โก๏ธ.LINK
๐ฎ.FYI
๐.DIRECTORY
๐พ .SOFTWARE
๐.CODES
๐จ .CONTACT
STRLCPY(3)
๐
A Comprehensive Analysis of the 3CX Attack
3CX
Supply-chain
CTI
Lazarus
๐ช
Vulkan files leak, a rare look into Russian cyberwarfare tactics
ะ ะพััะธั
Leak
CyberWarfare
๐งฆ
CVE-2023-21768 _ Pwning Windows Ancillary Function Driver for WinSock (afd.sys)
Windows
AFD
LPE
WinSock
๐ฆ
CVE-2022-47522 _ MacStealer: Wi-Fi Client Isolation Bypass
WiFi
Context Override
๐งฟ
ARM TrustZone: pivoting to the secure world
Android
ARM
TrustZone
ACE
๐คธโโ๏ธ
CVE-2023-27326 _ Parallels Toolgate VM Escape
MacOS
Parallels
VM
Escape
๐
BlackLotus UEFI bootkit: Myth confirmed
UEFI
Bootkit
BlackLotus
CTI
๐ค
CVE-2022-25664 _ The code that wasn't there: Reading memory on an Android device by accident
Android
Adreno
KASLR
๐ฅ
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
Bios
SMM
UEFI
Intel
๐ชก
Userland exploit chain to dump the memory of any Windows PPL process
Windows
LSASS
PPL
๐
CVE-2023-1017/18 _ Vulns in TPM 2.0 reference implementation code
TPM
OOB
Escape
๐ณ
Defining the Cobalt Strike Reflective Loader
Cobalt-Strike
Reflective
Loader
๐ก
CVE-2023-25136 _ OpenSSH Pre-Auth Double Free
OpenSSH
Double-Free
OpenBSD
๐ช
CVE-2023-23397 _ Microsoft Outlook EoP
Outlook
Windows
EoP
NTLM
๐ฃ
Multiple Internet to Baseband RCE Vulns in Exynos Modems
Baseband
RCE
Exynos
Android
๐ผ๏ธ
CVE-2022-44268/7 _ ImageMagick: The hidden vulnerability behind your online images
ImageMagick
Remote Leak
๐
CVE-2023-21608 _ Adobe Acrobat Reader resetForm RCE
Adobe
Acrobat
RCE
๐ชต
VMSA-2023-0001 _ VMware vRealize Log Insight Multiple Vulns
VMWare
vRealize
๐
CVE-2022-34689 _ Exploiting a Critical Spoofing Vuln in Windows CryptoAPI
Windows
MD5
CryptoAPI
๐ซ
how to completely own an airline in 3 easy steps
jenkins
aviation
nofly
๐
CVE-2023-23504 _ XNU Heap Underwrite in dlil.c
Apple
XNU
MacOS
iOS
๐ฃ
CVE-2022-38181 _ yet another Arm Mali GPU Android exploit
Android
Mali
ARM
๐ช
CVE-2022-42864 _ Diabolical Cookies on iOS/MacOS
iOS
MacOS
Apple
๐ฌ
CVE-2023-24068/69 _ Abusing Signal Desktop for fun & Espionage
Signal
Desktop
๐ง
CVE-2023-0179 _ Linux kernel stack buffer overflow in nftables
LINUX
KERNEL
NFTables
โ ๏ธ
making malware with VX-API
VX-API
Development
๐
Prototype Pollution in Python
Python
Prototype
๐
Unlocking LockBit, a Ransomware story
LockBit
Ransomware
๐ฏ
Xdr33, A Variant Of CIAโs HIVE Attack Kit
XDR33
HIVE
C2
๐ง
The OWASSRF + TabShell exploit chain
Exchange
OWASSRF
TabShell
๐ฒ
Game Of Active Directory, PWNING is coming!
