OctoSQL - is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL:

https://github.com/cube2222/octosql

Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)

Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes. And if they’re a bit more tech-savvy, they’ll use the NtQuerySystemInformation system call directly.

Although this post will focus on obtaining a PID specifically for LSASS, the methods described here can be adapted to resolve PIDs for any process. Some of these are well known and have been discussed before, but there’s also a few new ones that many readers won’t be familiar with…

* https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/

What Is Bun.js and Why Is the JavaScript Community Excited About It?

https://www.makeuseof.com/what-is-bunjs-why-the-javanoscript-community-excited/

Books library https://news.1rj.ru/str/sysadm_in/203879

NimicStack - Slack spoofing with Nim

NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs.

https://github.com/frkngksl/NimicStack

KHS in Almaty (Kazakhstan) at 14-16 September.

With Jayson E. Street (DEF CON Groups Global Ambassador), Author book series of "Dissecting the hack: Series"...

Sys-Adm.in is not only an information partner, but also a participant in the conference 🎉

See more details on official KHS site: https://kazhackstan.kz

SQUIP: Exploiting the Scheduler Queue Contention Side Channel

In this paper, we present the SQUIP attack, the first side-channel attack on scheduler queues. With SQUIP, we measure the precise degree of Scheduler Queue Usage (i.e., occupancy) via Interference Probing. We show that this occupancy level measurement works on microarchitectures of different vendors, namely the Apple M1, AMD Zen 2 and Zen 3…

Kali Linux 2022.3 Release

https://www.kali.org/blog/kali-linux-2022-3-release/

ÆPIC Leak - Architecturally Leaking Uninitialized Data from the Microarchitecture

https://aepicleak.com

P.S. Thx for the news dear subscriber ✌️

Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments

…how to quickly inventory, exploit, and remediate network shares configured with excessive permissions at scale in Active Directory environments…:

https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/

OverSight

Mac malware often spies on users by recording audio and video sessions...sometimes in an undetected manner.

OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.

https://objective-see.org/products/oversight.html

#tool

Researching Xiaomi’s TEE to get to Chinese money

technical analysys

https://research.checkpoint.com/2022/researching-xiaomis-tee/

Fixing Memory Exhaustion Bugs in My Golang Web App

https://mtlynch.io/notes/picoshare-perf/

Hacking Zyxel IP cameras to gain a root shell

TLDR - Do not buy, do not use, and remove all of these devices from service immediately (IPC-3605N and the model IPC-4605N). They are so miserably insecure it took me less than a day of effort to develop a utility to remotely compromise any of them. Keep reading if you want to know how… (from Author)

Technical analysis:

http://www.hydrogen18.com/blog/hacking-zyxel-ip-cameras-pt-1.html

Open SysConf 2022 Уже в Октябре!
 
Привет, мы готовим новую - четвертую ежегодную встречу Open SysConf'22.

Уже точно есть:
— Три доклада
— Собрано половина бюджета
— Место, дата и время встречи
- Обновленный сайт sysconf.io

Обычно у большинства людей обстоятельства складываются таким образом, что вечно что-то мешает заняться спортом, сделать доклад, поучаствовать в конфе, мешают обычно работа, откладывание за завтра и тп и тд...

Собраться, поделиться знаниями, найти время для себя - это то, что нужно действительно сделать здесь и сейчас (и в Октябре)! Расправь плечи дорогой друг, подними голову и ступай смело вперед:

- https://sysconf.io
- 14 Октября, с 11:00 до 20:00, Алматы.

Зал большой, места хватит всем! Все нужные ссылки, ты найдешь на сайте. Peace ✌️.
 

Pwning Popular Desktop apps while uncovering new attack surface on Electron

https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf

ebpf-process-anomaly-detection

Process behaviour anomaly detection using eBPF system call tracing and unsupervised learning Autoencoders.

https://github.com/evilsocket/ebpf-process-anomaly-detection

Envoy

Open Source Edge And Service Proxy, Designed For Cloud-native Applications

https://www.envoyproxy.io/

#tool