LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
www.binarly.io
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
Binarly researchers find a direct connection between the newly discovered Bootkitty Linux bootkit and exploitation of the LogoFAIL image parsing vulnerabilities reported more than a year ago
Forwarded from Malware, Cats and Cryptography
Alhamdulillah, I finished writing MD MZ Book 2nd edition. More than two years have passed since then, and I wanted to supplement the book with new articles from my blog. As a result, this new edition of this book now contains almost 1000 pages.
The new version of this book is divided into five (4 + 1 bonus) chapters:
- Malware development tricks and techniques
- AV evasion tricks
- Persistence techniques
- Malware, Cryptography, Research
- Intro to linux malware development
All material in the book is based on posts from my blog.
This book is dedicated to my wife, Laura, and my children, Yerzhan and Munira. I would like to express my deep gratitude to my friends and colleagues.
Special thanks to Anna Tsyganova and Duman Sembayev.
The proceeds from the sale of this book will be used to treat Munira and charity funds from Kazakhstan:
https://cocomelonc.github.io/book/2024/11/29/mybook-2.html
The new version of this book is divided into five (4 + 1 bonus) chapters:
- Malware development tricks and techniques
- AV evasion tricks
- Persistence techniques
- Malware, Cryptography, Research
- Intro to linux malware development
All material in the book is based on posts from my blog.
This book is dedicated to my wife, Laura, and my children, Yerzhan and Munira. I would like to express my deep gratitude to my friends and colleagues.
Special thanks to Anna Tsyganova and Duman Sembayev.
The proceeds from the sale of this book will be used to treat Munira and charity funds from Kazakhstan:
https://cocomelonc.github.io/book/2024/11/29/mybook-2.html
cocomelonc
Malware development book. Second edition
﷽
Zabbix - SQL injection in user.get API (CVE-2024-42327)
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
Critical
https://support.zabbix.com/browse/ZBX-25623
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
Critical
https://support.zabbix.com/browse/ZBX-25623
zizmor would have caught the Ultralytics workflow vulnerability
https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
blog.yossarian.net
zizmor would have caught the Ultralytics workflow vulnerability
Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
Huntress
Cleo Software Actively Being Exploited in the Wild CVE-2024-55956 | Huntress
Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, known as CVE-2024-55956, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog.
Popularization of eBPF technology and other trends in Trojan engineering.
https://news.drweb.ru/show/?i=14955&lng=ru
https://news.drweb.ru/show/?i=14955&lng=ru
Dr.Web
Популяризация технологии eBPF и другие тренды в трояностроении
Исследование очередного киберинцидента позволило вирусным аналитикам «Доктор Веб» выявить идущую хакерскую кампанию, в ходе которой проявились многие современные тенденции, применяемые злоумышленниками.
MITRE-ATTACK Navigator
https://github.com/CTI-Driven/Advanced-Threat-Hunting-Ransomware-Groups-Affiliates/tree/main/Known-Exploited-Vulnerabilities-By-Ransomware-Groups-KQL
https://github.com/CTI-Driven/Advanced-Threat-Hunting-Ransomware-Groups-Affiliates/tree/main/Known-Exploited-Vulnerabilities-By-Ransomware-Groups-KQL
GitHub
Advanced-Threat-Hunting-Ransomware-Groups-Affiliates/Known-Exploited-Vulnerabilities-By-Ransomware-Groups-KQL at main · CTI-Driven/Advanced…
Advanced Threat Hunting: Ransomware Group. Contribute to CTI-Driven/Advanced-Threat-Hunting-Ransomware-Groups-Affiliates development by creating an account on GitHub.
Declawing PUMAKIT
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers:
https://www.elastic.co/security-labs/declawing-pumakit
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers:
https://www.elastic.co/security-labs/declawing-pumakit
www.elastic.co
Declawing PUMAKIT — Elastic Security Labs
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.