Active Directory
Lab
๐
Blindside: EDR Evasion with Hardware Breakpoints
Windows
EDR
Evasion
๐
Precious Gemstones: The New Generation of Kerberos Attacks
Kerberos
Windows
AD
๐ธ๏ธ
Netcomm Unauthenticated RCE Vuln
NETCOMM
NF20
MESH
๐ต
CVE-2022-46169 _ Cacti Unauthenticated Command Injection
Cacti
PHP
๐ฆบ
Exciting approaches to memory safety
memory
safety
mitigations
architectures
โ ๏ธ
CVE-2022-41082/80 _ OWASSRF, Bypassing ProxyNotShell Mitigations
OWASSRF
Exchange
๐น
MeshyJSON, A TP-Link tdpServer JSON Stack Overflow
TP-Link
Archer AX21
๐ฆ
VLAN Hopping techniques
VLAN
Networking
CISCO
๐ถ๏ธ
Spice up your persistence loading PHP extensions from memory
PHP Extensions
X-C3LL
๐
Firebase is Insecure by Default
Firebase
Fizz
๐ถ๐ฟโโ๏ธ
SilentMoonwalk: Implementing a dynamic Call Stack Spoofer
Windows
Stack
Spoofing
๐ฆ
CVE-2022-28672 _ Foxit PDF Reader UAF RCE
Foxit
PDF
Windows
๐ฉธ
CVE-2022-4543 _ EntryBleed: Breaking KASLR under KPTI with Prefetch
LINUX
KASLR
KPTI
๐ชค
Huawei Secure Monitor Vulnerabilities
Android
Huawei
ATF
Secure Monitor
๐งจ
FOISted, remote exploit for MikroTikโs RouterOS 6
MikroTik
RouterOS
JailBreak
๐บ
IIS modules: The evolution of web shells
Windows
IIS
WebShell
๐ชฃ
Atlassian Session Hijacking (& 2FA bypass) using stolen JWTs
BitBucket
Jira
Confluence
๐ง
CVE-2022-42703 _ Bringing back the stack attack to Linux (kernel)
LINUX
KERNEL
๐ก
Fuzzing ping(8)โฆ and finding a 24 year old bug.
OpenBSD
Ping
AFL
๐ฅ
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
JSON
SQLi
Anti
WAF
๐ฅ
CVE-2022-4059/42 _ Supply Chain Vulns Put Server Ecosystem At Risk
BMC&C
AMI
MegaRAC
Redfish
IPMI
๐ฅ
Multiple Zero-Day Vulnerabilities in Leading EDRs and AVs
FUD
Anti
EDR
AV
๐ฅ
CVE-2022-3328 _ Snapd Race condition in snap-confine
Snapd
Ubuntu
๐ช
CVE-2022-41057 _ Windows 11 HTTP.SYS Kerberos PAC EoP
Windows
HTTP.SYS
Kerberos
โ ๏ธ
CVE-2022-41034 _ Visual Studio Code RCE
VSCode
RCE
๐
CVE-2022-41120 _ Sysmon EoP Abusing Arbitrary File Deletes
EoP
Windows
๐ก
6G - The Sixth Generation Mobile Network
6G
Mobile
Cellular
Network
๐ช
In The Box - Mobile Malware Webinjects Marketplace
Dark Markets
Webinjects
๐
Cobalt Strike Memory Analysis
Cobalt-Strike
Kobold
Lithium
Magnet
Loader
๐ก๏ธ
The Defenderโs Guide to the Windows Registry
Windows
Registry
Blue
๐ฅ
The Intel PPAM attack story
PPAM
SMM
AMI
Firmware
๐
CVE-2022-25765 _ Command Injection in pdfkit
pdfkit
ruby
โญ
Discover Redigo โ New Redis Backdoor Malware
Redis
Redigo
CVE-2022-0543
๐ฐ๏ธ
Dumping and extracting the SpaceX Starlink User Terminal firmware
Starlink
SpaceX
Reverse
๐ถ
TP-Link WR940N N-Day turns into a 0day
TP-Link
WR940N
๐ฆ
CVE-2022-44721 _ Crowdstrike Falcon Uninstaller
CVE-2022-2841
CrowdStrike
Falcon
๐ซ
CVE-2022-31358 _ Multiple Vulns in Proxmox VE & Mail Gateway
Proxmox
XSS
CRLF
SSRF
