Nov. 30, 2024 |
Dissecting JA4H for improved Sliver C2 detections |
https://www.reddit.com/r/netsec/comments/1h2i411/dissecting_ja4h_for_improved_sliver_c2_detections/
|
Nov. 28, 2024 |
New PE Vulnerability in Windows OS! |
https://www.reddit.com/r/netsec/comments/1h112rz/new_pe_vulnerability_in_windows_os/
|
Nov. 28, 2024 |
Analyzing APT36’s ElizaRAT: Evolution of Espionage Techniques |
https://www.reddit.com/r/netsec/comments/1h1rtvt/analyzing_apt36s_elizarat_evolution_of_espionage/
|
Nov. 25, 2024 |
Security Analysis of the MERGE Voting Protocol |
https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html
|
Sept. 20, 2024 |
A Journey From `sudo iptables` To Local Privilege Escalation - Shielder |
https://www.reddit.com/r/netsec/comments/1flca3w/a_journey_from_sudo_iptables_to_local_privilege/
|
Sept. 20, 2024 |
Vulnerabilities in Open Source C2 Frameworks |
https://www.reddit.com/r/netsec/comments/1fk27w9/vulnerabilities_in_open_source_c2_frameworks/
|
Sept. 12, 2024 |
Blog Post: Intelligent Adversary Emulation with the Bounty Hunter |
https://www.reddit.com/r/netsec/comments/1feybki/blog_post_intelligent_adversary_emulation_with/
|
Sept. 12, 2024 |
Why Django’s [DEBUG=True] is a Goldmine for Hackers |
https://www.reddit.com/r/netsec/comments/1fec2w0/why_djangos_debugtrue_is_a_goldmine_for_hackers/
|
Sept. 12, 2024 |
Browser Stored Credentials |
https://www.reddit.com/r/netsec/comments/1fde3lk/browser_stored_credentials/
|
Sept. 12, 2024 |
Blog Series on Android Bytecode Exploitation |
https://www.reddit.com/r/netsec/comments/1fe4p0z/blog_series_on_android_bytecode_exploitation/
|
Sept. 12, 2024 |
The Security Canary Maturity Model |
https://www.reddit.com/r/netsec/comments/1fe55uj/the_security_canary_maturity_model/
|
Sept. 12, 2024 |
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - watchTowr Labs |
https://www.reddit.com/r/netsec/comments/1fe732m/we_spent_20_to_achieve_rce_and_accidentally/
|
Aug. 7, 2024 |
0.0.0.0 Day: Exploiting Localhost APIs From the Browser |
https://www.reddit.com/r/netsec/comments/1emisp1/0000_day_exploiting_localhost_apis_from_the/
|
Aug. 7, 2024 |
Unveiling the Power Duo: osquery and osctrl |
https://www.reddit.com/r/netsec/comments/1ellf4d/unveiling_the_power_duo_osquery_and_osctrl/
|
Aug. 7, 2024 |
Tony Hawk's Pro Strcpy |
https://www.reddit.com/r/netsec/comments/1emmieq/tony_hawks_pro_strcpy/
|
Aug. 3, 2024 |
MITMing the Xbox 360 Dashboard for Fun and RCE |
https://www.reddit.com/r/netsec/comments/1egs8rn/mitming_the_xbox_360_dashboard_for_fun_and_rce/
|
Aug. 3, 2024 |
SLUBStick: Linux Kernel Exploitation with Cross-Cache Attacks |
https://securityonline.info/slubstick-linux-kernel-exploitation-with-cross-cache-attacks/
|
Aug. 3, 2024 |
Create your own custom implant for Initial Access - Blog |
https://www.reddit.com/r/netsec/comments/1egu4cb/create_your_own_custom_implant_for_initial_access/
|
Aug. 3, 2024 |
Patching client-side React JS to gain admin access to a Siemens cloud application |
https://www.reddit.com/r/netsec/comments/1egy891/patching_clientside_react_js_to_gain_admin_access/
|
Aug. 3, 2024 |
Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection |
https://www.reddit.com/r/netsec/comments/1ehlyi4/bypassing_rockwell_automation_logix_controllers/
|
July 24, 2024 |
Blocking EDR Telemetry via PitM Network Filtering |
https://www.reddit.com/r/netsec/comments/1ea2pkk/blocking_edr_telemetry_via_pitm_network_filtering/
|
July 24, 2024 |
CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation |
https://www.reddit.com/r/netsec/comments/1ea9bu3/cve20198805_apple_endpointsecurity_framework/
|
July 9, 2024 |
Reverse-Engineering Ticketmaster’s Barcode System |
https://www.schneier.com/blog/archives/2024/07/reverse-engineering-ticketmasters-barcode-system.html
|
July 8, 2024 |
Understanding Authentication in Enterprise Wi-Fi |
https://www.reddit.com/r/netsec/comments/1dx95pc/understanding_authentication_in_enterprise_wifi/
|
July 5, 2024 |
Raising Beacons without UDRL and teaching them how to sleep |
https://www.reddit.com/r/netsec/comments/1dv6tsd/raising_beacons_without_udrl_and_teaching_them/
|
July 5, 2024 |
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1) |
https://www.reddit.com/r/netsec/comments/1dvjw6t/ring_around_the_regex_lessons_learned_from/
|
June 23, 2024 |
Understanding Protected Management Frames |
https://www.reddit.com/r/netsec/comments/1dmj2ii/understanding_protected_management_frames/
|
May 26, 2024 |
Nuking Weak Shellcode Hacker Hashes For Fun And Profit! |
https://www.reddit.com/r/netsec/comments/1cyul5q/nuking_weak_shellcode_hacker_hashes_for_fun_and/
