Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB
https://blog.christophetd.fr/dll-unlinking/
https://blog.christophetd.fr/dll-unlinking/
Christophe Tafani-Dereeper
Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB - Christophe Tafani-Dereeper
In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…
Zer0Con2023.YearInReview.pdf
2.8 MB
2022 Year in Review
0-days Detected In-the-Wild in 2022
0-days Detected In-the-Wild in 2022
Mobile Exploitation, the past, present, and future.pdf
8 MB
Mobile Exploitation - The past, present, and the future
DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly
https://www.cs.ucr.edu/~heng/pubs/DeepDi.pdf
P.S. Интересно, но много фолсов
https://www.cs.ucr.edu/~heng/pubs/DeepDi.pdf
P.S. Интересно, но много фолсов
How AI helps keeping Gmail inboxes malware free
https://elie.net/static/files/how-ai-helps-keeping-gmail-inboxes-malware-free/how-ai-helps-keeping-gmail-inboxes-malware-free-slides.pdf
https://elie.net/static/files/how-ai-helps-keeping-gmail-inboxes-malware-free/how-ai-helps-keeping-gmail-inboxes-malware-free-slides.pdf
Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
Virustotal
Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI
At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelli...
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
STAR Labs
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
Introduction While analyzing CVE-2022-41082, also known as ProxyNotShell, we discovered this vulnerability which we have detailed in this blog. However, for a comprehensive understanding, we highly recommend reading the thorough analysis written by team ZDI.…
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component
https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html
https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html
Trellix
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component
Get a comprehensive understanding of CVE-2022-37985, a unique information disclosure vulnerability in Windows Graphics Component. Our blog post covers the technical details of the vulnerability, how it can be exploited, and advice on mitigating the risks.
eBPF Observability Tools Are Not Security Tools
https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html
https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html
Brendangregg
eBPF Observability Tools Are Not Security Tools
eBPF Observability Tools Are Not Have Security Tools
Using AI to find software vulnerabilities in XNU
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
Inulledmyself
Using AI to find software vulnerabilities in XNU
Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
Amazon
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework | Amazon Web Services
Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
PASTIS For The Win!
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
Quarkslab
PASTIS For The Win! - Quarkslab's blog
In this blog post we present PASTIS, a Python framework for ensemble fuzzing, developed at Quarkslab.
Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
GitHub
Presentations/Offensivecon 2023/Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0.pdf at main · star-…
Contribute to star-sg/Presentations development by creating an account on GitHub.
CustomProcessingUnit:
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
s10515-022-00374-6.pdf
2 MB
BCGen: a comment generation method for bytecode