STRLCPY(3)

πŸ“ž
A Comprehensive Analysis of the 3CX Attack
3CXSupply-chainCTILazarus
πŸͺ†
Vulkan files leak, a rare look into Russian cyberwarfare tactics
РоссияLeakCyberWarfare
🧦
CVE-2023-21768 _ Pwning Windows Ancillary Function Driver for WinSock (afd.sys)
WindowsAFDLPEWinSock
🦘
CVE-2022-47522 _ MacStealer: Wi-Fi Client Isolation Bypass
WiFiContext Override
🧿
ARM TrustZone: pivoting to the secure world
AndroidARMTrustZoneACE
πŸ€Έβ€β™‚οΈ
CVE-2023-27326 _ Parallels Toolgate VM Escape
MacOSParallelsVMEscape
πŸƒ
BlackLotus UEFI bootkit: Myth confirmed
UEFIBootkitBlackLotusCTI
πŸ€–
CVE-2022-25664 _ The code that wasn't there: Reading memory on an Android device by accident
AndroidAdrenoKASLR
πŸ’₯
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
BiosSMMUEFIIntel
πŸͺ‘
Userland exploit chain to dump the memory of any Windows PPL process
WindowsLSASSPPL
πŸ‘€
CVE-2023-1017/18 _ Vulns in TPM 2.0 reference implementation code
TPMOOBEscape
🎳
Defining the Cobalt Strike Reflective Loader
Cobalt-StrikeReflectiveLoader
🐑
CVE-2023-25136 _ OpenSSH Pre-Auth Double Free
OpenSSHDouble-FreeOpenBSD
πŸ“ͺ
CVE-2023-23397 _ Microsoft Outlook EoP
OutlookWindowsEoPNTLM
πŸ’£
Multiple Internet to Baseband RCE Vulns in Exynos Modems
BasebandRCEExynosAndroid
πŸ–ΌοΈ
CVE-2022-44268/7 _ ImageMagick: The hidden vulnerability behind your online images
ImageMagickRemote Leak
πŸ“„
CVE-2023-21608 _ Adobe Acrobat Reader resetForm RCE
AdobeAcrobatRCE
πŸͺ΅
VMSA-2023-0001 _ VMware vRealize Log Insight Multiple Vulns
VMWarevRealize
πŸ––
CVE-2022-34689 _ Exploiting a Critical Spoofing Vuln in Windows CryptoAPI
WindowsMD5CryptoAPI
πŸ›«
how to completely own an airline in 3 easy steps
jenkinsaviationnofly
🍎
CVE-2023-23504 _ XNU Heap Underwrite in dlil.c
AppleXNUMacOSiOS
πŸ’£
CVE-2022-38181 _ yet another Arm Mali GPU Android exploit
AndroidMaliARM
πŸͺ
CVE-2022-42864 _ Diabolical Cookies on iOS/MacOS
iOSMacOSApple
πŸ’¬
CVE-2023-24068/69 _ Abusing Signal Desktop for fun & Espionage
SignalDesktop
🐧
CVE-2023-0179 _ Linux kernel stack buffer overflow in nftables
LINUXKERNELNFTables
☠️
making malware with VX-API
VX-APIDevelopment
🐍
Prototype Pollution in Python
PythonPrototype
πŸ”“
Unlocking LockBit, a Ransomware story
LockBitRansomware
🍯
Xdr33, A Variant Of CIA’s HIVE Attack Kit
XDR33HIVEC2
πŸ“§
The OWASSRF + TabShell exploit chain
ExchangeOWASSRFTabShell
🌲
Game Of Active Directory, PWNING is coming!
