Name | β οΈ [ ORIGIN SOURCE ] | π
[ Archival Date ] | π·οΈ [ Tags ] |
|---|---|---|---|
A Comprehensive Analysis of the 3CX Attack | blog.cyble.com | Mar 31, 2023 5:39 PM | 3CXSupply-chainCTILazarus |
Vulkan files leak, a rare look into Russian cyberwarfare tactics | www.theguardian.com | Mar 31, 2023 2:36 PM | Π ΠΎΡΡΠΈΡLeakCyberWarfare |
CVE-2023-21768 _ Pwning Windows Ancillary Function Driver for WinSock (afd.sys) | securityintelligence.com | Mar 30, 2023 7:03 PM | WindowsAFDLPEWinSock |
CVE-2022-47522 _ MacStealer: Wi-Fi Client Isolation Bypass | thehackernews.com | Mar 30, 2023 6:54 PM | WiFiContext Override |
ARM TrustZone: pivoting to the secure world | thalium.github.io | Mar 28, 2023 6:59 PM | AndroidARMTrustZoneACE |
CVE-2023-27326 _ Parallels Toolgate VM Escape | blog.impalabs.com | Mar 20, 2023 6:28 PM | MacOSParallelsVMEscape |
BlackLotus UEFI bootkit: Myth confirmed | www.welivesecurity.com | Mar 19, 2023 1:40 PM | UEFIBootkitBlackLotusCTI |
CVE-2022-25664 _ The code that wasn't there: Reading memory on an Android device by accident | github.blog | Mar 19, 2023 1:28 PM | AndroidAdrenoKASLR |
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM | research.nccgroup.com | Mar 19, 2023 11:41 AM | BiosSMMUEFIIntel |
Userland exploit chain to dump the memory of any Windows PPL process | blog.scrt.ch | Mar 19, 2023 10:48 AM | WindowsLSASSPPL |
CVE-2023-1017/18 _ Vulns in TPM 2.0 reference implementation code | blog.quarkslab.com | Mar 18, 2023 4:43 PM | TPMOOBEscape |
Defining the Cobalt Strike Reflective Loader | securityintelligence.com | Mar 17, 2023 7:20 PM | Cobalt-StrikeReflectiveLoader |
CVE-2023-25136 _ OpenSSH Pre-Auth Double Free | jfrog.com | Mar 17, 2023 7:00 PM | OpenSSHDouble-FreeOpenBSD |
CVE-2023-23397 _ Microsoft Outlook EoP | www.mdsec.co.uk | Mar 17, 2023 6:13 PM | OutlookWindowsEoPNTLM |
Multiple Internet to Baseband RCE Vulns in Exynos Modems | googleprojectzero.blogspot.com | Mar 17, 2023 5:05 PM | BasebandRCEExynosAndroid |
CVE-2022-44268/7 _ ImageMagick: The hidden vulnerability behind your online images | www.metabaseq.com | Feb 9, 2023 12:32 AM | ImageMagickRemote Leak |
CVE-2023-21608 _ Adobe Acrobat Reader resetForm RCE | hacksys.io | Feb 7, 2023 8:24 PM | AdobeAcrobatRCE |
VMSA-2023-0001 _ VMware vRealize Log Insight Multiple Vulns | www.horizon3.ai | Jan 31, 2023 11:00 PM | VMWarevRealize |
CVE-2022-34689 _ Exploiting a Critical Spoofing Vuln in Windows CryptoAPI | www.akamai.com | Jan 30, 2023 11:17 PM | WindowsMD5CryptoAPI |
how to completely own an airline in 3 easy steps | maia.crimew.gay | Jan 29, 2023 11:35 PM | jenkinsaviationnofly |
CVE-2023-23504 _ XNU Heap Underwrite in dlil.c | adamdoupe.com | Jan 26, 2023 11:49 PM | AppleXNUMacOSiOS |
CVE-2022-38181 _ yet another Arm Mali GPU Android exploit | github.blog | Jan 25, 2023 11:36 PM | AndroidMaliARM |
CVE-2022-42864 _ Diabolical Cookies on iOS/MacOS | muirey03.blogspot.com | Jan 23, 2023 10:26 PM | iOSMacOSApple |
CVE-2023-24068/69 _ Abusing Signal Desktop for fun & Espionage | johnjhacking.com | Jan 23, 2023 10:24 PM | SignalDesktop |