๐ผ
Hitching a ride with Mustang Panda
APT
Windows
๐ฐ
HTTP Desync Attack (Request Smuggling)
HTTP Desync
Smuggling
โ๏ธ
CVE-2022-4116 _ zero-day flaw in Quarkus Java framework
Quarkus
CORS
โ
Hacking Smartwatches for Spear Phishing
Smartwatch
BLE
๐
Blasting Event-Driven Cornucopia - WMI edition
WMI
DKOM
Sandbox
๐ค
Huawei Security Hypervisor Vulnerability
Android
Huawei
Hypervisor
๐
Hellโs Keychain: Supply-chain vuln in IBM Cloud PostgreSQL
IBM
Supply-chain
๐ฆท
CVE-2022-42895/6 _ Linux Kernel Infoleak & UAF in Bluetooth L2CAP
LINUX
โ๏ธ
chip-to-cloud 'eID' logic vulnerabilities
eID
Reverse
๐น
Xiongmai IoT Exploitation
NVR
IoT
Xiongmai
๐
Bypass Android SSL Pinning &
Intercept Proxy Unaware apps
Android
Reverse
SSL
โ๏ธ
Linux & Windows Password Mining
Lateral
PrivEsc
Password
๐ฅ
Zero-to-Hero Dom Clobbering
DOM
JS
XSS
๐
Exploiting an N-day vBulletin PHP Object Injection Vulnerability
vBulletin
POP Chain
๐
APT41โs New Subgroup: Earth Longzhi
APT41
Malware
CTI
โ๏ธ
REcollapse - Fuzzing the web for mysterious bugs
User Input
Fuzzing
๐ด๏ธ
CVE-2022-33942 _ Bypassing Intel DCMโs Auth by Spoofing Kerberos and LDAP
Intel
Kerberos
LDAP
๐ผ๏ธ
PNG Steganography Hides Backdoor
Steganography
DropboxC&C
๐ค
Userspace exploitation under Android
JNI
Android
๐ก
NETGEAR R7800 AFPD PreAuth
Netgear R7800
Heap Overflow
๐งโ๐
CVE-2022-41924 _ RCE in Tailscale, DNS Rebinding, and You
Tailscale
RCE
๐ฃ
The State of Exploit Development
Exploit
Development
๐
Chrome Browser Exploitation
V8
Chrome
๐ก๏ธ
kmem_guard_t in iOS 16 / macOS 13
xnu
MacOS
iOS
๐ฉ
Remote Command Execution in a Bank Server
RCE
Remote Banking
๐ฅ
CVE-2022-41622/41800 _ F5 BIG-IP and iControl REST Vuln
F5 Big-IP
iControl
๐
CVE-2022-20868/7 _ Ciscoย SMA JWT EoP & SQLi RCE
Cisco SMA
CVE-2022-20868/7
๐ง
CVE-2022-45163 _ NXP i.MX SDP_READ_DISABLE Fuse Bypass
i.MX
Hardware
๐ฑ
Pixel 6 Bootloader Exploitation writeup
Android
Hardware
๐๏ธ
DeimosC2 C&C Framework brief-analysis
C2
C&C
๐ง
CVE-2022-41082 _ RCE in Exchange PowerShell Backend
Exchange
CVE-2022-41082
CVE-2022-41040
โผ๏ธ
CVE-2022-32932 _ ZinComputeProgramUpdateMutables() OOB write due to double fetch
Neural Engine
weightBufs
๐๏ธ
CVE-2022-36067 _ SandBreak vm2 Unauthโed RCE in Backstage
Backstage
vm2
๐ฆ
CVE-2022-32895 _ CVE-2019-8561 _ A Hard-to-Banish PackageKit Vuln
MacOS
๐
Cloning Windows Binaries and Code Signing Implants
Evasion
Windows
๐
Practical fault attacks against SM4
SM4
Hardware
Glitch
โก
CVE-2022-40303/4 _ on MacOS <13.0.1 & iOS/iPadOS <16.1.1
libxml2
iOS
MacOS
๐
CVE-2022-35914 _ GLPI htmlawed
GLPI
CVE-2022-35914
๐ฆ
Inside the V1 Raccoon Stealer
Malware
Stealer
Raccoon
๐คฏ
weightBufs ๐ฅ
exploit โ๏ธ chain
iOS
MacOS
Neural Engine
๐
On-Chain Insights From the FTX Implosion
Crypto
Finance
๐ธ๏ธ
Hosting Malware on IPFS for fun & profit!