|
May 16, 2024 |
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule |
https://www.reddit.com/r/netsec/comments/1crlimr/response_filter_denial_of_service_rfdos_shut_down/
|
May 16, 2024 |
Credential leakage risks hiding in Frontend code (real statistics from Korean websites) |
https://www.reddit.com/r/netsec/comments/1crrg6p/credential_leakage_risks_hiding_in_frontend_code/
|
May 16, 2024 |
"Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides |
https://www.reddit.com/r/netsec/comments/1crsndo/password_cracking_past_present_future/
|
May 16, 2024 |
Executing Cobalt Strike's BOFs on ARM-based Linux devices |
https://www.reddit.com/r/netsec/comments/1csj14m/executing_cobalt_strikes_bofs_on_armbased_linux/
|
May 16, 2024 |
Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI |
https://www.reddit.com/r/netsec/comments/1ct46ut/patch_diffing_cve20243400_from_a_palo_alto_ngfw/
|
May 16, 2024 |
How an Employee's Personal GitHub Repository Compromised Azure’s Internal Container Registry |
https://www.reddit.com/r/netsec/comments/1ctf3xr/how_an_employees_personal_github_repository/
|
May 13, 2024 |
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1 |
https://www.reddit.com/r/netsec/comments/1cosb1j/unmasking_adversary_cloud_defense_evasion/
|
May 4, 2024 |
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion |
https://www.reddit.com/r/netsec/comments/1ci87pd/its_morphin_time_selfmodifying_code_sections_with/
|
May 4, 2024 |
Ever wondered where your inserted data went? Our Burp Suite Extension FlowMate helps you find out. |
https://www.reddit.com/r/netsec/comments/1cj8q5i/ever_wondered_where_your_inserted_data_went_our/
|
May 4, 2024 |
Flutter Windows Thick Client SSL Pinning Bypass |
https://www.reddit.com/r/netsec/comments/1cje9gq/flutter_windows_thick_client_ssl_pinning_bypass/
|
April 25, 2024 |
Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone |
https://www.reddit.com/r/netsec/comments/1ccoqia/exploring_vulnerabilities_in_embedded_devices_a/
|
April 24, 2024 |
BlackBerry MDM Has Some Authentication Flaws |
https://www.reddit.com/r/netsec/comments/1cb45v8/blackberry_mdm_has_some_authentication_flaws/
|
April 23, 2024 |
An Analysis of the DHEat DoS Against SSH in Cloud Environments |
https://www.reddit.com/r/netsec/comments/1cb132j/an_analysis_of_the_dheat_dos_against_ssh_in_cloud/
|
April 22, 2024 |
Backdooring Dotnet Applications |
https://www.reddit.com/r/netsec/comments/1c8444c/backdooring_dotnet_applications/
|
April 20, 2024 |
Backdooring Dotnet Applications |
https://www.reddit.com/r/netsec/comments/1c8444c/backdooring_dotnet_applications/
|
April 20, 2024 |
On Windows Registry by researcher who got 50+ CVEs there |
https://www.reddit.com/r/netsec/comments/1c78m8i/on_windows_registry_by_researcher_who_got_50_cves/
|
April 19, 2024 |
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research |
http://www.kitploit.com/2024/04/vectorkernel-pocs-for-kernelmode.html
|
April 18, 2024 |
A quick post on Chen’s algorithm |
https://www.reddit.com/r/netsec/comments/1c5q3mw/a_quick_post_on_chens_algorithm/
|
April 18, 2024 |
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) - watchTowr Labs |
https://www.reddit.com/r/netsec/comments/1c5gxfl/palo_alto_putting_the_protecc_in_globalprotect/
|
April 14, 2024 |
Spectre v2 Exploit - Branch History Injection |
https://www.reddit.com/r/netsec/comments/1c3lhbh/spectre_v2_exploit_branch_history_injection/
|
April 14, 2024 |
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group |
https://www.reddit.com/r/netsec/comments/1bzw7a0/rubycarp_a_detailed_analysis_of_a_sophisticated/
|
April 14, 2024 |
How a 9.8 critical security vulnerability in ZeroMQ was found (with mostly pure luck) |
https://www.reddit.com/r/netsec/comments/1c1o1l3/how_a_98_critical_security_vulnerability_in/
|
April 14, 2024 |
Unpacking the Fuxnet Malware |
https://www.reddit.com/r/netsec/comments/1c2ge0k/unpacking_the_fuxnet_malware/
|
Feb. 13, 2024 |
Bypassing EDRs With EDR-Preloading |
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
|
Feb. 11, 2024 |
JSON Smuggling: A far-fetched intrusion detection evasion technique |
https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
|
Feb. 11, 2024 |
Cobalt Strike Profiles for EDR Evasion |
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
|
Jan. 1, 2024 |
Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout |
https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout
|
Dec. 28, 2023 |
Operation Triangulation: The last (hardware) mystery |
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