CVE-2023-0179 _ Linux kernel stack buffer overflow in nftables | seclists.org | Jan 22, 2023 11:56 PM | LINUXKERNELNFTables |
making malware with VX-API | steve-s.gitbook.io | Jan 18, 2023 5:29 PM | VX-APIDevelopment |
Prototype Pollution in Python | blog.abdulrah33m.com | Jan 18, 2023 5:00 PM | PythonPrototype |
Unlocking LockBit, a Ransomware story | analyst1.com | Jan 17, 2023 8:11 PM | LockBitRansomware |
Xdr33, A Variant Of CIAβs HIVE Attack Kit | blog.netlab.360.com | Jan 10, 2023 11:02 PM | XDR33HIVEC2 |
The OWASSRF + TabShell exploit chain | blog.viettelcybersecurity.com | Jan 9, 2023 10:59 PM | ExchangeOWASSRFTabShell |
Game Of Active Directory, PWNING is coming! | mayfly277.github.io | Jan 7, 2023 5:12 PM | Active DirectoryLab |
Blindside: EDR Evasion with Hardware Breakpoints | cymulate.com | Jan 2, 2023 11:20 PM | WindowsEDREvasion |
Precious Gemstones: The New Generation of Kerberos Attacks | unit42.paloaltonetworks.com | Jan 2, 2023 10:59 PM | KerberosWindowsAD |
Netcomm Unauthenticated RCE Vuln | github.com | Jan 2, 2023 7:39 PM | NETCOMMNF20MESH |
CVE-2022-46169 _ Cacti Unauthenticated Command Injection | github.com | Jan 2, 2023 11:09 AM | CactiPHP |
Exciting approaches to memory safety | saaramar.github.io | Jan 1, 2023 11:09 PM | memorysafetymitigationsarchitectures |
CVE-2022-41082/80 _ OWASSRF, Bypassing ProxyNotShell Mitigations | www.crowdstrike.com | Jan 1, 2023 4:55 PM | OWASSRFExchange |
MeshyJSON, A TP-Link tdpServer JSON Stack Overflow | research.nccgroup.com | Jan 1, 2023 11:08 AM | TP-LinkArcher AX21 |
VLAN Hopping techniques | bwlryq.net | Dec 31, 2022 1:06 PM | VLANNetworkingCISCO |
Spice up your persistence loading PHP extensions from memory | adepts.of0x.cc | Dec 31, 2022 12:07 PM | PHP ExtensionsX-C3LL |
Firebase is Insecure by Default | saligrama.io | Dec 31, 2022 11:43 AM | FirebaseFizz |
SilentMoonwalk: Implementing a dynamic Call Stack Spoofer | klezvirus.github.io | Dec 18, 2022 11:19 PM | WindowsStackSpoofing |
CVE-2022-28672 _ Foxit PDF Reader UAF RCE | hacksys.io | Dec 18, 2022 10:46 PM | FoxitPDFWindows |
CVE-2022-4543 _ EntryBleed: Breaking KASLR under KPTI with Prefetch | www.willsroot.io | Dec 18, 2022 10:31 PM | LINUXKASLRKPTI |
Huawei Secure Monitor Vulnerabilities | blog.impalabs.com | Dec 15, 2022 6:58 PM | AndroidHuaweiATFSecure Monitor |
FOISted, remote exploit for MikroTikβs RouterOS 6 | margin.re | Dec 15, 2022 6:25 PM | MikroTikRouterOSJailBreak |
IIS modules: The evolution of web shells | www.microsoft.com | Dec 14, 2022 7:13 PM | WindowsIISWebShell |
Atlassian Session Hijacking (& 2FA bypass) using stolen JWTs | cloudsek.com | Dec 14, 2022 6:53 PM | BitBucketJiraConfluence |
CVE-2022-42703 _ Bringing back the stack attack to Linux (kernel) | googleprojectzero.blogspot.com | Dec 13, 2022 8:12 PM | LINUXKERNEL |
Fuzzing ping(8)β¦ and finding a 24 year old bug. | tlakh.xyz | Dec 13, 2022 7:53 PM | OpenBSDPingAFL |
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF | claroty.com | Dec 9, 2022 3:01 PM | JSONSQLiAntiWAF |
CVE-2022-4059/42 _ Supply Chain Vulns Put Server Ecosystem At Risk | eclypsium.com | Dec 9, 2022 2:38 PM | BMC&CAMIMegaRACRedfishIPMI |
