Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
13 résultats taggé exploit  ✕
https://infosec.exchange/@briankrebs/109795710941843934?s=09 https://infosec.exchange/@briankrebs/109795710941843934?s=09
05/02/2023 10:47:36
QRCode
archive.org
thumbnail

GoAnywhere MFT, a popular file transfer application, is warning about a zero-day remote code injection exploit. The company said it has temporarily implemented a service outage in response.

GoAnywhere MFT 0day 0-day BrianKrebs exploit
Apple patches are out – old iPhones get an old zero-day fix at last! https://nakedsecurity.sophos.com/2023/01/24/apple-patches-are-out-old-iphones-get-an-old-zero-day-fix-at-last/
24/01/2023 08:57:50
QRCode
archive.org
thumbnail

Don’t delay, especially if you’re still running an iOS 12 device… please do it today!

nakedsecurity EN 2023 vulnerability apple cve-2022-42856 exploit ios ios-12 ipados zero-day
New GTA Online exploit now allows cheaters to ban your account https://rockstarintel.com/new-gta-online-exploit-now-lets-cheaters-to-ban-your-account
22/01/2023 15:39:01
QRCode
archive.org
thumbnail

a new Grand Theft Auto: Online exploit now allows cheaters to ban or delete peoples online profile and edit their stats

rockstarintel EN 2023 game vulnerability exploit GTA Online
The OWASSRF + TabShell exploit chain https://blog.viettelcybersecurity.com/tabshell-owassrf/
09/01/2023 23:56:01
QRCode
archive.org
thumbnail

We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail

viettelcybersecurity EN 2022 Exchange TabShell exploit chain OWASSRF vulnerabilities
Exploit released for actively abused ProxyNotShell Exchange bug https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-abused-proxynotshell-exchange-bug/
21/11/2022 09:11:59
QRCode
archive.org
thumbnail

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

bleepingcomputer EN 2022 CVE-2022-41082 CVE-2022-41040 Exploit Microsoft-Exchange Privilege-Escalation Proof-of-Concept ProxyNotShell RCE Remote-Code-Execution
Attacking Apple's Neural Engine https://github.com/0x36/weightBufs/blob/main/attacking_ane_poc2022.pdf
12/11/2022 21:59:41
QRCode
archive.org
thumbnail

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

0x36 EN 2022 WeightBufs GitHub Apple ios macos exploit NeuralEngine exploitation CVE-2022-32845 CVE-2022-32948 CVE-2022-42805 CVE-2022-32899
On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
13/10/2022 11:05:20
QRCode
archive.org

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons

doyensec doyensecurity EN 2022 vulnerability exploit eBPF bypass research
Linux Kernel Exploit (CVE-2022-32250) with mqueue https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
26/08/2022 09:57:02
QRCode
archive.org
thumbnail

Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.

theori EN 2022 exploit Linux mqueue CVE-2022-32250 Kernel
Put an io_uring on it: Exploiting the Linux Kernel - Blog | https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
04/06/2022 17:36:28
QRCode
archive.org

At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.

Graplsecurity en 2022 0-day Linux kernel exploit redteam research
Exploiting an Unbounded memcpy in Parallels Desktop https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/
20/05/2022 11:15:52
QRCode
archive.org
thumbnail

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

ret2 EN 2022 macOS Parallels Pwn2Own escape exploit VM vulnerability research reverseengineering binary-exploitation program-analysis
BRANCH HISTORY INJECTION https://www.vusec.net/projects/bhi-spectre-bhb/?s=09
11/03/2022 10:09:52
QRCode
archive.org

On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it (PoC||GTFO right?).

vusec 2022 EN analysis spectre exploit speculative cross-privilege attack
Analyzing a watering hole campaign using macOS exploits https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
15/02/2022 10:33:08
QRCode
archive.org
thumbnail

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.

macOS EN google wateringhole exploit CVE-2021-30869
Watering hole deploys new macOS malware, DazzleSpy, in Asia https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
15/02/2022 10:30:34
QRCode
archive.org
thumbnail

The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.

DazzleSpy macOS WeLiveSecurity wateringhole EN malware WebKit exploit Asia
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio