This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.
0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759
PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.
7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119
The Nullcon Berlin 2023 Call For Papers is open. It will take place March 9th through the 10th, 2023 in Berlin, Germany.
fe1cb7a63d18537e4b4b907db517cecd2187c370eebe4852d306e3dc81a202d3
FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.
326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.
b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78b
Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.
0f616b5cf39ba9d918c5536f81ef8913f0d5085d06313e728467400d30c01737
Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.
5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951
The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.
a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10
The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.
210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880b
The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.
2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2
The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.
d8182cfe16d9ccbd8e7da1be7700730af253ceafe0069e08c13e7dd297ae1bfc
Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.
7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5
This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.
5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911
Whitepaper discussing how to crack Notezilla passwords.
db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.
39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
This is the Spamhaus Botnet Threat Update for Q1 2022. It shows a modest increase of 8% in the new number of botnet command and controllers.
27881d2519cb2cb26262ed765a46dee0f7d9f74eee33851a0592cb21197cffd3
This is a research paper titled Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels. It analyzes 1,759 iOS apps before and after the changes in iOS 14.
f2c94b3fe30d62f6090a9abdcdc56152591090977c196e48ef151cadea9e410a
Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.
050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.
0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
In-depth whitepaper that casts light on the actual telemetry data sent by Google Play Services, which to date has largely been opaque.
1961b146927a5d663ba288e9e0655edeb281a7f9333b4a2e556204df1aadc496
Whitepaper that discusses passive inter-modulation sources and cancellation methods. When two or more signals of different frequencies pass through a nonlinear system, intermodulation distortion (IMD) occurs, resulting in the formation of spurious distortion signals. IMD is most commonly found in active circuits of a radio system, but it can also be found in passive wireless components such as lters, transmission lines, connectors, antennas, attenuators, and so on, especially when transmit power is quite high. Passive intermodulation (PIM) distortion is the name given to the IMD in the latter scenario. With the evolution of radio systems and the scarcity of radio spectrum, PIM interference is being recognized as a potential stumbling block to a radio network's maximum capacity. This article classifies the PIM sources in BS radio systems into two categories, internal and external sources. Internal sources are the radio's passive components such lters, transmission lines, connections, antennas, and so on. External sources, on the other hand, are passive items that are located outside of the BS antenna but inside the RF signal path, such as metallic and rusted objects in the antenna near eld. The high power current flowing through such passive devices can cause nonlinear behavior, resulting in IMD for both types of sources. Also, a review of PIM mitigation techniques is presented in the article.
cf614fd9aec75f56c27a43e6f47b0a0ad97338db9c10ee853cbd6a9b35d11692
Whitepaper called PE Infection that discusses portable execution injection and exploitation. Written in Arabic.
e0534cb924c64a357ac0fc2ed8a017fc1a7e5701279ab670c791cde630d32ab9
Whitepaper called OPENSSLDIR - The adventures of hidden folder to privilege escalation.
169de44bba1064b1fdf63754db8a9eba9c5bd777fa8e4e5dd12cb47dfe4af528