Multiple Zero-Day Vulnerabilities in Leading EDRs and AVs | www.safebreach.com | Dec 9, 2022 2:04 PM | FUDAntiEDRAV |
CVE-2022-3328 _ Snapd Race condition in snap-confine | blog.qualys.com | Dec 9, 2022 1:43 PM | SnapdUbuntu |
CVE-2022-41057 _ Windows 11 HTTP.SYS Kerberos PAC EoP | bugs.chromium.org | Dec 9, 2022 12:08 PM | WindowsHTTP.SYSKerberos |
CVE-2022-41034 _ Visual Studio Code RCE | github.com | Dec 9, 2022 11:09 AM | VSCodeRCE |
CVE-2022-41120 _ Sysmon EoP Abusing Arbitrary File Deletes | www.zerodayinitiative.com | Dec 8, 2022 11:44 PM | EoPWindows |
6G - The Sixth Generation Mobile Network | www.sharetechnote.com | Dec 8, 2022 11:20 PM | 6GMobileCellularNetwork |
In The Box - Mobile Malware Webinjects Marketplace | resecurity.com | Dec 8, 2022 10:11 PM | Dark MarketsWebinjects |
Cobalt Strike Memory Analysis | unit42.paloaltonetworks.com | Dec 8, 2022 7:36 PM | Cobalt-StrikeKoboldLithiumMagnetLoader |
The Defenderβs Guide to the Windows Registry | posts.specterops.io | Dec 8, 2022 7:11 PM | WindowsRegistryBlue |
The Intel PPAM attack story | binarly.io | Dec 7, 2022 7:53 PM | PPAMSMMAMIFirmware |
CVE-2022-25765 _ Command Injection in pdfkit | security.snyk.io | Dec 7, 2022 7:52 PM | pdfkitruby |
Discover Redigo β New Redis Backdoor Malware | blog.aquasec.com | Dec 6, 2022 10:50 PM | RedisRedigoCVE-2022-0543 |
Dumping and extracting the SpaceX Starlink User Terminal firmware | www.esat.kuleuven.be | Dec 6, 2022 10:49 PM | StarlinkSpaceXReverse |
TP-Link WR940N N-Day turns into a 0day | github.com | Dec 5, 2022 7:48 PM | TP-LinkWR940N |
CVE-2022-44721 _ Crowdstrike Falcon Uninstaller
| crash.software | Dec 5, 2022 7:44 PM | CVE-2022-2841CrowdStrikeFalcon |
CVE-2022-31358 _ Multiple Vulns in Proxmox VE & Mail Gateway | starlabs.sg | Dec 4, 2022 11:53 AM | ProxmoxXSSCRLFSSRF |
Hitching a ride with Mustang Panda | decoded.avast.io | Dec 4, 2022 11:23 AM | APTWindows |
HTTP Desync Attack (Request Smuggling) | github.com | Dec 4, 2022 12:52 AM | HTTP DesyncSmuggling |
CVE-2022-4116 _ zero-day flaw in Quarkus Java framework | www.contrastsecurity.com | Dec 4, 2022 12:25 AM | QuarkusCORS |
Hacking Smartwatches for Spear Phishing | cybervelia.com | Dec 2, 2022 11:28 PM | SmartwatchBLE |
Blasting Event-Driven Cornucopia - WMI edition | binarly.io | Dec 2, 2022 11:00 PM | WMIDKOMSandbox |
Huawei Security Hypervisor Vulnerability | blog.impalabs.com | Dec 1, 2022 10:49 PM | AndroidHuaweiHypervisor |
Hellβs Keychain: Supply-chain vuln in IBM Cloud PostgreSQL | www.wiz.io | Dec 1, 2022 10:01 PM | IBMSupply-chain |
CVE-2022-42895/6 _ Linux Kernel Infoleak & UAF in Bluetooth L2CAP | github.com | Nov 30, 2022 6:55 PM | LINUX |
chip-to-cloud 'eID' logic vulnerabilities | www.reversemode.com | Nov 30, 2022 6:43 PM | eIDReverse |
Xiongmai IoT Exploitation | vulncheck.com | Nov 29, 2022 11:43 PM | NVRIoTXiongmai |
Bypass Android SSL Pinning & Intercept Proxy Unaware apps | kishorbalan.medium.com | Nov 27, 2022 5:19 PM | AndroidReverseSSL |
Linux & Windows Password Mining | medium.com | Nov 27, 2022 4:06 PM | LateralPrivEscPassword |
