Massimiliano Tomassoli papers in exploitation

https://github.com/mtomassoli/papers/tree/master

📹 CppCon 2017: James McNellis “Everything You Ever Wanted to Know about DLLs”
👤 CppCon

Nim programming which malware developers like that

Nim's cross-compilation features empower attackers to write a single malware variant, which can then be cross-compiled to target different platforms



a good candidate for writing software in a wide variety of application domains, ranging from web applications to kernels

Windows Session Hijacking via CcmExec
https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec

Dev 101: Bypassing ASLR on windows

“Note: This post is quite theoretical (yuk!) but I’ll work on providing a hands-on demo sometime in the future. Also given the current mitigations in Windows, you’ll need much more than bypassing ASLR”

https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html

In- the- Wild Windows LPE 0- days: Insights & Detection Strategies
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
credit : SAMIR BOUSSEADEN


https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
———
@islemolecule_source

How APT groups operate in the Middle East

The Middle East is a target for APT groups
How cybercriminals prepared for attacks
Gaining initial access
Persisting in the system
What to study inside
Where to find credentials
How to collect valuable information
Communicating with the C&C server
How to cover the tracks
How to resist APT attacks
About the report
Brief denoscription of APT groups
Heat map of APT tactics and techniques in the Middle East

https://www.ptsecurity.com/ww-en/analytics/apt-groups-in-the-middle-east/
———
@islemolecule_source

VirtualBox E1000 Guest-to-Host Escape

https://github.com/MorteNoir1/virtualbox_e1000_0day