Let’s talk a bit about why we want to encrypt heap allocations. Something I’m not going to go into too deeply is the difference between the stack and the heap. The stack is locally scoped and usually falls out of scope when a function completes. This means items set on the stack during the run of a function fall off the stack when the function returns and completes; this obviously isn’t great for variables you’d like to keep long term in memory. This is where the heap comes in. The heap is meant to be more of a long-term memory storage solution. Allocations on the heap stay on the heap until your code manually frees them. This can also lead to memory leaks if you continually allocate data onto the heap without ever freeing anything. Hook Heaps and Live Free
Notes
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public. We have notified the limited subset of customers that we believe are at risk due to this and we will continue to work with our customers on securing their applications. Azure App Service Linux source repository exposure
You almost certainly have Apache httpd in your network somewhere. Just like Log4j, httpd has a habit of getting itself quietly included into software projects, for example as part of an internal service that works so well that it rarely draws attention to itself, or as a component built unobtrusively into a product or service you sell that isn’t predominantly thought of as “containing a web server”. Apache’s other product: Critical bugs in ‘httpd’ web server, patch now
For all the great riches and wonders in cities, there’s equal poverty and suffering.
objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Supports both iOS and Android.
- Inspect and interact with container file systems.
- Bypass SSL pinning.
- Dump keychains.
- Perform memory related tasks, such as dumping & patching.
- Explore and manipulate objects on the heap.
- And much, much more …
How to install Windows 10 Home with a local account (not a Microsoft account): disable Internet connectivity.
Exploit to use in Metasploit, allows attackers to get Remote Code Execution through Microsoft Office Word by injecting malicious code in the file. CVE-2021-40444 Microsoft Office Word MSHTML Remote Code Execution Exploit
YARA rule to detect the presence of Log4j:
↳ https://github.com/bi-zone/Log4j_Detector
How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228):
↳ https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/
Sitting on a rooftop above a crowded city late at night watching millions of lives unfold in miniature beneath.
I finished the Terry Davis quotes page, if you’re interested check it out.
We are haunted by visions of the future that were created in the past.
Mankind has a tendency to not accept what it cannot control. Our politicians and virologists often said something along the lines: “we need to do X to keep control of the situation”. In the end we never were in control of the situation but people cannot accept that.
Most of the measures we took were nothing more than modern day rain dances. Feeble attempts by humans arrogant enough to think they could defeat or control a natural phenomenon that is well beyond ours to control.
All in all, we have found CoinHelper bundled with over 2,700 different games, utilities, applications, security programs, and operating system images. Since the beginning of 2020, we have seen more than 220,000 attempts to infect Avast users with CoinHelper. The most-attacked country we saw was Russia which accounted for 83,000, or 38% of the attacks. Ukraine was the second most attacked country, with 42,000 or 19% of the attacks. CoinHelper hides in repackaged installers of software, Windows 11, games, and antivirus
CVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)
On Windows operating systems, svchost.exe manages the services and services are actually running under
svchost.exe’s as threads. Phant0m targets theEvent Logservice and finding the process responsible for theEvent Logservice, it detects and kills the threads responsible for the Event Log service. Thus, while the Event Log service appears to be running in the system (because Phant0m didn’t kill process), it does not actually run (because Phant0m killed threads) and the system does not collect logs. Phant0m | Windows Event Log Killer
Google has removed The Pirate Bay and more than 100 related domains from its search results in the Netherlands. The search engine points to a local pirate site-blocking order that was forwarded by anti-piracy group BREIN. The order targets ISPs and doesn’t name Google but the company chose to voluntarily comply. Google has removed The Pirate Bay and more than 100 related domains from its search results in the Netherlands
→ in reply to @note#1638427270
Moral of the story being: if you do the crime, don’t visit USA.
According to court documents, Grichishkin was a founder and leader of a bulletproof hosting organization that rented internet protocol (IP) addresses, servers, and domains to cybercriminal clients who employed this technical infrastructure to disseminate malware that allowed them to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims. Russian Man Sentenced for Providing ‘Bulletproof Hosting’ for Cybercriminals
→ in reply to @twittersafety
Twitter will not allow sharing of images without subject’s consent. If that’s good or bad, I’ll let you decide.