Zero-to-Hero Dom Clobbering | hacklido.com | Nov 27, 2022 3:23 PM | DOMJSXSS |
Exploiting an N-day vBulletin PHP Object Injection Vulnerability | karmainsecurity.com | Nov 27, 2022 11:23 AM | vBulletinPOP Chain |
APT41βs New Subgroup: Earth Longzhi | www.trendmicro.com | Nov 26, 2022 10:36 AM | APT41MalwareCTI |
REcollapse - Fuzzing the web for mysterious bugs | 0xacb.com | Nov 25, 2022 9:13 PM | User InputFuzzing |
CVE-2022-33942 _ Bypassing Intel DCMβs Auth by Spoofing Kerberos and LDAP | www.rcesecurity.com | Nov 24, 2022 6:28 PM | IntelKerberosLDAP |
PNG Steganography Hides Backdoor | decoded.avast.io | Nov 24, 2022 5:51 PM | SteganographyDropboxC&C |
Userspace exploitation under Android | lolcads.github.io | Nov 23, 2022 9:14 PM | JNIAndroid |
NETGEAR R7800 AFPD PreAuth | ssd-disclosure.com | Nov 23, 2022 9:03 PM | Netgear R7800Heap Overflow |
CVE-2022-41924 _ RCE in Tailscale, DNS Rebinding, and You | emily.id.au | Nov 23, 2022 8:05 PM | TailscaleRCE |
The State of Exploit Development | www.crowdstrike.com | Nov 23, 2022 7:42 PM | ExploitDevelopment |
Chrome Browser Exploitation | jhalon.github.io | Nov 23, 2022 3:00 PM | V8Chrome |
kmem_guard_t in iOS 16 / macOS 13 | saaramar.github.io | Nov 21, 2022 10:38 PM | xnuMacOSiOS |
Remote Command Execution in a Bank Server | medium.com | Nov 21, 2022 10:21 PM | RCERemote Banking |
CVE-2022-41622/41800 _ F5 BIG-IP and iControl REST Vuln | www.rapid7.com | Nov 19, 2022 5:52 PM | F5 Big-IPiControl |
CVE-2022-20868/7 _ CiscoΒ SMA JWT EoP & SQLi RCE | ssd-disclosure.com | Nov 19, 2022 5:18 PM | Cisco SMACVE-2022-20868/7 |
CVE-2022-45163 _ NXP i.MX SDP_READ_DISABLE Fuse Bypass | research.nccgroup.com | Nov 19, 2022 9:10 AM | i.MXHardware |
Pixel 6 Bootloader Exploitation writeup | eshard.com | Nov 19, 2022 7:50 AM | AndroidHardware |
DeimosC2 C&C Framework brief-analysis | www.trendmicro.com | Nov 18, 2022 8:56 PM | C2C&C |
CVE-2022-41082 _ RCE in Exchange PowerShell Backend | www.zerodayinitiative.com | Nov 17, 2022 3:04 PM | ExchangeCVE-2022-41082CVE-2022-41040 |
CVE-2022-32932 _ ZinComputeProgramUpdateMutables() OOB write due to double fetch | 0x36.github.io | Nov 17, 2022 2:05 PM | Neural EngineweightBufs |
CVE-2022-36067 _ SandBreak vm2 Unauthβed RCE in Backstage | www.oxeye.io | Nov 16, 2022 3:13 PM | Backstagevm2 |
CVE-2022-32895 _ CVE-2019-8561 _ A Hard-to-Banish PackageKit Vuln | www.trendmicro.com | Nov 16, 2022 2:29 PM | MacOS |
Cloning Windows Binaries and Code Signing Implants | captmeelo.com | Nov 16, 2022 11:55 AM | EvasionWindows |
Practical fault attacks against SM4 | research.kudelskisecurity.com | Nov 15, 2022 4:24 PM | SM4HardwareGlitch |
CVE-2022-40303/4 _ on MacOS <13.0.1 & iOS/iPadOS <16.1.1 | gitlab.gnome.org | Nov 15, 2022 2:35 PM | libxml2iOSMacOS |
CVE-2022-35914 _ GLPI htmlawed | mayfly277.github.io | Nov 14, 2022 5:29 PM | GLPICVE-2022-35914 |
Inside the V1 Raccoon Stealer | www.team-cymru.com | Nov 14, 2022 5:06 PM | MalwareStealerRaccoon |
weightBufs π₯ exploit βοΈ chain | github.com | Nov 12, 2022 3:10 PM | iOSMacOSNeural Engine |
On-Chain Insights From the FTX Implosion | newsletter.banklesshq.com | Nov 11, 2022 6:57 PM | CryptoFinance |
Hosting Malware on IPFS for fun & profit! | blog.talosintelligence.com | Nov 11, 2022 6:44 PM | IPFSMalwareWeb3 |
Does OpenSea Shared Storefront have a backdoor? | blog.phor.net | Nov 11, 2022 6:20 PM | NFTOpenSeaWeb3 |
Web3 Decoder Burp Suite Extension | research.nccgroup.com | Nov 11, 2022 6:08 PM | dAppWeb3 |
Using SystemFunction032 for shellcode decryption | s3cur3th1ssh1t.github.io | Nov 10, 2022 7:13 PM | WindowsShellcodeObf |
Intel Boot Guard keys leak analysis | binarly.io | Nov 10, 2022 6:24 PM | IntelLeakBios |
Design and setup of C2 traffic redirectors | ditrizna.medium.com | Nov 9, 2022 7:35 PM | C2HTTP |
AppSec Ezine #455 | raw.githubusercontent.com | Nov 9, 2022 12:20 AM | AppSecEzine |
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS | blog.netlab.360.com | Nov 8, 2022 11:57 PM | DDoSBotNet |
CVE-2022-26730 _ ColorSync | srd.cx | Nov 7, 2022 5:47 PM | CVE-2022-26730MacOS |
DevSecOps-Playbook: step-by-step implementation guide | github.com | Nov 5, 2022 10:22 PM | DevSecOps |
Build a Self-Destructing USB Drive | interruptlabs.ca | Nov 5, 2022 3:09 PM | HardwareTactical |
Checkmk RCE Chain | blog.sonarsource.com | Nov 5, 2022 2:31 PM | CheckmkRCE |
Hardware Trojans Under a Microscope | ryancor.medium.com | Nov 4, 2022 7:43 PM | RATHardware |
More Evil Markets to buy Initial Access | www.sentinelone.com | Nov 4, 2022 7:31 PM | Dark MarketsInitial Access |
CVE-2022-33679 _ One-Day Kerberos EoP | googleprojectzero.blogspot.com | Nov 3, 2022 1:35 PM | KerberosWindows |
urlscan.io's SOAR spot: Chatty security tools leaking private data | positive.security | Nov 3, 2022 12:25 PM | Leakdorks |
CVE-2022-3602 _ OpenSSL punycode vulnerability | securitylabs.datadoghq.com | Nov 1, 2022 8:38 PM | CVE-2022-3602CVE-2022-3786OpenSSL |
CVE-2022-40146 _ Apache Batik SSRF and RCE | www.zerodayinitiative.com | Nov 1, 2022 10:50 AM | Apache BatikJava |
Exploited Windows βMark-of-the-Webβ Zero-Day | www.bleepingcomputer.com | Nov 1, 2022 10:26 AM | MoTWWindows |
The Drone Cyberattack That Breached a Corporate Network | blogs.blackberry.com | Oct 31, 2022 7:22 PM | WiFiDrone |
Abusing tokens to compromise AD w/o touching lsass | sensepost.com | Oct 31, 2022 6:52 PM | Token TheftActive Directory |
Thatβs No Honey Badger. Itβs A Brute Ratel. A Look At BRC4. | thebinaryhick.blog | Oct 30, 2022 8:29 PM | C2BRC4 |
LNK file-based Attacks Are on The Rise | www.docguard.io | Oct 30, 2022 4:42 PM | LNKPhishingWindows |
CVE-2022-32250 _ Exploit Linux Kernel Exploit with mqueue | blog.theori.io | Oct 29, 2022 3:11 PM | CVE-2022-32250LINUXLPE |
From Shared Dash to Root Bash :: Pre-Authβed RCE in VMWare vROps | srcincite.io | Oct 29, 2022 2:46 PM | CVE-2022-31675CVE-2022-31674CVE-2022-31672 |
Eat What You Kill :: Pre-Authβed RCE in VMWare NSX Manager | srcincite.io | Oct 29, 2022 1:48 PM | VMSA-2022-0027VMWareNSX |
CVE-2022-34918 _ A crack in the Linux firewall | www.randorisec.fr | Oct 28, 2022 3:55 PM | CVE-2022-34918LINUX |
In the potato family, I want βem all | hideandsec.sh | Oct 28, 2022 3:25 PM | LPEWindows |