|
Dec. 28, 2023 |
AI In Windows: Investigating Windows Copilot |
https://blog.trailofbits.com/2023/12/27/ai-in-windows-investigating-windows-copilot/
|
Dec. 26, 2023 |
Rust Binary Analysis |
https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
|
Dec. 25, 2023 |
An Introduction to Bypassing User Mode EDR Hooks |
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
|
Dec. 24, 2023 |
All I Want for Christmas is Reflective DLL Injection |
https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
|
Dec. 23, 2023 |
Catching OpenSSL misuse using CodeQL |
https://blog.trailofbits.com/2023/12/22/catching-openssl-misuse-using-codeql/
|
Dec. 21, 2023 |
Dumping NTHASHES from Microsoft Entra ID |
https://www.secureworks.com/research/dumping-nthashes-from-microsoft-entra-id
|
Dec. 19, 2023 |
Streamlined Public YARA Rule Collection |
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab
|
Dec. 19, 2023 |
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 |
https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
|
Dec. 14, 2023 |
Module Stomping - Who up stompin they modules |
https://dtsec.us/2023-11-04-ModuleStompin/
|
Dec. 12, 2023 |
Fuzzing: The age of vulnerability discovery |
https://fuzzing.io/hushcon23.pdf
|
Dec. 12, 2023 |
Web Application Firewalls a.k.a. WAF are garbage: Bypasses |
https://github.com/waf-bypass-maker/waf-community-bypasses
|
Dec. 12, 2023 |
EDR Telemetry: This project aims to compare and evaluate the telemetry of various EDR products. |
https://github.com/tsale/EDR-Telemetry
|
Dec. 12, 2023 |
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools |
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
|
Dec. 12, 2023 |
Bypassing Windows Defender |
https://0xstarlight.github.io/posts/Bypassing-Windows-Defender/
|
Dec. 9, 2023 |
5Ghoul : Unleashing Chaos on 5G Edge Devices |
https://asset-group.github.io/disclosures/5ghoul/
|
Dec. 7, 2023 |
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings |
https://embee-research.ghost.io/ghidra-basics-identifying-and-decoding-encrypted-strings/
|
Dec. 6, 2023 |
Set of custom CodeQL queries for Go and C |
https://blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/
|
Dec. 5, 2023 |
The SOCKS We Have at Home |
https://trustedsec.com/blog/the-socks-we-have-at-home
|
Dec. 4, 2023 |
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 |
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
|
Nov. 28, 2023 |
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving CyberThreat Landscape |
https://www.slideshare.net/slideshow/embed_code/key/4BSm2z8iTWxbnG
|
Nov. 24, 2023 |
Living Off the Foreign Land - Part 3/3: Using Windows as Offensive Platform |
https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#event-tracing-for-windows
|
Nov. 21, 2023 |
Stealing the Bitlocker key from a TPM |
https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
|
Nov. 21, 2023 |
How to catch a wild triangle |
https://securelist.com/operation-triangulation-catching-wild-triangle/110916/
|
Nov. 21, 2023 |
Persistence – Scheduled Task Tampering |
https://pentestlab.blog/2023/11/20/persistence-scheduled-task-tampering/
|
Nov. 21, 2023 |
Process Injection - Avoiding Kernel Triggered Memory Scans |
https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html
|
Nov. 19, 2023 |
Reversing the protections used by Microsoft's EMET |
http://0xdabbad00.com/2013/11/18/emet-4-1-uncovered/
|
Nov. 18, 2023 |
Ask SentinelOne to dump a process to disk, nicely! |
https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
|
Nov. 13, 2023 |
In-Memory-Only ELF Execution (Without tmpfs) |
https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
|
Nov. 13, 2023 |
Present and Future of LLMs in Software Security |
https://moyix.net/~moyix/LLMs_SoftwareSecurity_CSAW.pdf
|
Nov. 13, 2023 |
Adversarial Attacks on LLMs |
https://lilianweng.github.io/posts/2023-10-25-adv-attack-llm/
|
Nov. 10, 2023 |
Modern Asian APT groups’ tactics, techniques and procedures (TTPs) |
https://securelist.com/modern-asia-apt-groups-ttp/111009/
|
Oct. 31, 2023 |
Lateral Movement: Abuse the Power of DCOM Excel Application |
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
|
Oct. 31, 2023 |
The issue with ATS in Apple’s macOS and iOS |
https://blog.trailofbits.com/2023/10/30/the-issue-with-ats-in-apples-macos-and-ios/
|
Oct. 30, 2023 |
Breaking 64 bit aslr on Linux x86-64 |
https://github.com/nick0ve/how-to-bypass-aslr-on-linux-x86_64
|
Oct. 26, 2023 |
StripedFly: Perennially flying under the radar |
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/?utm_source=twitter&utm_medium=social&utm_campaign=gl_SAS-JE_je0066&utm_content=link&utm_term=gl_twitter_organic_izosxwds3vx
