Windows Session Hijacking via CcmExec
https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec

Dev 101: Bypassing ASLR on windows

“Note: This post is quite theoretical (yuk!) but I’ll work on providing a hands-on demo sometime in the future. Also given the current mitigations in Windows, you’ll need much more than bypassing ASLR”

https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html

In- the- Wild Windows LPE 0- days: Insights & Detection Strategies
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
credit : SAMIR BOUSSEADEN


https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
———
@islemolecule_source

How APT groups operate in the Middle East

The Middle East is a target for APT groups
How cybercriminals prepared for attacks
Gaining initial access
Persisting in the system
What to study inside
Where to find credentials
How to collect valuable information
Communicating with the C&C server
How to cover the tracks
How to resist APT attacks
About the report
Brief denoscription of APT groups
Heat map of APT tactics and techniques in the Middle East

https://www.ptsecurity.com/ww-en/analytics/apt-groups-in-the-middle-east/
———
@islemolecule_source

VirtualBox E1000 Guest-to-Host Escape

https://github.com/MorteNoir1/virtualbox_e1000_0day

Vulnerability Management Lifecycle in DevSecOps

Vulnerability management overview :

Stages of vulnerability management
+ Identification
+Observability
+Management

https://blog.gitguardian.com/vulnerability-management-lifecycle-in-devsecops/
———
@islemolecule_source

by the way 4.5 decompiled u can recompile if u have skill u can patch the beacon xss rce bug

Locating kernel32 in base address in shellcode writing

Link1

Link2