2024-03-31 // Ken Shirriff takes a dive into a military-grade chip to explore its gate array design and compares it with custom chips, outlining the costs and production differences. A cyber security fan uncovers how to hack into the Rebound box on HackTheBox with techniques that bump up privileges. Trail of Bits launches Ruzzy, a fuzzer to sniff out Ruby code bugs. "forensictools" toolkit makes a one-stop virtual spot for digital forensics, loaded with a bunch of analysis tools. An article unveils a hacking trick to mess with turnstiles using the Wiegand protocol. Lastly, C2 Tracker on GitHub keeps an eye on shady online dealings, nabbing IP addresses to spot malign servers. [more...]

2024-03-30 // This article teaches malware develpers how to dodge antivirus by changing NTFS attributes, in-memory tricks, digital certificates, and more, with tips for security pros. There’s updates on malware IOCs vital for knowing and stopping threats. Cloud_Enum looks for open cloud stuff on AWS, Azure, and others using keywords. Telerecon helps with Intel on Telegram, like scraping chats and seeing user links, but you need to set it up right. Awesome Cloud Security Labs has free security exercises for cloud tech. Netlas.io scans the internet for research and can spot industrial controls online needing better security. Backslash-powered-scanner finds hidden injection problems in servers and slides past firewalls. You can learn how to use Rust language in cybersecurity with their tool. There’s a full guide on Windows for malware work, and a project for a DNS Tunnel Keylogger to sneak out info without getting caught. Lastly, learn to spot .NET malware with GUIDs and MVIDs, and find Yara rules online. [more...]

2024-03-29 // This series helps with emulating IoT malware using Docker and Qiling. A pro explains using Velociraptor on VMware ESXi hypervisors for forensics. Security flaws in ChatGPT allow XSS attacks. A JavaScript file cleverly hides AsyncRAT deployment. There’s a binary exploitation roadmap from basics through pwn.college. SARA teaches making Android Trojans. BruteUnpackage cracks compressed file passwords. Demonstrate elevated privileges with CVE-2024-1086 on Linux. CVE-2023-48788 exploit for Fortinet’s FortiClient EMS is on GitHub. Understand Open Redirect vulnerability in IIS using JavaScript. CVE-2024-25153 proof-of-concept affects Fortra FileCatalyst Workflow. Xiaomi WiFi routers had security issues now fixed. A 64-bit library loads DLLs stealthily. Lastly, Meckazin/ChromeKatz extracts browser cookies from memory. [more...]

2024-03-28 // In a recent blog post, a data-only exploitation technique has been discussed which affects the Linux kernel’s io_uring. The technique lets attackers control memory pages and escalate privileges without changing kernel code. Zero Day Engineering offers masterclasses in software vulnerability research and exploit development with resources from conferences. A security researcher showed steps for unpacking Agent Tesla malware, analyzing its stages, and decrypting the payload. Ryan Weil explained deobfuscating the control flow in Agent Tesla by creating a plugin for de4dot and restoring code readability. Frida is a toolkit for modifying how programs run across multiple operating systems without needing source code. Noia is a sandbox file browser that simplifies examining mobile application files with Frida, suitable for rooted and non-rooted devices. VolWeb is a digital forensic tool using Volatility 3 for memory analysis and integration with CTI platforms. Domain Hunter Pro automates collecting web assets and interfaces with security tools, aimed at those in security testing.You can exploit local admin access to blind an EDR by tweaking the registry and rebooting to ensure Sysmon blindness. An in-depth analysis covers a Linux kernel vulnerability and exploitation, also providing research insights. There’s a guide on Velociraptor, a forensic tool, setup in a Windows lab environment. Suricata Hunting Rules provides network anomaly detection rules for Suricata IDS on GitHub. Nuclei v3.2 offers secure scanning of targets with authentication via a YAML file. An OSINT text outlines defending against cyber-attacks and info for cybersecurity careers. A repository holds dictionaries for penetration testers for password attacks and vulnerability finding. An article shows using DNS pivoting with Validin to analyze cyber infrastructures like LokiBot. The process of finding malware in open-source software through code analysis is detailed.A piece explains creating a self-replicating UEFI application and covers related techniques.BestEdrOfTheMarket is an open-source project for studying EDR detection strategies.The unKover project details an anti-rootkit tool which reveals unauthorized Windows drivers.A Google sub-domain XSS vulnerability was uncovered and resolved for a $4,133.70 reward.An article explains Windows syscall execution with a focus on kernel structure roles.Matthew Alt bypassed security protections on STM32 microcontrollers with Electromagnetic Fault Injection.Lastly, a script demonstrated a collision in SHA-256 hash function challenging its reliability. [more...]

2024-03-27 // A new exploit for local privilege escalation in Linux kernels (CVE-2024-1086) affects versions 5.14 to 6.6. A security flaw’s been found that let’s people get more access on Apple macOS systems by messing with file system mount options; it’s been fixed now. There’s this thing, ChromeKatz, that can grab cookies from Chromium browsers. AutoWLAN helps set up a mobile hotspot with a Raspberry Pi and lets people make it more secure. Matthew Alt showed how to mess with STM32F4 microcontrollers using EMFI. Agenda ransomware is hitting VMWare’s vCenter and ESXi servers hard with their new tricks. Folks can make a bad Amazon Machine Image (AMI) that gets into other people’s AWS accounts. There’s a fix for a problem where folks could read files they shouldn’t in Adobe ColdFusion (CVE-2024-20767). Tracecat helps security teams be smarter and faster with cool AI stuff, and mailtools does email things for learning. A script on GitHub can set up AnyDesk with better security options. You can use Grafana Labs tools for keeping an eye on apps and make it safer with GitHub Action. Some smarties figured out how to take advantage of a hole in HTTP .NET Remoting (CVE-2024-29059). Devs can make assembly code easier with x86inc.asm. AMD Zen 2 and Zen 3 chips might be messed up by Rowhammer attacks, even with DDR4 and DDR5. Telegram-Anti-Revoke used to keep messages in Telegram from going poof, but it’s not being looked after anymore. [more...]