|
Oct. 26, 2023 |
Defender Pretender: When Windows Defender Updates Become a Security Risk |
https://www.safebreach.com/blog/defender-pretender-when-windows-defender-updates-become-a-security-risk/
|
Oct. 19, 2023 |
Exploiting Zenbleed from Chrome |
https://vu.ls/blog/exploiting-zenbleed-from-chrome/
|
Oct. 12, 2023 |
Mastering Windows Access Control: Understanding SeDebugPrivilege |
https://www.binarydefense.com/resources/blog/mastering-windows-access-control-understanding-sedebugprivilege/
|
Oct. 11, 2023 |
Introduction to DotNet Configuration Extraction - RevengeRAT |
https://embee-research.ghost.io/introduction-to-dotnet-configuration-extraction-revengerat/
|
Oct. 3, 2023 |
Survive Access Key Deletion with sts:GetFederationToken |
https://hackingthe.cloud/aws/post_exploitation/survive_access_key_deletion_with_sts_getfederationtoken/
|
Oct. 3, 2023 |
Home Grown Red Team: LNK Phishing Revisited In 2023 |
https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
|
Oct. 3, 2023 |
nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) |
https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation/
|
Oct. 2, 2023 |
.NET Assembly Obfuscation for Memory Scanner Evasion |
https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
|
Sept. 24, 2023 |
Exploring Impersonation through the Named Pipe Filesystem Driver |
https://jsecurity101.medium.com/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
|
Sept. 24, 2023 |
Multiple Command and Control (C2) Frameworks During Red Team Engagements |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-command-and-control-c2-frameworks-during-red-team-engagements/
|
Sept. 23, 2023 |
Malware Persistence Locations: Windows and Linux |
https://marcoramilli.com/2023/09/23/malware-persistence-locations-windows-and-linux/
|
Sept. 23, 2023 |
Some experiments with Process Hollowing |
https://insinuator.net/2022/09/some-experiments-with-process-hollowing/
|
Sept. 22, 2023 |
Finding Deserialization Bugs in the Solarwind Platform |
https://www.zerodayinitiative.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform
|
Sept. 19, 2023 |
Hypervisor Detection with SystemHypervisorDetailInformation |
https://medium.com/@matterpreter/hypervisor-detection-with-systemhypervisordetailinformation-26e44a57f80e
|
Sept. 19, 2023 |
I Hacked MacOS! |
https://asahilina.net/agx-exploit/
|
Sept. 17, 2023 |
Attacking an EDR - Part 1 - For some fun and a fair bit of profit |
https://riccardoancarani.github.io/2023-08-03-attacking-an-edr-part-1/
|
Sept. 16, 2023 |
Retool blames breach on Google Authenticator MFA cloud sync feature |
https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/
|
Sept. 15, 2023 |
Bypassing UAC with SSPI Datagram Contexts |
https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html?m=1
|
Sept. 14, 2023 |
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree |
https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm-dependencies/
|
Sept. 12, 2023 |
Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter |
https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
|
Sept. 12, 2023 |
Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk |
https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/
|
Sept. 12, 2023 |
A new method for container escape using file-based DirtyCred |
https://starlabs.sg/blog/2023/07-a-new-method-for-container-escape-using-file-based-dirtycred/
|
Sept. 12, 2023 |
WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory |
https://www.x86matthew.com/view_post?id=windows_no_exec
|
Sept. 7, 2023 |
Debugging Windows Isolated User Mode (IUM) Processes |
https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html
|
Sept. 7, 2023 |
Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154 |
https://joshua.hu/nagios-hacking-cve-2023-37154
|
Sept. 7, 2023 |
Next-Generation Context Aware Password Cracking |
https://medium.com/@doctoreww/next-generation-context-aware-password-cracking-39b65e3aa976
|
Sept. 7, 2023 |
Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys |
https://hardenedlinux.org/blog/2023-09-07-boot-unguarded-x86-trust-anchor-downfalls-to-the-leaked-oem-internal-tools-and-signing-keys/
|
Sept. 6, 2023 |
How Microsoft Had Signing Key Compromised - Results of Major Technical Investigations for Storm-0558 Key Acquisition |
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
|
Sept. 5, 2023 |
Bypassing Windows Defender and Ppl Protection With Pplblade to Dump Lsass Without Detection |
https://github.com/tastypepperoni/PPLBlade
|
Sept. 4, 2023 |
Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places |
https://blog.agilehunt.com/blogs/security/web-cache-deception-attack-on-404-page-exposing-pii-data-to-unauthenticated-users
|
Sept. 3, 2023 |
NetNTLMv1 Downgrade to compromise |
https://www.r-tec.net/r-tec-blog-netntlmv1-downgrade-to-compromise.html
|
Sept. 1, 2023 |
Converting Tokens to Session Cookies for Outlook Web Application |
https://labs.lares.com/owa-cap-bypass/
|
Aug. 30, 2023 |
Kinsing Malware Exploits Novel Openfire Vulnerability |
https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability
|
Aug. 29, 2023 |
AWS WAF Bypass: invalid JSON object and unicode escape sequences |
https://blog.sicuranext.com/aws-waf-bypass/
|
Aug. 28, 2023 |
MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file |
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
|
Aug. 24, 2023 |
API Hacking with ChatGPT |
https://youtu.be/BTlUEWHRldk?feature=shared
|
Aug. 24, 2023 |
Azure AD Security Defaults/MFA Bypass with Graph API |
https://rootsecdev.medium.com/azure-ad-security-defaults-mfa-bypass-with-graph-api-86a5d6f57d4a
|
Aug. 24, 2023 |
Exploit Equivalence Classes |
https://blog.isosceles.com/exploit-equivalence-classes/
|
Aug. 22, 2023 |
macOS App Management vulnerability illustrated |
https://lapcatsoftware.com/articles/2023/8/3.html
|
Aug. 22, 2023 |
Azure Threat Research Matrix |
https://microsoft.github.io/Azure-Threat-Research-Matrix/
|
Aug. 22, 2023 |
Found a weird bug in Google's Fuchsia MMU subsystem (CVE-2021-22566) |
https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=88451
|
Aug. 22, 2023 |
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation. |
https://github.com/zer0condition/NVDrv
|
Aug. 22, 2023 |
(Tool) Garble: Obfuscate Go builds |
https://github.com/burrowers/garble
|
Aug. 22, 2023 |
Blinding EDR On Windows |
https://synzack.github.io/Blinding-EDR-On-Windows/
|
Aug. 21, 2023 |
Living off the Foreign Land Cmdlets and Binaries |
https://lofl-project.github.io/
|
Aug. 19, 2023 |
Offensive Tool Development - The Shellcode Compiler Was Right There All Along... (Part 1) |
https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain/
|
Aug. 19, 2023 |
Journey into Windows Kernel Exploitation: The Basics |
https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics-fff72116ca33
|
Aug. 19, 2023 |
NoFilter - Abusing Windows Filtering Platform for Privilege Escalation |
https://www.deepinstinct.com/blog/nofilter-abusing-windows-filtering-platform-for-privilege-escalation
|
Aug. 19, 2023 |
Process Injection using CreateRemoteThread API |
https://tbhaxor.com/createremotethread-process-injection/
|
Aug. 19, 2023 |
DLL Notification Injection |
https://shorsec.io/blog/dll-notification-injection/
|
Aug. 15, 2023 |
Knocking on Hell's Gate - EDR Evasion Through Direct Syscalls |
https://labs.en1gma.co/malwaredevelopment/evasion/security/2023/08/14/syscalls.html
|
Aug. 15, 2023 |
Creating Fully Undetectable JavaScript Payloads to Evade Next-Generation Firewalls |
https://elliotonsecurity.com/creating-fully-undetectable-javscript-payloads-to-evade-next-generation-firewalls/
|
Aug. 15, 2023 |
Exploits Explained: Finding Flaws in an ATM Software Tool |
https://www.synack.com/blog/exploits-explained-finding-flaws-in-an-atm-software-tool/
|
Aug. 14, 2023 |
Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition! |
https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b
|
Aug. 14, 2023 |
Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating |
https://www.wired.com/story/card-shuffler-hack/
|
Aug. 13, 2023 |
VS Code’s Token Security: Keeping Your Secrets… Not So Secretly |
https://cycode.com/blog/exposing-vscode-secrets/
|
Aug. 13, 2023 |
Unpacking Emotet Trojan |
https://infosecwriteups.com/unpacking-emotet-trojan-dac7e6119a0a
|
Aug. 13, 2023 |
TunnelCrack is a combination of two widespread security vulnerabilities in VPNs |
https://tunnelcrack.mathyvanhoef.com/
|
Aug. 11, 2023 |
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: WD PR4100 Edition |
https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-wd-pr4100-edition
|
Aug. 11, 2023 |
Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation |
https://github.com/FuzzySecurity/BHUSA-2023
|
Aug. 11, 2023 |
Abusing undocumented features to spoof PE section headers |
https://secret.club/2023/06/05/spoof-pe-sections.html
|
Aug. 11, 2023 |
Zero Touch Pwn: Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones |
https://blog.syss.com/posts/zero-touch-pwn/
|
Aug. 10, 2023 |
JTAG 'Hacking' the Original Xbox in 2023 |
https://blog.ret2.io/2023/08/09/jtag-hacking-the-original-xbox-2023/