Active DirectoryLab
🌘
Blindside: EDR Evasion with Hardware Breakpoints
WindowsEDREvasion
πŸ’ 
Precious Gemstones: The New Generation of Kerberos Attacks
KerberosWindowsAD
πŸ•ΈοΈ
Netcomm Unauthenticated RCE Vuln
NETCOMMNF20MESH
🌡
CVE-2022-46169 _ Cacti Unauthenticated Command Injection
CactiPHP
🦺
Exciting approaches to memory safety
memorysafetymitigationsarchitectures
☠️
CVE-2022-41082/80 _ OWASSRF, Bypassing ProxyNotShell Mitigations
OWASSRFExchange
🦘
VLAN Hopping techniques
VLANNetworkingCISCO
🌢️
Spice up your persistence loading PHP extensions from memory
PHP ExtensionsX-C3LL
πŸ“›
Firebase is Insecure by Default
FirebaseFizz
πŸšΆπŸΏβ€β™‚οΈ
SilentMoonwalk: Implementing a dynamic Call Stack Spoofer
WindowsStackSpoofing
🦊
CVE-2022-28672 _ Foxit PDF Reader UAF RCE
FoxitPDFWindows
🩸
CVE-2022-4543 _ EntryBleed: Breaking KASLR under KPTI with Prefetch
LINUXKASLRKPTI
πŸͺ€
Huawei Secure Monitor Vulnerabilities
AndroidHuaweiATFSecure Monitor
🧨
FOISted, remote exploit for MikroTik’s RouterOS 6
MikroTikRouterOSJailBreak
πŸ‘Ί
IIS modules: The evolution of web shells
WindowsIISWebShell
πŸͺ£
Atlassian Session Hijacking (& 2FA bypass) using stolen JWTs
BitBucketJiraConfluence
🐧
CVE-2022-42703 _ Bringing back the stack attack to Linux (kernel)
LINUXKERNEL
🐑
Fuzzing ping(8)… and finding a 24 year old bug.
OpenBSDPingAFL
πŸ”₯
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
JSONSQLiAntiWAF
πŸ₯Œ
CVE-2022-4059/42 _ Supply Chain Vulns Put Server Ecosystem At Risk
BMC&CAMIMegaRACRedfishIPMI
πŸ₯‹
Multiple Zero-Day Vulnerabilities in Leading EDRs and AVs
FUDAntiEDRAV
πŸš₯
CVE-2022-3328 _ Snapd Race condition in snap-confine
SnapdUbuntu
πŸͺŸ
CVE-2022-41057 _ Windows 11 HTTP.SYS Kerberos PAC EoP
WindowsHTTP.SYSKerberos
⚠️
CVE-2022-41034 _ Visual Studio Code RCE
VSCodeRCE
πŸ“Š
CVE-2022-41120 _ Sysmon EoP Abusing Arbitrary File Deletes
EoPWindows
πŸ“‘
6G - The Sixth Generation Mobile Network
6GMobileCellularNetwork
πŸͺ
In The Box - Mobile Malware Webinjects Marketplace
Dark MarketsWebinjects
πŸ•‹
Cobalt Strike Memory Analysis
Cobalt-StrikeKoboldLithiumMagnetLoader
πŸ›‘οΈ
The Defender’s Guide to the Windows Registry
WindowsRegistryBlue
πŸ’₯
The Intel PPAM attack story
PPAMSMMAMIFirmware
πŸ“„
CVE-2022-25765 _ Command Injection in pdfkit
pdfkitruby
⭐
Discover Redigo β€” New Redis Backdoor Malware
RedisRedigoCVE-2022-0543
πŸ¦…
CVE-2022-44721 _ Crowdstrike Falcon Uninstaller
CVE-2022-2841CrowdStrikeFalcon
πŸ’«
CVE-2022-31358 _ Multiple Vulns in Proxmox VE & Mail Gateway
ProxmoxXSSCRLFSSRF
🐼
Hitching a ride with Mustang Panda
APTWindows
🎰
HTTP Desync Attack (Request Smuggling)
HTTP DesyncSmuggling
βš›οΈ