IPFS
Malware
Web3
โต
Does OpenSea Shared Storefront have a backdoor?
NFT
OpenSea
Web3
๐
Web3 Decoder Burp Suite Extension
dApp
Web3
๐ง
Using SystemFunction032 for shellcode decryption
Windows
Shellcode
Obf
๐
Intel Boot Guard keys leak analysis
Intel
Leak
Bios
๐
Design and setup of C2 traffic redirectors
C2
HTTP
๐๏ธ
AppSec Ezine #455
AppSec
Ezine
๐
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
DDoS
BotNet
๐ฉธ
CVE-2022-26730 _ ColorSync
CVE-2022-26730
MacOS
๐ฉ๐ฟโ๐ป
DevSecOps-Playbook: step-by-step implementation guide
DevSecOps
๐ฅ
Build a Self-Destructing USB Drive
Hardware
Tactical
โ๏ธ
Checkmk RCE Chain
Checkmk
RCE
๐ฌ
Hardware Trojans Under a Microscope
RAT
Hardware
๐ฌ
More Evil Markets to buy Initial Access
Dark Markets
Initial Access
๐
CVE-2022-33679 _ One-Day Kerberos EoP
Kerberos
Windows
๐
urlscan.io's SOAR spot: Chatty security tools leaking private data
Leak
dorks
๐
CVE-2022-3602 _ OpenSSL punycode vulnerability
CVE-2022-3602
CVE-2022-3786
OpenSSL
๐ผ๏ธ
CVE-2022-40146 _ Apache Batik SSRF and RCE
Apache Batik
Java
ใฝ๏ธ
Exploited Windows โMark-of-the-Webโ Zero-Day
MoTW
Windows
๐
The Drone Cyberattack That Breached a Corporate Network
WiFi
Drone
๐ช
Abusing tokens to compromise AD w/o touching lsass
Token Theft
Active Directory
๐ช
Thatโs No Honey Badger. Itโs A Brute Ratel. A Look At BRC4.
C2
BRC4
๐
LNK file-based Attacks Are on The Rise
LNK
Phishing
Windows
๐ฐ
CVE-2022-32250 _ Exploit Linux Kernel Exploit with mqueue
CVE-2022-32250
LINUX
LPE
โ
From Shared Dash to Root Bash :: Pre-Authโed RCE in VMWare vROps
CVE-2022-31675
CVE-2022-31674
CVE-2022-31672
โป๏ธ
Eat What You Kill :: Pre-Authโed RCE in VMWare NSX Manager
VMSA-2022-0027
VMWare
NSX
๐ฅ
CVE-2022-34918 _ A crack in the Linux firewall
CVE-2022-34918
LINUX
๐ฅ
In the potato family, I want โem all
LPE
Windows
๐ฑ
Android One-Click exploiting XSS on Samsung Galaxy Store
XSS
Android
Samsung
๐ค
CVE-2022-32946 _ SiriSpy, eavesdrop conversations with Siri
iOS
apple
Siri
๐ช
CVE-2022-37981 _ The Logging Dead
CVE-2022-37981
Windows
๐
CVE-2022โ34718 _ Windows TCP/IP RCE PoC & Analysis
CVE-2022โ34718
RCE
Windows
๐ฅท
APT techniques: Access Token manipulation/theft
Win32API
Token Theft
๐งต
CVE-2022-35737 _ Stranger Strings: An exploitable flaw in SQLite
SQLite
CVE-2022-35737
๐ฏ
CVE-2022-22954 _ Mirai, RAR1 & GuardMiner target a well-known VMware RCE
VMWare
CVE-2022-22954
๐ช
SharePoint Post-Authentication Server-Side Request Forgery (SSRF)
SharePoint
SSRF
๐ผ
SS7 ัััะฐัะตะป, long life to SS7
SS7
GSM
Mobile
ะ ะพััะธั
๐ฏโโ๏ธ