|
Aug. 9, 2023 |
OPC UA Deep Dive Series: A One-of-a-Kind OPC UA Exploit Framework |
https://claroty.com/team82/research/opc-ua-deep-dive-series-a-one-of-a-kind-opc-ua-exploit-framework
|
Aug. 9, 2023 |
16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution on Millions of Industrial Devices Across Industries |
https://www.blackhat.com/us-23/briefings/schedule/index.html#code--zero-day-vulnerabilities-affecting-codesys-framework-leading-to-remote-code-execution-on-millions-of-industrial-devices-across-indust
|
Aug. 8, 2023 |
How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621) |
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
|
Aug. 8, 2023 |
Intel BIOS Advisory – Memory Corruption in HID Drivers |
https://research.nccgroup.com/2023/08/08/intel-bios-advisory-memory-corruption-in-hid-drivers/
|
Aug. 7, 2023 |
Custom GetModuleHandle & GetProcAddress - Resolve module handle and function address without using GetModuleHandle and GetProcAddress |
https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
|
Aug. 7, 2023 |
How To Dump Lsass Without Mimikatz |
https://reconshell.com/how-to-dump-lsass-without-mimikatz/
|
Aug. 7, 2023 |
Privilege Escalation in AWS - Part 01 |
https://mystic0x1.github.io/posts/AWS-Privilege-Escalation-Part-01/
|
Aug. 7, 2023 |
Reverse Engineering a Neural Network's Clever Solution to Binary Addition |
https://cprimozic.net/blog/reverse-engineering-a-small-neural-network/
|
Aug. 5, 2023 |
Attacking JS engines: Fundamentals for understanding memory corruption crashes |
https://www.sidechannel.blog/en/attacking-js-engines/
|
Aug. 3, 2023 |
Hook, Line, and Phishlet: Conquering AD FS with Evilginx |
https://research.aurainfosec.io/pentest/hook-line-and-phishlet/
|
Aug. 3, 2023 |
Unauthorized Access to Cross-Tenant Applications in a Microsoft Azure Service |
https://www.tenable.com/security/research/tra-2023-25
|
Aug. 2, 2023 |
Mitiga Security Advisory: Abusing the AWS SSM Agent as a Remote Access Trojan |
https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan
|
Aug. 2, 2023 |
Programming with Impacket - Working with SMB |
https://blog.spookysec.net/Programming-with-Impacket.md/
|
Aug. 1, 2023 |
Identifying and Exploiting Unsafe Deserialization in Ruby |
https://medium.com/@plenumlab/identifying-and-exploiting-unsafe-deserialization-in-ruby-97c7cbd6c05d
|
Aug. 1, 2023 |
Actionable Threat Intel (V) - Autogenerated Livehunt rules for IoC tracking |
https://blog.virustotal.com/2023/08/actionable-threat-intel-v-autogenerated.html
|
July 31, 2023 |
Intel VT-rp - Part 2. paging-write and guest-paging verification |
https://tandasat.github.io/blog/2023/07/31/intel-vt-rp-part-2.html
|
July 31, 2023 |
LOLDrivers 2.0: Pioneering Progress |
https://medium.com/magicswordio/loldrivers-2-0-pioneering-progress-c3b487f80489
|
July 31, 2023 |
Escaping the Google kCTF Container with a Data-Only Exploit |
https://h0mbre.github.io/kCTF_Data_Only_Exploit/
|
July 30, 2023 |
A/B Testing with Fat Tails |
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3171224
|
July 30, 2023 |
As of build 25915 (latest Preview) all known API based kernel address leaks no longer work unless requested by a process with SeDebugPrivilege (only available to admin processes) |
https://twitter.com/yarden_shafir/status/1685740223181832193
|
July 30, 2023 |
Computer Scientists Discover Limits of Major Research Algorithm |
https://www.quantamagazine.org/computer-scientists-discover-limits-of-major-research-algorithm-20210817/
|
July 28, 2023 |
Universal and Transferable Attacks on Aligned Language Models #ChatGPT #LLM #AI #adversarial |
https://llm-attacks.org/
|
July 28, 2023 |
Intel VT-rp - Part 1. remapping attack and HLAT |
https://tandasat.github.io/blog/2023/07/05/intel-vt-rp-part-1.html
|
July 27, 2023 |
Rust Binary Analysis - Feature by Feature |
https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
|
July 27, 2023 |
Total BYOVD Kernel-level protection for Windows using Windows Defender Application Control |
https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection
|
July 27, 2023 |
Finding and exploiting process killer drivers with LOL for 3000$ |
https://alice.climent-pommeret.red/posts/process-killer-driver/
|
July 26, 2023 |
The Black Box of GitHub Leaks: Analyzing Companies’ GitHub Repos |
https://socradar.io/the-black-box-of-github-leaks-analyzing-companies-github-repos/
|
July 26, 2023 |
Redrawing Infosec Boundaries: The Impact of Large AI Models |
https://rob.science/2023/04/22/redrawing-infosec-boundaries-the-impact-of-large-ai-models/
|
July 26, 2023 |
The Legacy of Stagefright |
