Passive OS detection based on SYN packets without Transmitting any Data
https://github.com/activecm/smudge
https://github.com/activecm/smudge
GitHub
GitHub - activecm/smudge: Passive OS detection based on SYN packets without Transmitting any Data
Passive OS detection based on SYN packets without Transmitting any Data - activecm/smudge
Exploring Prompt Injection Attacks
https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/
https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
Aqua
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it.
Understanding Fuzz Testing in Go
https://blog.jetbrains.com/go/2022/12/14/understanding-fuzz-testing-in-go/
https://blog.jetbrains.com/go/2022/12/14/understanding-fuzz-testing-in-go/
The JetBrains Blog
Understanding Fuzz Testing in Go | The GoLand Blog
Our latest blog post will teach you how to run fuzz tests in GoLand. You'll also learn about the advantages and disadvantages of fuzzing, and even some advanced fuzzing techniques.
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
https://github.com/optiv/Mangle
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
Venom is a library that meant to perform evasive communication using stolen browser socket.
https://github.com/Idov31/Venom
https://github.com/Idov31/Venom
GitHub
GitHub - Idov31/Venom: Venom is a library that meant to perform evasive communication using stolen browser socket
Venom is a library that meant to perform evasive communication using stolen browser socket - Idov31/Venom
Gepetto is a Python script which uses OpenAI's davinci-003 model to provide meaning to functions decompiled by IDA Pro. At the moment, it can ask davinci-003 to explain what a function does, and to automatically rename its variables
https://github.com/JusticeRage/Gepetto
https://github.com/JusticeRage/Gepetto
GitHub
GitHub - JusticeRage/Gepetto: IDA plugin which queries language models to speed up reverse-engineering
IDA plugin which queries language models to speed up reverse-engineering - JusticeRage/Gepetto
VT Intelligence Cheat Sheet
https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html
https://www.virustotal.com/go/vti-cheatsheet
https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html
https://www.virustotal.com/go/vti-cheatsheet
Virustotal
VT Intelligence Cheat Sheet
Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most usefu...
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Microsoft News
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
EfiXplorer: Hunting UEFI Firmware NVRAM Vulnerabilities
https://binarly.io/posts/efiXplorer_Hunting_UEFI_Firmware_NVRAM_Vulnerabilities/index.html
https://binarly.io/posts/efiXplorer_Hunting_UEFI_Firmware_NVRAM_Vulnerabilities/index.html
https://binarly.io/
efiXplorer: Hunting UEFI Firmware NVRAM Vulnerabilities | Binarly – AI -Powered Firmware Supply Chain Security Platform
Binarly released a new version of efiXplorer v5.2 [Xmas Edition] today, with support for the new IDA SDK v8.2 and the addition of multiple code analysis improvements.
Windows built-in Sandbox Disables Microsoft Defender and other EDR/AV: Attack Detection and Prevention via MemoryRanger
https://youtu.be/NGrSPuC7xr0
https://youtu.be/NGrSPuC7xr0
YouTube
Texas Cyber Summit 2022: Windows built-in Sandbox Disables Microsoft Defender and other EDR/AV
"Windows built-in Sandbox Disables Microsoft Defender and other EDR/AV: Attack Detection and Prevention via MemoryRanger"
• Kernel attacks are still serious for Windows OS security. It is crucial to analyze the popular techniques that result in loading…
• Kernel attacks are still serious for Windows OS security. It is crucial to analyze the popular techniques that result in loading…
How to share what you’ve learned from our audits
https://blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/
https://blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/
The Trail of Bits Blog
How to share what you’ve learned from our audits
Trail of Bits recently completed a security review of cURL, which is an amazing and ubiquitous tool for transferring data. We were really thrilled to see cURL founder and lead developer Daniel Stenberg write a blog post about the engagement and the report…