Client Side De-Sync and Synch0le
client-side desync
Synch0le
๐ด
Black Basta and the Unnoticed Delivery
Ransomware
Black Basta
CTI
โธ๏ธ
Thousands Of Unsecured Kubernetes Clusters Exposed On The Internet
Kubernetes
K8S
KubeStalk
๐ฐ
Authentication Bypass & File Upload & Arbitrary File Overwrite
JWT
S3
BugBounty
๐๏ธ
ะขะตะผะฝัะต ะ ัะฝะบะธ ะฒ ะขะตะปะตะณัะฐะผะผะต
Telegram
DarkNet
ะ ะพััะธั
โช
Reverse Engineering the Apple MultiPeer Connectivity Framework
apple
Reverse
mcpeer
๐ต๏ธ
Steganography: Creating a digital microdot
Steganography
Microdot
๐ฐ
AppSec Ezine #453
AppSec
Ezine
๐ฐ๏ธ
SpaceX Starlink User Terminal Modchip
Starlink
Defcon
Modchip
๐
CVE-2022-3236 _ Sophos Firewall Code Injection
Sophos
JSON
CVE-2022-3236
๐ง
BlueBleed - The Largest B2B Leak
BlueBleed
Azure
Leak
๐ช
Fantastic Rootkits: And Where to Find Them
SSDT
RootKit
Windows
๐งถ
Exploit Deserialization Vulnerabilities in PHP
Deserialization
PHP Filter Chain
๐ก
Wireless PenTest Methodologies
Wireless
Proximity
Tactical
๐ฟ
CVE-2022-22980 _ Spring Data MongoDB SpEL ExpInjection
CVE-2022โ22980
VMWare
Spring Data MongoDB
๐ฃ๏ธ
Discovering _
CVE-2022โ22980 real exploitable path
CVE-2022โ22980
CodeQL
๐
Memory corruption vulnerabilities in Edge
Edgexplorer
VULN
๐ฅ
CVE-2022โ42889 _ Text4Shell Vuln Technical Analysis
CVE-2022โ42889
Text4Shell
Apache Commons Text
๐ฅ๏ธ
CVE-2022-27502 _ RealVNC Server 6.8.0 PrivEsc
CVE-2022-27502
RealVNC
๐ณ
CVE-2022-
39197 _ Cobalt Strike 4.7.1 RCE
CVE-2022-39197
Cobalt-Strike
๐ช
iOS Native Code Obfuscation and Syscall Hooking
iOS
Reverse
๐ก๏ธ
SingPass RASP Analysis
Reverse
iOS
๐
Relaying YubiKeys
ย
YubiKey
FIDO2
๐ธ
Replicant: Fault Injection Attack on Trezor One
Trezor
Crypto
ChipFail
๐งจ
CVE-2022-41852 _ RCE in JXPath Library
CVE-2022-41852
JXPath
๐ฆ
CVE-2022-41352 _ Zimbra 0-day
Zimbra
CVE-2022-41352
๐ฆ
CVE-2022-37042 _ Zimbra Email Vulnerability
Zimbra
CVE-2022-37042
๐งฑ
CVE-2022-40684 _ FortiOS/Proxy/SwitchManager AuthBypass
CVE-2022-40684
Fortinet
โ๏ธ
CVE-2022-37969 _ Windows CLFS Zero-Day
CVE-2022-37969
Windows
๐๏ธ
Analysing LastPass Chrome Extension
LastPass
Chrome Remote Debugging
โค๏ธโ๐ฅ
Disposable Root Servers
Segfault
Free
๐
L.E.J Mashup 80s
SPKRWRITE
๐
Attacking Titan M with Only One Byte
CVE-2022-20233
Titan M
๐ค
Attacking Android kernel (ab)using Qualcomm TrustZone
TrustZone
CVE-2021-1961
๐ธ๏ธ
Exploring the REF2731 Intrusion Set
Maldoc
Parallax
Netwire
๐
Bumblebee: increasing its capacity and evolving its TTPs
Bumblebee
Malware
๐ณ๏ธ
CVE-2022-29464 _ detailed analysis of a ShadowPad intrusion