CVE-2022-4116 _ zero-day flaw in Quarkus Java framework
QuarkusCORS
⌚
Hacking Smartwatches for Spear Phishing
SmartwatchBLE
πŸ’
Blasting Event-Driven Cornucopia - WMI edition
WMIDKOMSandbox
πŸ€–
Huawei Security Hypervisor Vulnerability
AndroidHuaweiHypervisor
πŸ”‘
Hell’s Keychain: Supply-chain vuln in IBM Cloud PostgreSQL
IBMSupply-chain
🦷
CVE-2022-42895/6 _ Linux Kernel Infoleak & UAF in Bluetooth L2CAP
LINUX
☁️
chip-to-cloud 'eID' logic vulnerabilities
eIDReverse
πŸ“Ή
Xiongmai IoT Exploitation
NVRIoTXiongmai
πŸ“Œ
Bypass Android SSL Pinning & Intercept Proxy Unaware apps
AndroidReverseSSL
⛏️
Linux & Windows Password Mining
LateralPrivEscPassword
πŸ₯Š
Zero-to-Hero Dom Clobbering
DOMJSXSS
πŸ“‹
Exploiting an N-day vBulletin PHP Object Injection Vulnerability
vBulletinPOP Chain
🎠
APT41’s New Subgroup: Earth Longzhi
APT41MalwareCTI
βœ”οΈ
REcollapse - Fuzzing the web for mysterious bugs
User InputFuzzing
πŸ•΄οΈ
CVE-2022-33942 _ Bypassing Intel DCM’s Auth by Spoofing Kerberos and LDAP
IntelKerberosLDAP
πŸ–ΌοΈ
PNG Steganography Hides Backdoor
SteganographyDropboxC&C
πŸ€–
Userspace exploitation under Android
JNIAndroid
πŸ“‘
NETGEAR R7800 AFPD PreAuth
Netgear R7800Heap Overflow
πŸ§‘β€πŸš€
CVE-2022-41924 _ RCE in Tailscale, DNS Rebinding, and You
TailscaleRCE
πŸ’£
The State of Exploit Development
ExploitDevelopment
🌏
Chrome Browser Exploitation
V8Chrome
πŸ›‘οΈ
kmem_guard_t in iOS 16 / macOS 13
xnuMacOSiOS
🎩
Remote Command Execution in a Bank Server
RCERemote Banking
πŸ”₯
CVE-2022-41622/41800 _ F5 BIG-IP and iControl REST Vuln
F5 Big-IPiControl
🌐
CVE-2022-20868/7 _ CiscoΒ SMA JWT EoP & SQLi RCE
Cisco SMACVE-2022-20868/7
πŸ§‡
CVE-2022-45163 _ NXP i.MX SDP_READ_DISABLE Fuse Bypass
i.MXHardware
πŸ“±
Pixel 6 Bootloader Exploitation writeup
AndroidHardware
πŸŽ›οΈ
DeimosC2 C&C Framework brief-analysis
C2C&C
πŸ“§
CVE-2022-41082 _ RCE in Exchange PowerShell Backend
ExchangeCVE-2022-41082CVE-2022-41040
‼️
CVE-2022-32932 _ ZinComputeProgramUpdateMutables() OOB write due to double fetch
Neural EngineweightBufs
πŸ–οΈ
CVE-2022-36067 _ SandBreak vm2 Unauth’ed RCE in Backstage
Backstagevm2
πŸ“¦
CVE-2022-32895 _ CVE-2019-8561 _ A Hard-to-Banish PackageKit Vuln
MacOS
πŸ”
Cloning Windows Binaries and Code Signing Implants
EvasionWindows
πŸ”“
Practical fault attacks against SM4
SM4HardwareGlitch
⚑
CVE-2022-40303/4 _ on MacOS <13.0.1 & iOS/iPadOS <16.1.1
libxml2iOSMacOS
πŸ’‰
CVE-2022-35914 _ GLPI htmlawed
GLPICVE-2022-35914
🦝
Inside the V1 Raccoon Stealer
MalwareStealerRaccoon
🀯
weightBufs πŸ”₯ exploit ⛓️ chain
iOSMacOSNeural Engine
πŸ“‰
On-Chain Insights From the FTX Implosion
CryptoFinance
πŸ•ΈοΈ
Hosting Malware on IPFS for fun & profit!