This media is not supported in your browser
VIEW IN TELEGRAM
𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗛𝗼𝘄 𝗗𝗮𝘁𝗮 𝗧𝗿𝗮𝘃𝗲𝗹𝘀: 𝗧𝗵𝗲 𝟳 𝗟𝗮𝘆𝗲𝗿𝘀 𝗼𝗳 𝗢𝗦𝗜 𝗠𝗼𝗱𝗲𝗹
Taiga: The free and open-source project management tool
Are you find Jira alternatives? Try to Taiga:
https://taiga.io/
Are you find Jira alternatives? Try to Taiga:
https://taiga.io/
Trace in Go & How to works Garbage collector
Links
Jaeger: open source, distributed tracing platform:
- https://www.jaegertracing.io/
OpenTelemetry-Go is the Go implementation of OpenTelemetry. It provides a set of APIs to directly measure performance and behavior of your software and send this data to observability platforms:
- https://github.com/open-telemetry/opentelemetry-go
Articles
Introduction to Tracing in Go with Jaeger & OpenTelemetry:
- https://medium.com/@nairouasalaton/introduction-to-tracing-in-go-with-jaeger-opentelemetry-71955c2afa39
A language-specific implementation of OpenTelemetry in Go:
- https://opentelemetry.io/docs/languages/go/
Exploring the Inner Workings of Garbage Collection in Golang : Tricolor Mark and Sweep:
- https://medium.com/@souravchoudhary0306/exploring-the-inner-workings-of-garbage-collection-in-golang-tricolor-mark-and-sweep-e10eae164a12
Memory Optimization and Garbage Collector Management in Go:
- https://betterprogramming.pub/memory-optimization-and-garbage-collector-management-in-go-71da4612a960
Docker images:
- https://hub.docker.com/r/jaegertracing/all-in-one
- https://hub.docker.com/r/jaegertracing/opentelemetry-all-in-one/
Links
Jaeger: open source, distributed tracing platform:
- https://www.jaegertracing.io/
OpenTelemetry-Go is the Go implementation of OpenTelemetry. It provides a set of APIs to directly measure performance and behavior of your software and send this data to observability platforms:
- https://github.com/open-telemetry/opentelemetry-go
Articles
Introduction to Tracing in Go with Jaeger & OpenTelemetry:
- https://medium.com/@nairouasalaton/introduction-to-tracing-in-go-with-jaeger-opentelemetry-71955c2afa39
A language-specific implementation of OpenTelemetry in Go:
- https://opentelemetry.io/docs/languages/go/
Exploring the Inner Workings of Garbage Collection in Golang : Tricolor Mark and Sweep:
- https://medium.com/@souravchoudhary0306/exploring-the-inner-workings-of-garbage-collection-in-golang-tricolor-mark-and-sweep-e10eae164a12
Memory Optimization and Garbage Collector Management in Go:
- https://betterprogramming.pub/memory-optimization-and-garbage-collector-management-in-go-71da4612a960
Docker images:
- https://hub.docker.com/r/jaegertracing/all-in-one
- https://hub.docker.com/r/jaegertracing/opentelemetry-all-in-one/
Jaeger
Jaeger: open source, distributed tracing platform
Monitor and troubleshoot workflows in complex distributed systems
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
Datadoghq
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
This post describes an in-depth investigation by Datadog security researchers into a threat actor dubbed MUT-1244, which targets other malicious actors as well as security practitioners and academics.
Cyber Essentials- Requirements for IT Infrastructure v3.2
546.5 KB
Cyber Essentials: Requirements
for IT Infrastructure v3.2
from NCSC
for IT Infrastructure v3.2
from NCSC
Как мы оптимизировали наш DNS-сервер с помощью инструментов GO
(optimization of DNS server written in go)
https://habr.com/ru/companies/otus/articles/487934/
(optimization of DNS server written in go)
https://habr.com/ru/companies/otus/articles/487934/
Хабр
Как мы оптимизировали наш DNS-сервер с помощью инструментов GO
В преддверии старта нового потока по курсу «Разработчик Golang» подготовили перевод интересного материала. Наш авторитативный DNS-сервер используют десятки тысяч веб-сайтов. Мы ежедневно отвечаем на...
BellaCPP: Discovering a new BellaCiao variant written in C++
https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/
https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/
Securelist
Kaspersky discovers C++ version of BellaCiao malware
While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed "BellaCPP".