Android One-Click exploiting XSS on Samsung Galaxy Store | ssd-disclosure.com | Oct 28, 2022 12:56 PM | XSSAndroidSamsung |
CVE-2022-32946 _ SiriSpy, eavesdrop conversations with Siri | rambo.codes | Oct 27, 2022 5:33 PM | iOSappleSiri |
CVE-2022-37981 _ The Logging Dead | www.varonis.com | Oct 27, 2022 5:21 PM | CVE-2022-37981Windows |
CVE-2022β34718 _ Windows TCP/IP RCE PoC & Analysis | medium.com | Oct 26, 2022 7:35 PM | CVE-2022β34718RCEWindows |
APT techniques: Access Token manipulation/theft | cocomelonc.github.io | Oct 26, 2022 7:18 PM | Win32APIToken Theft |
CVE-2022-35737 _ Stranger Strings: An exploitable flaw in SQLite | blog.trailofbits.com | Oct 25, 2022 3:28 PM | SQLiteCVE-2022-35737 |
CVE-2022-22954 _ Mirai, RAR1 & GuardMiner target a well-known VMware RCE | www.fortinet.com | Oct 25, 2022 2:41 PM | VMWareCVE-2022-22954 |
SharePoint Post-Authentication Server-Side Request Forgery (SSRF) | starlabs.sg | Oct 25, 2022 2:17 PM | SharePointSSRF |
SS7 ΡΡΡΠ°ΡΠ΅Π», long life to SS7 | t.me | Oct 24, 2022 5:17 PM | SS7GSMMobileΠ ΠΎΡΡΠΈΡ |
Client Side De-Sync and Synch0le | sharpsec.run | Oct 24, 2022 4:31 PM | client-side desyncSynch0le |
Black Basta and the Unnoticed Delivery | research.checkpoint.com | Oct 24, 2022 4:02 PM | RansomwareBlack BastaCTI |
Thousands Of Unsecured Kubernetes Clusters Exposed On The Internet | redhuntlabs.com | Oct 23, 2022 10:39 AM | KubernetesK8SKubeStalk |
Authentication Bypass & File Upload & Arbitrary File Overwrite | medium.com | Oct 23, 2022 10:17 AM | JWTS3BugBounty |
Π’Π΅ΠΌΠ½ΡΠ΅ Π ΡΠ½ΠΊΠΈ Π² Π’Π΅Π»Π΅Π³ΡΠ°ΠΌΠΌΠ΅ | www.ptsecurity.com | Oct 23, 2022 9:20 AM | TelegramDarkNetΠ ΠΎΡΡΠΈΡ |
Reverse Engineering the Apple MultiPeer Connectivity Framework | www.evilsocket.net | Oct 22, 2022 8:17 PM | appleReversemcpeer |
Steganography: Creating a digital microdot | medium.com | Oct 22, 2022 7:51 PM | SteganographyMicrodot |
AppSec Ezine #453 | github.com | Oct 22, 2022 6:50 PM | AppSecEzine |
SpaceX Starlink User Terminal Modchip | github.com | Oct 21, 2022 6:07 PM | StarlinkDefconModchip |
CVE-2022-3236 _ Sophos Firewall Code Injection | www.zerodayinitiative.com | Oct 21, 2022 5:21 PM | SophosJSONCVE-2022-3236 |
BlueBleed - The Largest B2B Leak | socradar.io | Oct 21, 2022 4:52 PM | BlueBleedAzureLeak |
Fantastic Rootkits: And Where to Find Them | www.cyberark.com | Oct 20, 2022 6:18 PM | SSDTRootKitWindows |
Exploit Deserialization Vulnerabilities in PHP | www.synacktiv.com | Oct 20, 2022 5:54 PM | DeserializationPHP Filter Chain |
Wireless PenTest Methodologies | github.com | Oct 20, 2022 5:37 PM | WirelessProximityTactical |
CVE-2022-22980 _ Spring Data MongoDB SpEL ExpInjection | github.com | Oct 19, 2022 11:32 PM | CVE-2022β22980VMWareSpring Data MongoDB |
Discovering _ CVE-2022β22980 real exploitable path | infosecwriteups.com | Oct 19, 2022 11:20 PM | CVE-2022β22980CodeQL |
Memory corruption vulnerabilities in Edge | microsoftedge.github.io | Oct 19, 2022 10:40 PM | EdgexplorerVULN |
CVE-2022β42889 _ Text4Shell Vuln Technical Analysis | medium.com | Oct 19, 2022 8:06 PM | CVE-2022β42889Text4ShellApache Commons Text |