IPFSMalwareWeb3
β›΅
Does OpenSea Shared Storefront have a backdoor?
NFTOpenSeaWeb3
πŸ”
Web3 Decoder Burp Suite Extension
dAppWeb3
🧐
Using SystemFunction032 for shellcode decryption
WindowsShellcodeObf
πŸ”‘
Intel Boot Guard keys leak analysis
IntelLeakBios
πŸ”€
Design and setup of C2 traffic redirectors
C2HTTP
πŸ—žοΈ
AppSec Ezine #455
AppSecEzine
🌊
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
DDoSBotNet
🩸
CVE-2022-26730 _ ColorSync
CVE-2022-26730MacOS
πŸ‘©πŸΏβ€πŸ’»
DevSecOps-Playbook: step-by-step implementation guide
DevSecOps
πŸ’₯
Build a Self-Destructing USB Drive
HardwareTactical
⛓️
Checkmk RCE Chain
CheckmkRCE
πŸ”¬
Hardware Trojans Under a Microscope
RATHardware
🏬
More Evil Markets to buy Initial Access
Dark MarketsInitial Access
🌐
CVE-2022-33679 _ One-Day Kerberos EoP
KerberosWindows
πŸ”—
urlscan.io's SOAR spot: Chatty security tools leaking private data
Leakdorks
πŸ”
CVE-2022-3602 _ OpenSSL punycode vulnerability
CVE-2022-3602CVE-2022-3786OpenSSL
πŸ–ΌοΈ
CVE-2022-40146 _ Apache Batik SSRF and RCE
Apache BatikJava
〽️
Exploited Windows β€œMark-of-the-Web” Zero-Day
MoTWWindows
🚁
The Drone Cyberattack That Breached a Corporate Network
WiFiDrone
πŸͺ™
Abusing tokens to compromise AD w/o touching lsass
Token TheftActive Directory
πŸͺ–
That’s No Honey Badger. It’s A Brute Ratel. A Look At BRC4.
C2BRC4
πŸ”—
LNK file-based Attacks Are on The Rise
LNKPhishingWindows
🌰
CVE-2022-32250 _ Exploit Linux Kernel Exploit with mqueue
CVE-2022-32250LINUXLPE
βž•
From Shared Dash to Root Bash :: Pre-Auth’ed RCE in VMWare vROps
CVE-2022-31675CVE-2022-31674CVE-2022-31672
♻️
Eat What You Kill :: Pre-Auth’ed RCE in VMWare NSX Manager
VMSA-2022-0027VMWareNSX
πŸ’₯
CVE-2022-34918 _ A crack in the Linux firewall
CVE-2022-34918LINUX
πŸ₯”
In the potato family, I want β€˜em all
LPEWindows
πŸ“±
Android One-Click exploiting XSS on Samsung Galaxy Store
XSSAndroidSamsung
🎀
CVE-2022-32946 _ SiriSpy, eavesdrop conversations with Siri
iOSappleSiri
πŸͺ“
CVE-2022-37981 _ The Logging Dead
CVE-2022-37981Windows
πŸ’€
CVE-2022–34718 _ Windows TCP/IP RCE PoC & Analysis
CVE-2022–34718RCEWindows
πŸ₯·
APT techniques: Access Token manipulation/theft
Win32APIToken Theft
🧡
CVE-2022-35737 _ Stranger Strings: An exploitable flaw in SQLite
SQLiteCVE-2022-35737
🎯
CVE-2022-22954 _ Mirai, RAR1 & GuardMiner target a well-known VMware RCE
VMWareCVE-2022-22954
πŸͺŸ
SharePoint Post-Authentication Server-Side Request Forgery (SSRF)
SharePointSSRF
πŸ—Ό
SS7 устарСл, long life to SS7
