OC AWS IoT Core: A Compromised Device Perspective (seanpesce.blogspot.com)
I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this blog post, as well as a command-line tool to help with enumeration and data harvesting during security assessments of products that...
CVE-2020-19909 is everything that is wrong with CVEs (daniel.haxx.se)
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system.
Threat Group Assessment: Mallox Ransomware (unit42.paloaltonetworks.com)
Mallox ransomware activity has increased in 2023. Our assessment of this gang and their recent behavior includes attack types and recruitment efforts.
Critical AMI BMC Bug
Just wanted to share:...
Hunting for Nginx Alias Traversals in the wild (labs.hakaioffsec.com)
Nginx, a versatile web server pivotal to numerous internet infrastructures, has held a dominant market share since its inception in 2004, with widespread adoption across websites and Docker containers. This article delves into the intricacies of Nginx, focusing on the location and alias directives that are central to how Nginx
8Base Ransomware: A Heavy Hitting Player (blogs.vmware.com)
8Base ransomware group has remained relatively unknown despite the massive spike in activity in Summer of 2023, learn more about their attack patterns.
Finding Gadgets for CPU Side-Channels with Static Analysis Tools (github.com)
Google researchers Jordy Zomer & Alexandra Sandulescu explain how they used CodeQL to discover Spectre-v1 gadgets in the Linux kernel.
Android SELinux Internals (8ksec.io)
"This is part 1 of a 2-part series on Android SELinux Internals where we will do a deep dive into the world of SELinux on Android and understand its inner workings, along with its functionalities and benefits. We'll discuss how SELinux provides security on Android devices and ways to bypass it."
LibreOffice Arbitrary File Write (CVE-2023-1883) (secfault-security.com)
Write up by Secfault Security
CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & DoS PoC (jfrog.com)
Day[0] Podcast (DayZeroSec) - a deeply technical podcast that covers infosec news, vulnerabilities/exploits, and per-episode "Spot the Vuln" challenges (youtube.com)
In my opinion, this is far-and-away the best infosec audio/video content out there (and no, I'm not affiliated in any way)....
One-click Open-redirect to own Samsung S22 at Pwn2Own 2022 (starlabs.sg)
"In this article, we will dive into the details of an open-redirect vulnerability discovered during the Pwn2Own 2022 event and how we exploited it on a Samsung S22 device. By breaking down the technical aspects and using code snippets, we aim to provide a comprehensive overview of this critical security flaw."
Discovering vulnerabilities in Android permissions using a solver approach (blog.thalium.re)
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."
An Introduction to the Art of Fuzzing (bushido-sec.com)
Bushido Security | "This fuzzing introduction covers all the essentials one should know about the art of fuzzing. It explains major concepts and illustrates them with hands-on exercises the reader can follow."
Exploiting null Dereferences in the Linux Kernel | Project Zero (googleprojectzero.blogspot.com)
REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB (labs.taszk.io)
Obtaining privileged execution on Huawei devices with a ToC-ToU vulnerability in the firmware recovery mechanism ZIP archive parser
Hacking root EPP servers to take control of zones (hackcompute.com)
Finding vulnerabilities in global domain infrastructure to take control of ccTLD zones
0DayFans - an aggregator for vulnerabilities and other infosec news (0dayfans.com)
Made by the creators of the DayZeroSec podcast