CVE-2022-27502 _ RealVNC Server 6.8.0 PrivEsc | www.triskelelabs.com | Oct 18, 2022 5:01 PM | CVE-2022-27502RealVNC |
CVE-2022-39197 _ Cobalt Strike 4.7.1 RCE | securityintelligence.com | Oct 18, 2022 4:10 PM | CVE-2022-39197Cobalt-Strike |
iOS Native Code Obfuscation and Syscall Hooking | www.romainthomas.fr | Oct 18, 2022 2:39 PM | iOSReverse |
SingPass RASP Analysis | www.romainthomas.fr | Oct 18, 2022 11:49 AM | ReverseiOS |
Relaying YubiKeysΒ | cube0x0.github.io | Oct 17, 2022 6:41 PM | YubiKeyFIDO2 |
Replicant: Fault Injection Attack on Trezor One | voidstarsec.com | Oct 17, 2022 4:51 PM | TrezorCryptoChipFail |
CVE-2022-41852 _ RCE in JXPath Library | hackinglab.cz | Oct 16, 2022 8:09 PM | CVE-2022-41852JXPath |
CVE-2022-41352 _ Zimbra 0-day | securelist.com | Oct 16, 2022 12:13 PM | ZimbraCVE-2022-41352 |
CVE-2022-37042 _ Zimbra Email Vulnerability | blog.cyble.com | Oct 16, 2022 12:05 PM | ZimbraCVE-2022-37042 |
CVE-2022-40684 _ FortiOS/Proxy/SwitchManager AuthBypass | www.horizon3.ai | Oct 15, 2022 11:03 PM | CVE-2022-40684Fortinet |
CVE-2022-37969 _ Windows CLFS Zero-Day | www.zscaler.com | Oct 15, 2022 4:55 PM | CVE-2022-37969Windows |
Analysing LastPass Chrome Extension | www.mdsec.co.uk | Oct 15, 2022 3:22 PM | LastPassChrome Remote Debugging |
Disposable Root Servers | blog.thc.org | Oct 14, 2022 11:17 AM | SegfaultFree |
L.E.J Mashup 80s | Oct 7, 2022 7:14 PM | SPKRWRITE | |
Attacking Titan M with Only One Byte | blog.quarkslab.com | Oct 6, 2022 10:29 PM | CVE-2022-20233Titan M |
Attacking Android kernel (ab)using Qualcomm TrustZone | tamirzb.com | Oct 6, 2022 9:48 PM | TrustZoneCVE-2021-1961 |
Exploring the REF2731 Intrusion Set | www.elastic.co | Oct 4, 2022 9:53 AM | MaldocParallaxNetwire |
Bumblebee: increasing its capacity and evolving its TTPs | research.checkpoint.com | Oct 3, 2022 6:58 PM | BumblebeeMalware |
CVE-2022-29464 _ detailed analysis of a ShadowPad intrusion | research.nccgroup.com | Oct 3, 2022 6:51 PM | ShadowPadCVE-2022-29464 |
Beginner's Guide to Sliver C2 | notateamserver.xyz | Oct 1, 2022 5:52 PM | C2Sliver |
CVE-2022-41040/41082 _ 0-day RCE on Microsoft Exchange | gteltsc.vn | Oct 1, 2022 12:10 PM | ExchangeCVE-2022-41040CVE-2022-41082 |
Bad VIB(E)s // Novel Malware in ESXi Hypervisors | www.mandiant.com | Sep 30, 2022 10:15 AM | MalwareVMWare |
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike | blog.malicious.group | Sep 28, 2022 5:24 PM | C2 |
Exploiting Flipper Zeroβs NFC file loader | vvx7.io | Sep 28, 2022 9:36 AM | Flipper-ZeroNFCBuffer Overflow |
A FormBook Matryoshka | github.com | Sep 26, 2022 9:59 PM | MaldocWindows |
CVE-2022-36804 _ Bitbucket Pre Auth Remote Command Execution | blog.assetnote.io | Sep 22, 2022 12:45 PM | CVE-2022-36804 |
The Crypto Revolution | newsletter.banklesshq.com | Jul 5, 2022 8:08 AM | CryptoGovernancebankless |
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat | www.intezer.com | Jun 30, 2022 10:28 PM | MalwareLINUX |
ΠΎΠ±Π·ΠΎΡ Π½Π° rizin | telegra.ph | Jun 30, 2022 6:03 PM | Π ΠΎΡΡΠΈΡReverse |
