-CyberSecurityTechnologies-

2021-02-19 06:00:19 #Research
"A Journey Combining Web and Binary Exploitation in Real World", 2021.
https://github.com/orangetw/My-Presentation-Slides/blob/main/data/2021-A-Journey-Combining-Web-and-Binary-Exploitation-in-Real-World.pdf Open / Comment

2021-02-19 06:00:19 #Offensive_security
1. Electron APIs Misuse: An Attacker’s First Choice
https://blog.doyensec.com/2021/02/16/electron-apis-misuse.html
2. Gpgme and fwupd analysis
https://www.synacktiv.com/publications/gpgme-used-confusion-its-super-effective.html Open / Comment

2021-02-19 06:00:19 #Analytics
"State of Malware report 2021".
// Malwarebytes Report Open / Comment

2021-02-19 06:00:19 #Malware_analysis
1. Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
2. The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Open / Comment

2021-02-19 06:00:19 #IoT_Security
#Threat_Research
Shining a Light on SolarCity:
Practical Exploitation of the X2e IoT Device
// CVE-2020-9306 - Hardcoded Credentials, CVE-2020-12878 - Execution with Unnecessary Privileges
Part 1:
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html
Part 2:
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html Open / Comment

2021-02-19 06:00:19 SerenityOS - Writing a full chain exploit
https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html
]-> Full chain exploit for SerenityOS:
https://gist.github.com/wbowling/92fc9ef5f9d60ff4260c7f91ffbabecb Open / Comment

2021-02-18 06:00:20 #Red_Team_Tactics
1. Generating Custom Cobalt Strike Artifacts with PEzor
https://iwantmore.pizza/posts/PEzor3.html
2. CVE-2021-3271:
Pressbooks Stored Cross Site Scripting PoC
https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept Open / Comment