https://blog.isosceles.com/the-legacy-of-stagefright/
|
July 25, 2023 |
Linux kernel CVE exploit analysis report and relative debug environment. |
https://github.com/bsauce/kernel-exploit-factory
|
July 24, 2023 |
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2 |
https://github.com/CognisysGroup/HadesLdr
|
July 24, 2023 |
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/ |
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/
|
July 23, 2023 |
Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting |
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
|
July 23, 2023 |
Investigating SMS phishing text messages from scratch |
https://blog.bushidotoken.net/2023/07/investigating-sms-phishing-text.html?m=1
|
July 22, 2023 |
Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel |
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
|
July 21, 2023 |
The Death of Infosec Twitter |
https://www.cyentia.com/the-death-of-infosec-twitter/
|
July 21, 2023 |
Brute Forcing A Mobile’s Pin Over Usb With A $3 Board |
https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/
|
July 21, 2023 |
Brute Forcing A Mobile’s Pin Over Usb With A $3 Board |
https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/
|
July 20, 2023 |
Forager: Browse Millions of Leaked API keys Found With TruffleHog |
https://trufflesecurity.com/blog/introducing-forager/
|
July 20, 2023 |
Combine Sliver C2 with BallisKit MacroPack Pro and ShellcodePack |
https://www.linkedin.com/pulse/tutorial-combine-sliver-c2-balliskit-macropack-pro-shellcodepack
|
July 20, 2023 |
The SOC Toolbox: Analyzing AutoHotKey compiled executables |
https://blog.nviso.eu/2023/07/20/the-soc-toolbox-analyzing-autohotkey-compiled-executables/
|
July 19, 2023 |
The Flawed Design of Intel TDX |
https://x86.lol/generic/2023/02/07/intel-tdx.html
|
July 19, 2023 |
How We Found Another GitHub Actions Environment Injection Vulnerability in a Google Project |
https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project
|
July 19, 2023 |
BYOS – Bundle Your Own Stealer |
https://research.checkpoint.com/2023/byos-bundle-your-own-stealer/
|
July 19, 2023 |
Escalating Privileges via Third-Party Windows Installers |
https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers
|
July 19, 2023 |
How is Chat-GPT changing over time? |
https://arxiv.org/pdf/2307.09009.pdf
|
July 19, 2023 |
Extending Burp Suite for fun and profit – The Montoya way – Part 3 |
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/
|
July 19, 2023 |
Intel VT-rp - Part 1. remapping attack and HLAT |
https://tandasat.github.io/blog/2023/07/05/intel-vt-rp-part-1.html
|
July 18, 2023 |
A Deep Dive into Penetration Testing of macOS Applications (Part 1) |
https://www.cyberark.com/resources/all-blog-posts/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
|
July 18, 2023 |
ThreadSleeper: Suspending Threads via GMER64 Driver |
https://www.binarydefense.com/resources/blog/threadsleeper-suspending-threads-via-gmer64-driver/
|
July 18, 2023 |
Teltonika RUT router reverse engineering, vulnerabilities analysis and exploitation. |
https://claroty.com/team82/research/triple-threat-breaking-teltonika-routers-three-ways
|
July 17, 2023 |
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker's Lens |
https://blog.umasi.dev/antibots-1
|
July 17, 2023 |
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2 |
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/
|
July 17, 2023 |
Poch, Poch, is this thing on? Bypass AMSI with Divide & Conquer |
https://badoption.eu/blog/2023/07/15/divideconqer.html
|
July 17, 2023 |
VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress |
https://adepts.of0x.cc/vba-exports-runtime/
|
July 17, 2023 |
Short blog post on dumping the kernel from embedded/IoT devices (Sonos One speaker) |
https://www.synacktiv.com/en/publications/dumping-the-sonos-one-smart-speaker
|
July 17, 2023 |
Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux |
https://hardenedvault.net/blog/2023-07-16-vault-range-resilience-weaponized-exp-linux/
|
July 17, 2023 |
Undocumented 8086 instructions, explained by the microcode |
http://www.righto.com/2023/07/undocumented-8086-instructions.html?m=1
|
July 16, 2023 |
Satellites lack standard security mechanisms found in mobile phones and laptops |
https://www.helpnetsecurity.com/2023/07/14/satellite-security-mechanisms/?web_view=true
|
July 15, 2023 |
Analysis of Storm-0558 techniques for unauthorized email access |
https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
|
July 14, 2023 |
Unveiling the Secrets: LSASS Memory Dump Parsing |