CVE-2022-30190 _ Overview of Bears Cyberespionage | blog.bushidotoken.net | Jun 27, 2022 7:22 AM | APT28APT29CVE-2022-30190 |
Hacking Ham Radio for Texting | spectrum.ieee.org | Jun 26, 2022 10:06 PM | HamRadioSpectrum |
The Sound of Malware | www.trellix.com | Jun 26, 2022 9:45 PM | MalwareSPKRWRITE |
Tracking Joker with Medusa, static analysis (and patience) | cryptax.medium.com | Jun 20, 2022 9:37 PM | AndroidMalwareJoker |
CVE-2022-26809 _ Reaching Vulnerable Point | s1ckb017.github.io | Jun 19, 2022 10:46 PM | CVE-2022-26809Windows |
APT groups carried out highly targeted attack on Sophos | news.sophos.com | Jun 19, 2022 10:37 PM | CVE-2022-1040GoMetGh0stCTI |
Stablecoins Are Products | medium.com | Jun 19, 2022 2:45 PM | CryptoStablecoins |
Emulating Phineas Phisher Attacks in Modern EDR Environments | www.sentinelone.com | Jun 16, 2022 6:33 PM | C2TTPDEFRA |
GhostTouch: Contactless attack with Electromagnetic Signals | thehackernews.com | Jun 12, 2022 10:25 PM | TAOEMITTRY |
How to Make $800m in Crypto, Soros Style - Breaking $UST | onchainwizard.substack.com | Jun 11, 2022 10:12 PM | CryptoUST |
KAX17 de-anonymization against Tor | nusenu.medium.com | Jun 11, 2022 9:58 PM | TorDe-anonKAX17 |
Android/BianLian payload | cryptax.medium.com | Jun 11, 2022 9:45 PM | AndroidMalware |
DarkFi | dark.fi | Jun 11, 2022 8:29 PM | CryptoBlockchainZK |
Attacking ARM Pointer Authentication with
Speculative Execution | pacmanattack.com | Jun 11, 2022 5:52 PM | VULNM1TTRY |
Aoqin Dragon | www.sentinelone.com | Jun 11, 2022 7:45 AM | WindowsMalware |
reNgine - More than just a recon! | rengine.wiki | Jun 10, 2022 3:11 PM | ReconScanVATTRY |
HOP Token Airdrop | Jun 9, 2022 7:19 PM | DropCatcher | |
The Magic of Π₯YΠ | Jun 9, 2022 6:32 PM | SPKRWRITEΠ ΠΎΡΡΠΈΡ | |
Russiaβs certificate authority for sanctioned organizations | koen.engineer | Jun 9, 2022 4:59 PM | Π ΠΎΡΡΠΈΡ |
Self Hosted Roundup #7 | noted.lol | Jun 9, 2022 4:53 PM | SelfHosted |
Automated Malware Analysis - Joe Sandbox | www.joesandbox.com | Jun 9, 2022 4:24 PM | MalwareSandbox |
The Surreal Case of aΒ C.I.A. Hackerβs Revenge | www.newyorker.com | Jun 8, 2022 6:50 PM | Enota |
Meet Logseq, 'stores data like a brain' | venturebeat.com | Jun 8, 2022 6:48 PM | SubstaTTRYKNWLDG |
Francesca Bria on Decentralisation, Sovereignty, and Web3 | the-crypto-syllabus.com | Jun 8, 2022 6:39 PM | Web3Decentralisation |
Xenomorph: Hatched Banking Trojan | www.threatfabric.com | Jun 8, 2022 6:39 PM | Malware |
Guerre di Rete - Ucraina, cronache dai cyber fronti | guerredirete.substack.com | Jun 8, 2022 6:37 PM | GuerreDiRete |
CVE-2022-0847 _ The Dirty Pipe | dirtypipe.cm4all.com | Jun 8, 2022 6:37 PM | CVE-2022-0847LINUXAndroidKERNEL |
PerchΓ© Γ¨ il momento di fare (e informare) Guerre di Rete | www.guerredirete.it | Jun 8, 2022 4:27 PM | GuerreDiRete |
The state of music/Web3 tools for artists | www.waterandmusic.com | Jun 7, 2022 2:16 PM | Web3NFT |
NSO zero-click iMessage RCE exploit | googleprojectzero.blogspot.com | Jun 7, 2022 1:42 PM | VULNCVE-2021-30860 |
Threat Thursday: BoratRAT | blogs.blackberry.com | Jun 7, 2022 1:27 PM | RATWindowsMalware |