Cybersecurity Flow

作者:Charles Fol (@cfreal_) 程序:vBulletin 漏洞类型:RCE,Insecure deserialization,Security code review 赏金:-

作者:Akash c 程序:- 漏洞类型:Blind XSS,SSRF 赏金:500

有新的漏洞组件被发现啦,组件ID:phpCMS
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

有新的漏洞组件被发现啦,组件ID:F5
A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability.

有新的漏洞组件被发现啦,组件ID:F5
A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.

As the leading provider of MDR services, only Sophos has the breadth and depth of experience to deliver the best possible cybersecurity outcomes.
Article Link: More customers trust Sophos for MDR than any other cybersecurity provider – Sophos News
1 post - 1 participant
Read full topic

🔍 Introduction Zip Bomb는 Decompression bomb로도 불리며 압축을 풀었을 때 엄청난 리소스를 소모하게 만드는 파일을 이용한 공격입니다. 여러겹의 파일 구조를 가지는 Zip 파일을 만들고 이를 해제하는 컴퓨터에 리소스를 크게 사용하는 방법으로 Zip을 해제하는 기능을 가진 소프트웨어는 체크가 필요한 공격입니다. 압축을 해제하는 디바이스 (모바일, PC 등) 서버 내 처리를 위해 Decompression 하는 경우 PK헤더를 사용하는 포맷(e.g Office의 OXML)을 처리하는 도구들 가장 간단한 방법으론 여러 파일과 디렉토리를 포함한 Zip을 만드는 방법이 있고, 재귀를 이용한 벙법이나 파일 헤더와 내용을 겹쳐쓰는 방식으로 만들어진 Zip Bomb 들이 존재합니다. 10MB의 Zip Bomb 파일이 있을 때 압축을 풀면 281TB의 사이즈를 가지는 경우도 있습니다. 유사한 형태의 공격으로 Compiler Bomb란 공격도 있은 참고하시면 좋을 것 같습니다. 🗡 Offensive techniques Detect 압축 해제 시 발생하는 문제이기 때문에 압축 파일을 다루는 서비스의 기능이나 API, Application은 모두 테스팅의 대상이 됩니다. 서비스 내부에서 Zip과 같은 압축 파일을 처리하는지 확인합니다. 만약 해당 구간이 있다고 판단된다면 Zip bomb를 식별하고 대응하는지 악의적인 파일을 만들어 테스트해볼 수 있습니다. Exploitation Zip-Bomb는 DOS와 같이 가용성에 영향을 주는 공격입니다. 하나의 파일 또는 HTTP Request로 서버의 리소스를 과도하게 사용하여 서비스 전반적으로 영향을 주거나, 파일 시스템에 문제를 일으켜 시스템에 대해 반영구적으로 피해를 줄 수도 있습니다. 시스템의 구성에 따라서 아래와 같은 악용 시나리오들이 존재합니다. 컴퓨팅 자원을 대량으로 소모하여 다른 기능에 영향을 끼침 컴퓨팅...

In this blog we'll look at what it takes to construct an in-memory loader for Mach-O bundles within MacOS Ventura without using dyld. We'll walk though the lower-level details of what makes up a Mach-O file, how dyld processes load commands to map areas into memory, and how we can emulate this to avoid writing payloads to disk.

I have documented all of the AMSI patches that I learned till now

Poor (rich?) man's bug bounty pipeline https://dubell.io

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […]

Back in 2015 I helped record a course in security economics in a project driven by colleagues from Delft. This was launched as an EDX MOOC as well as becoming part of the Delft syllabus, and it has been used in many other courses worldwide. In Brussels, in December, a Ukrainian officer told me they … Continue reading Security economics course →

😱 Panic messages for humans.

A Rust implementation of Glidesort, my stable adaptive quicksort/mergesort hybrid sorting algorithm.

Compile a Node.js project into a single file. Supports TypeScript, binary addons, dynamic requires.

1. Introduction
We have learnt some kernel PWN techniques and cases. The exploitations and mitigations bypassing are always charming, while mitigations evolve as well. In this post, we will talk about the ret2dir technique, which leverages the functionality of physmap to place attack-controlled payload in kernel, bypassing existing ret2usr defenses like SMEP, SMAP, PXN, KERNEXEC, UDEREF and kGuard.
ret2dir is first published by Vasileios P. Kemerlis, Michalis Polychronakis and Angelos D. Keromytis in [their paper](Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis) in 2014. Hence, this post serves as a reading note for this paper as well.
After ret2dir was published, some articles (e.g., this one and this one) pointed out that it is not a big threat. Their arguments are:
x86(v4.6) and arm64(v4.9) have made all kernel memory X^W, which means attacker can not execute shellcode located in physmap in kernel context any longer, but only place ROP chain there.
As one of the article authors said, ev

Zscaler’s ThreatLabz research team diligently monitors and tracks active threat campaigns globally to rapidly detect new developments and proactively safeguard Zscaler customers. The seven case studies that follow provide an in-depth analysis of the AveMaria infostealer attack chain and how it has been shifting over the past six months.
Key Takeaways
AveMaria is a Remote Access Trojan (RAT) infostealer malware that targets sensitive data with added capabilities of remote camera control and privilege escalation. This stealer has been growing in popularity among threat actors since appearing in December of 2018. Over the past six months, researchers have observed significant changes and additions to the execution stages and Tactics, Techniques, and Procedures that characterize an AveMaria attack. AveMaria attacks are initiated via phishing emails, once the dropped payload infects the victim’s machine with the malware, it establishes communication with the attacker’s Command-and-Control (C2) server on non-HTTP p

Guide to using YubiKey for GPG and SSH

[GitHub]Payload generator and extractor for CVE-2022-44268 written in Python.