SS7GSMMobileРоссия
πŸ‘―β€β™€οΈ
Client Side De-Sync and Synch0le
client-side desyncSynch0le
🏴
Black Basta and the Unnoticed Delivery
RansomwareBlack BastaCTI
☸️
Thousands Of Unsecured Kubernetes Clusters Exposed On The Internet
KubernetesK8SKubeStalk
🐰
Authentication Bypass & File Upload & Arbitrary File Overwrite
JWTS3BugBounty
πŸ›οΈ
Π’Π΅ΠΌΠ½Ρ‹Π΅ Π Ρ‹Π½ΠΊΠΈ Π² Π’Π΅Π»Π΅Π³Ρ€Π°ΠΌΠΌΠ΅
TelegramDarkNetРоссия
βͺ
Reverse Engineering the Apple MultiPeer Connectivity Framework
appleReversemcpeer
πŸ•΅οΈ
Steganography: Creating a digital microdot
SteganographyMicrodot
πŸ“°
AppSec Ezine #453
AppSecEzine
πŸ’‰
CVE-2022-3236 _ Sophos Firewall Code Injection
SophosJSONCVE-2022-3236
πŸ’§
BlueBleed - The Largest B2B Leak
BlueBleedAzureLeak
πŸ”ͺ
Fantastic Rootkits: And Where to Find Them
SSDTRootKitWindows
🧢
Exploit Deserialization Vulnerabilities in PHP
DeserializationPHP Filter Chain
πŸ“‘
Wireless PenTest Methodologies
WirelessProximityTactical
🌿
CVE-2022-22980 _ Spring Data MongoDB SpEL ExpInjection
CVE-2022–22980VMWareSpring Data MongoDB
πŸ›£οΈ
Discovering _ CVE-2022–22980 real exploitable path
CVE-2022–22980CodeQL
🌍
Memory corruption vulnerabilities in Edge
EdgexplorerVULN
πŸ”₯
CVE-2022–42889 _ Text4Shell Vuln Technical Analysis
CVE-2022–42889Text4ShellApache Commons Text
πŸ–₯️
CVE-2022-27502 _ RealVNC Server 6.8.0 PrivEsc
CVE-2022-27502RealVNC
🎳
CVE-2022-39197 _ Cobalt Strike 4.7.1 RCE
CVE-2022-39197Cobalt-Strike
πŸͺ
iOS Native Code Obfuscation and Syscall Hooking
iOSReverse
πŸ›‘οΈ
SingPass RASP Analysis
ReverseiOS
πŸ”‘
Relaying YubiKeysΒ 
YubiKeyFIDO2
πŸ’Έ
Replicant: Fault Injection Attack on Trezor One
TrezorCryptoChipFail
🧨
CVE-2022-41852 _ RCE in JXPath Library
CVE-2022-41852JXPath
πŸ¦“
CVE-2022-41352 _ Zimbra 0-day
ZimbraCVE-2022-41352
πŸ¦“
CVE-2022-37042 _ Zimbra Email Vulnerability
ZimbraCVE-2022-37042
🧱
CVE-2022-40684 _ FortiOS/Proxy/SwitchManager AuthBypass
CVE-2022-40684Fortinet
β™ŸοΈ
CVE-2022-37969 _ Windows CLFS Zero-Day
CVE-2022-37969Windows
πŸ—οΈ
Analysing LastPass Chrome Extension
LastPassChrome Remote Debugging
❀️‍πŸ”₯
Disposable Root Servers
SegfaultFree
πŸ”Š
L.E.J Mashup 80s
SPKRWRITE
πŸ”“
Attacking Titan M with Only One Byte
CVE-2022-20233Titan M
πŸ€–
Attacking Android kernel (ab)using Qualcomm TrustZone
TrustZoneCVE-2021-1961
πŸ•ΈοΈ
Exploring the REF2731 Intrusion Set
MaldocParallaxNetwire
🐝
Bumblebee: increasing its capacity and evolving its TTPs
BumblebeeMalware
πŸ•³οΈ
CVE-2022-29464 _ detailed analysis of a ShadowPad intrusion
