May 27, 2022

                May 27, 2022

            May 27, 2022

            I was on a Ukrainian cyber security podcast Sunday 22nd. It was a great discussion and a few interesting things came up. Check it out at No Name Podcast:
No Name Podcast @no_podcast
No Name Podcast with the Grugq nonamepodcast.orgNo Name Podcast with the Grugq | No Name PodcastThe first episode in the international series of No Name Podcast. Our first guest is the Grugq, and we discuss tech and politics of cyberwar, opsec, and a lot more.6:58 AM ∙ May 26, 2022
11Likes5Retweets
-
Free auditing course
raptor @0xdeaThe "Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities" free course by @XenoKovah and @glitchnsec looks pretty slick.

All beginner code auditors should check it out!

p.ost2.fyi/courses/course… 
3:21 PM ∙ May 26, 2022
64Likes13Retweets
-
Everyone does covert action. Not everyone does it well.
Rory Cormac @RoryCormac
This one time North Korea forged an entire edition of @thetimes. It was all exactly the same as the original but they replaced six columns of Cricket News with a speech commemorating the founding of North Korea

The Brits noticed. Don’t mess with the cricket news 🤣 😂 
10:54 AM ∙ May 26, 2022
24Likes6Retweets
-
Cool research is always good.
Alexander Popov @a13xp0p0vMy new article about hacking the Zircon microkernel of Fuchsia OS

"A Kernel Hacker Meets Fuchsia OS"
swarm.ptsecurity.com/a-kernel-hacke…

🟪 Fuchsia security architecture
🟪 My exploit dev experiments for the Zircon microkernel
🟪 PoC attack planting a rootkit into the microkernel

Enjoy! 
PT SWARM @ptswarm📝New research by @a13xp0p0v: "A Kernel Hacker Meets Fuchsia OS"

Fuchsia OS is based on the Zircon microkernel and developed by Google. Alexander assessed it from the attacker's point of view.

Read the article: https://t.co/meuKtNLChu4:27 PM ∙ May 24, 2022
241Likes100Retweets-
The V8 engine is being hardened to make it harder to exploit.
Samuel Groß @5aelo
Here's the link to the public high-level overview document for the sandbox: docs.google.comV8 Sandbox - High-Level Design DocV8 Sandbox Aka. “Ubercage” Author: saelo@ First Published: July 2021 Last Updated: February 2022 Status: Draft Visibility: PUBLIC This document is part of the V8 Sandbox Project and covers the high-level design of the sandbox. Summary Objective: build a low-overhead, in-process sandbox for V8. ...4:35 PM ∙ May 26, 2022
76Likes7Retweets
-
Russell @RussellHFilm
just discovered the joy of watching movies through Snapchat filters 
4:13 AM ∙ May 26, 2022
23,349Likes3,783Retweets
-
PsyWar.Org 🇺🇦🌻 @psywarorg
Posters from Kherson. 
7:48 PM ∙ May 26, 2022
30Likes6Retweets
-
Hackity hack.
/r/redteamsec @r_redteamsecWe Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere reddit.com/r/redteamsec/c… #redteamsec
reddit.comr/redteamsec - We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere25 votes and 0 comments so far on Reddit4:50 PM ∙ May 26, 2022
25Likes9Retweets
-
The length of 🤦‍♂️

https://hsivonen.fi/string-length/

-
Worth a read.
Andrew Gelman et al. @StatModeling
The worst of both worlds: A comparative analysis of errors in learning from data in psychology and machine learning statmodeling.stat.columbia.eduThe worst of both worlds: A comparative analysis of errors in learning from data in psychology and machine learning | Statistical Modeling,…8:40 PM ∙ May 26, 2022
65Likes21Retweets
-
redrain @rootredrain
A New Exploit Method for #CVE20213560 PolicyKit PE published from @ykco_z
noahblog.360.cnA New Exploit Method for CVE-2021-3560 PolicyKit Linux Privilege EscalationChinese Version: http://noahblog.360.cn/a-new-exploit-method-for-cve-2021-3560-policykit-linux-privilege-escalation 0x01. The VulnerabilityPolicyKit CVE-2021-3560 is caused by PolicyKit’s incorrect handling error, after closing the program immediately after sending the D-Bus message, PolicyKit mista…9:29 AM ∙ May 27, 2022
62Likes28Retweets
-
Learn something 
yed @fareedfauzi
Here some good sources to learn malware development.

0xpat.github.io - Windows malware dev
xcellerator.github.io/categories/lin… - Linux Rootkit malware dev
cocomelonc.github.io - Windows malware dev

Huge thanks to all the blog authors
cocomelonc.github.iococomeloncCybersec, pentest, red team, hacking12:51 PM ∙ May 26, 2022
339Likes133Retweets
-
Cool work.
Benny Zeltser @benny_zeltser
I'm thrilled and excited to share that our research "RingHopper – Hopping from User-space to God Mode" was accepted at #BHUSA 2022 and will premier at 
@BlackHatEvents
 this August! 
Check out the abstract: blackhat.comBlack HatBlack Hat11:43 AM ∙ May 26, 2022
44Likes11Retweets
-
Exploit technique 
raptor @0xdeaInteresting xdev technique: ret2dl_resolve

syst3mfailure.ioRet2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF BinariesIn this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when is possible to use this technique without a leak, and finally we will build our exploit.8:21 AM ∙ May 27, 2022
32Likes6Retweets-
APT vs gambling sites. Fight!
Caitlin @TheGamblingBird
Interesting spotlight on an APT that targets the gambling industry for my poker friends: trendmicro.comExposing Earth Berberoka: A Multiplatform APT Campaign Targeting Online Gambling SitesOur research uncovers the tools and techniques used by Earth Berberoka across different platforms to target online gambling sites.11:36 AM ∙ May 27, 2022
1Like1Retweet
-
Cool project alert.

https://margin.re/blog/cannoli-the-fast-qemu-tracer.aspx

-
History of the Ghost in the Shellcode CTF days.

https://www.notcheckmark.com/2022/05/ghost-in-the-shellcode/

Don't miss what's next. Subscribe to the grugq's newsletter: