variant, which can then be cross-compiled to target different platforms
a good candidate for writing software in a wide variety of application domains, ranging from web applications to kernels
Nim's cross-compilation features empower attackers to write a single malware variant, which can then be cross-compiled to target different platforms
a good candidate for writing software in a wide variety of application domains, ranging from web applications to kernels
👍6