ShadowPad
CVE-2022-29464
๐ช
Beginner's Guide to Sliver C2
C2
Sliver
๐จ
CVE-2022-41040/41082 _ 0-day RCE on Microsoft Exchange
Exchange
CVE-2022-41040
CVE-2022-41082
๐ช
Bad VIB(E)s // Novel Malware in ESXi Hypervisors
Malware
VMWare
๐ณ
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
C2
๐ฌ
Exploiting Flipper Zeroโs NFC file loader
Flipper-Zero
NFC
Buffer Overflow
๐ช
A FormBook Matryoshka
Maldoc
Windows
๐ชฃ
CVE-2022-36804 _ Bitbucket Pre Auth Remote Command Execution
CVE-2022-36804
๐ฆ
The Crypto Revolution
Crypto
Governance
bankless
๐ฅท๐ฟ
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Malware
LINUX
โช
ะพะฑะทะพั ะฝะฐ rizin
ะ ะพััะธั
Reverse
๐ป
CVE-2022-30190 _ Overview of Bears Cyberespionage
APT28
APT29
CVE-2022-30190
๐ก
Hacking Ham Radio for Texting
HamRadio
Spectrum
๐
The Sound of Malware
Malware
SPKRWRITE
๐
Tracking Joker with Medusa, static analysis (and patience)
Android
Malware
Joker
๐ชฒ
CVE-2022-26809 _ Reaching Vulnerable Point
CVE-2022-26809
Windows
๐งฑ
APT groups carried out highly targeted attack on Sophos
CVE-2022-1040
GoMet
Gh0st
CTI
๐ค
Stablecoins Are Products
Crypto
Stablecoins
๐
Emulating Phineas Phisher Attacks in Modern EDR Environments
C2
TTP
DEFRA
๐ป
GhostTouch: Contactless attack with Electromagnetic Signals
TAO
EMI
TTRY
๐
How to Make $800m in Crypto, Soros Style - Breaking $UST
Crypto
UST
๐ง
KAX17 de-anonymization against Tor
Tor
De-anon
KAX17
๐ฆ
Android/BianLian payload
Android
Malware
๐
DarkFi
Crypto
Blockchain
ZK
๐
Attacking ARM Pointer Authentication with Speculative Execution
VULN
M1
TTRY
๐
Aoqin Dragon
Windows
Malware
๐
reNgine - More than just a recon!
Recon
Scan
VA
TTRY
๐ธ
HOP Token Airdrop
DropCatcher
๐ต
The Magic of ะฅYะ
SPKRWRITE
ะ ะพััะธั
๐
Russiaโs certificate authority for sanctioned organizations
ะ ะพััะธั
๐พ
Self Hosted Roundup #7
SelfHosted
๐คฌ
Automated Malware Analysis - Joe Sandbox
Malware
Sandbox
๐
The Surreal Case of aย C.I.A. Hackerโs Revenge
Enota
๐ง
Meet Logseq, 'stores data like a brain'
Substa
TTRY
KNWLDG
๐ธ๏ธ
Francesca Bria on Decentralisation, Sovereignty, and Web3
Web3
Decentralisation
๐
Xenomorph: Hatched Banking Trojan
Malware
๐ช
Guerre di Rete - Ucraina, cronache dai cyber fronti
GuerreDiRete
๐งช
CVE-2022-0847 _ The Dirty Pipe
CVE-2022-0847
LINUX
Android
KERNEL
๐ฃ
Perchรฉ รจ il momento di fare (e informare) Guerre di Rete
GuerreDiRete
๐ถ
The state of music/Web3 tools for artists
Web3
NFT
๐ฑ
NSO zero-click iMessage RCE exploit
VULN
CVE-2021-30860
๐๏ธ
Threat Thursday: BoratRAT
RAT
Windows
Malware