____ ____ ____ ____ ____ ____ ___ ____ _____ / // // // // // /_/ // / __/____/__ /___// // // // // // //__ / /________ / / // // // // // // \ /________ / /___//___//___//___//___//___//____/ /_________/ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __ / // // // // // // // // // // \ / //___// // __// // // // // // // / / /____ / // \ / // // // // // // / /___//___//___//___//___//___//___//___//___//___//___/ 20210126 _______________________________________________________________________________ /// PSA //////////////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» Google TAG: New campaign targeting security researchers» DPRK Malware Targeting Security Researchers_______________________________________________________________________________ /// Bugs /////////////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» Project Zero: The State of State Machines» Windows 10 bug corrupts your hard drive on seeing this file's icon» Windows 10 bug crashes your PC when you access this location_______________________________________________________________________________ /// Exploits /////////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» VisualDoor: SonicWall SSL-VPN Exploit» Three Bugs In Orion's Belt: Chaining Multiple Bugs For Unauthenticated RCE In The Solarwinds Orion Platform» Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)» ea/bosch_headunit_root - Rooting Bosch lcn2kai Headunit» sudoedit symlink fix for CVE-2021-23240 introduced new vulnerability_______________________________________________________________________________ /// Malware Analysis /////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» RIFT: Analysing a Lazarus Shellcode Execution Method» DreamBus Botnet - Technical Analysis» Hasherezade - Flare-On 7 Task 10_______________________________________________________________________________ /// Projects /////////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» Corellium port of Linux to M1» Malvuln - Disclosing vulnerabilities in malware_______________________________________________________________________________ /// Techniques ///////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: House of Rust» Fuzzing Like A Caveman 5: A Code Coverage Tour for Cavepeople» DNS C2 Sandwich: A Novel Approach» Shellcode Injection using Nim and Syscalls» Linux Rootkits: New Methods for Kernel 5.7+_______________________________________________________________________________ /// Tools and POCs ///////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» d3npa/dll-injector - Rust DLL Injector» LloydLabs/delete-self-poc_______________________________________________________________________________ /// Safari ///////////////////////////////////////////////////////////////////// ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯» [hermit] analytics.twitter.com open redirect with weird token» [netspooky] Fun Zyxel router demo you can telnet from, creds - demo:demouser