https://cyvisory.hashnode.dev/read-memory-dumps-without-a-cat
|
July 13, 2023 |
OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel |
https://research.nccgroup.com/2023/05/23/offensivecon-2023-exploit-engineering-attacking-the-linux-kernel/
|
July 12, 2023 |
The art of fuzzing: Windows Binaries |
https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
|
July 9, 2023 |
Security Research and the Creative Process |
https://medium.com/@yardenshafir2/security-research-and-the-creative-process-552fd91f52a7
|
July 7, 2023 |
A Journey Into Hacking Google Search Appliance |
https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/
|
July 7, 2023 |
Introducing Slinky Cat - Living off the AD Land |
https://labs.lares.com/introducing-slinkycat/
|
July 4, 2023 |
Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services |
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
|
July 3, 2023 |
Attacking GraphQL APIs |
https://portswigger.net/web-security/graphql
|
July 3, 2023 |
Retreading The AMLogic A113X TrustZone Exploit Process |
https://boredpentester.com/retreading-the-amlogic-a113x-trustzone-exploit-process/
|
June 29, 2023 |
Uncovering Container Confusion in the Linux Kernel |
https://www.vusec.net/projects/uncontained/
|
June 27, 2023 |
Faster method for determining when two mathematical groups are the same. |
https://www.quantamagazine.org/computer-scientists-inch-closer-to-major-algorithmic-goal-20230623/
|
June 26, 2023 |
RowPress: Amplifying Read Disturbance in Modern DRAM Chips |
https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf
|
June 26, 2023 |
NSA Releases Guide to Mitigate BlackLotus Threat |
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat/
|
June 23, 2023 |
Exploiting Windows’ vulnerabilities with Hyper-V: A Hacker’s swiss army knife |
https://reversing.info/posts/hyperdeceit/
|
June 23, 2023 |
Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability |
https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/
|
June 22, 2023 |
NETGEAR Routers: A Playground for Hackers? |
https://research.nccgroup.com/2023/05/15/netgear-routers-a-playground-for-hackers/?t=1
|
June 22, 2023 |
Home router hacking presentation at HITB2023 |
http://conference.hitb.org/files/hitbsecconf2023ams/materials/D1T1%20-%20Your%20Not%20So%20Home%20Office%20-%20Soho%20Hacking%20at%20Pwn2Own%20-%20McCaulay%20Hudson%20&%20Alex%20Plaskett.pdf
|
June 22, 2023 |
Ethical Problems in Computer Security |
https://www.schneier.com/blog/archives/2023/06/ethical-problems-in-computer-security.html
|
June 21, 2023 |
Kaspersky Hack - iOS Triangulation Malware Analysis |
https://securelist.com/operation-triangulation/109842/
|
June 21, 2023 |
FortiNAC - Just a few more RCEs |
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
|
June 21, 2023 |
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover |
https://www.descope.com/blog/post/noauth
|
June 21, 2023 |
New macOS vulnerability, Migraine, could bypass System Integrity Protection |
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
|
June 21, 2023 |
VSCode Remote Code Execution advisory |
https://blog.ammaraskar.com/vscode-rce/
|
June 21, 2023 |
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking |
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
|
June 21, 2023 |
Dissecting TriangleDB, a Triangulation spyware implant |
https://securelist.com/triangledb-triangulation-implant/110050/
|
June 20, 2023 |
Regular expression Denial-of-Service, due to the denial of service attack caused by regular expressions. |
https://blog.huli.tw/2023/06/12/en/redos-regular-expression-denial-of-service/
|
June 20, 2023 |
Latest ransomware variant has heightened attack execution speed and what that means |
https://www.darkreading.com/attacks-breaches/rorschach-ransomware-what-you-need-to-know
|
June 20, 2023 |
Reverse engineering and pwning a Google Home Mini smart speaker. |
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
|
June 20, 2023 |
Codegate Qualifier 2023 CTF Competition Hacked |
https://github.com/kalmarunionenctf/codegate-statement
|
June 20, 2023 |
Storing Passwords - A Journey of Common Pitfalls |
https://blog.redteam-pentesting.de/2023/storing-passwords/
|
June 20, 2023 |
When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers |
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
|
June 20, 2023 |
Google Ads: An effective phishing delivery mechanism for more than a decade. |
https://guardyourdomain.com/blog/google-ads-phishing/
|
June 20, 2023 |
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings |
https://arxiv.org/abs/2306.07695
|