ShadowPadCVE-2022-29464
πŸͺ™
Beginner's Guide to Sliver C2
C2Sliver
πŸ“¨
CVE-2022-41040/41082 _ 0-day RCE on Microsoft Exchange
ExchangeCVE-2022-41040CVE-2022-41082
πŸšͺ
Bad VIB(E)s // Novel Malware in ESXi Hypervisors
MalwareVMWare
🎳
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
C2
🐬
Exploiting Flipper Zero’s NFC file loader
Flipper-ZeroNFCBuffer Overflow
πŸͺ†
A FormBook Matryoshka
MaldocWindows
πŸͺ£
CVE-2022-36804 _ Bitbucket Pre Auth Remote Command Execution
CVE-2022-36804
🏦
The Crypto Revolution
CryptoGovernancebankless
πŸ₯·πŸΏ
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
MalwareLINUX
βͺ
ΠΎΠ±Π·ΠΎΡ€ Π½Π° rizin
РоссияReverse
🐻
CVE-2022-30190 _ Overview of Bears Cyberespionage
APT28APT29CVE-2022-30190
πŸ“‘
Hacking Ham Radio for Texting
HamRadioSpectrum
πŸ”Š
The Sound of Malware
MalwareSPKRWRITE
πŸƒ
Tracking Joker with Medusa, static analysis (and patience)
AndroidMalwareJoker
πŸͺ²
CVE-2022-26809 _ Reaching Vulnerable Point
CVE-2022-26809Windows
🧱
APT groups carried out highly targeted attack on Sophos
CVE-2022-1040GoMetGh0stCTI
πŸ€‘
Stablecoins Are Products
CryptoStablecoins
πŸ‘Š
Emulating Phineas Phisher Attacks in Modern EDR Environments
C2TTPDEFRA
πŸ‘»
GhostTouch: Contactless attack with Electromagnetic Signals
TAOEMITTRY
🌚
How to Make $800m in Crypto, Soros Style - Breaking $UST
CryptoUST
πŸ§…
KAX17 de-anonymization against Tor
TorDe-anonKAX17
🦠
Android/BianLian payload
AndroidMalware
πŸŒ‘
DarkFi
CryptoBlockchainZK
πŸ’”
Attacking ARM Pointer Authentication with Speculative Execution
VULNM1TTRY
πŸ›
Aoqin Dragon
WindowsMalware
🌐
reNgine - More than just a recon!
ReconScanVATTRY
πŸ’Έ
HOP Token Airdrop
DropCatcher
🌡
The Magic of Π₯YΠ™
SPKRWRITEРоссия
πŸ”
Russia’s certificate authority for sanctioned organizations
Россия
πŸ’Ύ
Self Hosted Roundup #7
SelfHosted
🀬
Automated Malware Analysis - Joe Sandbox
MalwareSandbox
πŸ‘€
The Surreal Case of aΒ C.I.A. Hacker’s Revenge
Enota
🧠
Meet Logseq, 'stores data like a brain'
SubstaTTRYKNWLDG
πŸ•ΈοΈ
Francesca Bria on Decentralisation, Sovereignty, and Web3
Web3Decentralisation
🎠
Xenomorph: Hatched Banking Trojan
Malware
πŸͺ–
Guerre di Rete - Ucraina, cronache dai cyber fronti
GuerreDiRete
πŸ§ͺ
CVE-2022-0847 _ The Dirty Pipe
CVE-2022-0847LINUXAndroidKERNEL
πŸ’£
PerchΓ© Γ¨ il momento di fare (e informare) Guerre di Rete
GuerreDiRete
🎢
The state of music/Web3 tools for artists
Web3NFT
πŸ“±
NSO zero-click iMessage RCE exploit
VULNCVE-2021-30860
πŸŽ—οΈ
Threat Thursday: BoratRAT
RATWindowsMalware