Over last few years we moved away from a SOC that used to be almost solely focused on Network and Windows events and artifacts (probably a strong fintech bias here) […]  ( 21 min )

Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn found in the Linux kernel's memory management (MM) subsystem that leads to a use-after-free on struct anon_vma. As the bug is very complex (I certainly struggle to understand it!), a future blog post will describe the bug in full. For the time being, the issue tracker entry, this LWN article explaining what an anon_vma is and the commit that introduced the bug are great resources in order to gain additional context. Setting the scene Successfully triggering the underlying vulnerability causes folio->mapping to point to a freed anon_vma object. Calling madvise(..., MADV_PAGEOUT)can then be used to repeatedly trigger accesses to the freed anon_vma in foli…  ( 14 min )

Welcome back to Pwn2Own Toronto! Yesterday, we awarded another $281,500 for 17 unique bugs across multiple categories. That brings our two-day total to $681,250 awarded for 46 unique 0-days. Today’s highlights include more attempts at the Samsung Galaxy, entries in the SOHO Smashup category, and more smart speaker. We’ll be updating this blog with results throughout the day. Results current as of 18:30. All times Eastern (GMT-5). All denominations are in USD. SUCCESS - On the first success of Day 3, Team Viettel was able to execute their OS Command Injection attack against the WD My Cloud Pro Series PR4100 in the NAS category. They earn $20K and 4 Master of Pwn points. BUG COLLISION - STAR Labs was able to execute their SOHO SMASHUP attack on the 3rd and final try against the Synology ro…

Learn how to gather access keys for App Configuration resources and how to use those keys to access the configuration key-value pairs. The post How to Gather Azure App Configurations appeared first on NetSPI.  ( 13 min )

Cloud technology has afforded organizations the ability to operate dynamically and build new technologies quickly while keeping costs low. However, as organizations move away from on-premises IT infrastructure, they may lose visibility into their new cloud-based assets.  Cloud environments, such as the big three cloud providers (Amazon, Google and Microsoft), vastly differ from provider to […] The post Untangling Your Cloud Assets with Offensive Security Testing appeared first on Synack.  ( 5 min )

Smart App Control is a new security solution from Microsoft built into Windows 11 22H2. It aims to add a protective layer against ransomware by complementing Microsoft Defender's other security features like SmartScreen or Controlled Folder Access. However, it has some notable limitations that may be a dealbreaker for most organizations. Smart App Control: Protect Windows 11 against ransomware first appeared on 4sysops.  ( 34 min )

By Tom Malcolm, University of Queensland, Australia Smart contract fuzzing is an effective bug-finding technique that is largely used at Trail Of Bits during audits. During my internship at Trail of Bits, I contributed to expand our fuzzing capabilities by working on Hybrid Echidna, a “hybrid fuzzer” that couples our smart contract fuzzer, Echidna, with […]  ( 11 min )

If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the API used in Burp Suite Professional and Burp Suite Community Edition. The new API is codenamed "M  ( 3 min )

Welcome back to Pwn2Own Toronto! Yesterday, we awarded $400,000 for 26 unique 0-days. We saw the Samsung Galaxy exploited twice and two successful demonstrations in the SOHO Smashup category. Today’s event’s look to be just as exciting. We’ll be updating this blog with results throughout the day. Results current as of 18:30. All times Eastern (GMT-5). All denominations are in USD. SUCCESS - for the first attempt of Day 2, ANHTUD Information Security Department was able to execute exploits against 2 bugs (one being a stack-based buffler overflow) on a HP Color LaserJet Pro M479fdw in the Printer category. They earn $10K and 2 Master of Pwn points. We are not camera shy here at Pwn2Own! BUG COLLISION - PHPHooligans was able to execute 2 exploits against the WAN interface of the NETGEAR RAX…

Considering that many Microsoft enterprise products rely on SQL Server, many admins face the task of copying the SQL Server database if new server hardware is deployed or when an upgrade of the SQL version is necessary. As an example, I will copy a SQL Server database hosted on SQL Server 2016 to a SQL Server 2022 system. Copy SQL Server database first appeared on 4sysops.  ( 34 min )

Finding vulnerabilities, hacks, exploits, and full root access are goals for security engineers when they begin to assess a device, right? But when working with hardware, you cannot simply dive into the hacking on day one. Your exploits will only be as successful as the setup work you’ve done! This post will discuss the process […] The post Instrumenting an Automotive Module for Bench Testing appeared first on Praetorian.  ( 11 min )

Welcome to the first day of Pwn2Own Toronto for 2022. We’ll be updating this blog in real time as results become available. Even though we have an unprecedented number of entries this year, we are going to buy all additional rounds that have entered the competition.  The first winner on each target will receive the full cash award and the devices under test. For the second and subsequent rounds on each target, all other winners will receive 50% of the prize package, however, they will still earn the full Master of Pwn points. Results current as of 19:30 Eastern SUCCESS - To start off the competition with a bang, Nettitude was able to execute their Stack-based Buffer Overflow attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $20K and 2 Master of Pwn points. S…

Welcome to Pwn2Own Toronto 2022! his year marks the 10th anniversary of our consumer-focused version of the contest, and we plan on celebrating by putting some amazing research on display. For this year’s event, we have 26 contestants and teams attempting to exploit 66 targets across multiple categories. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here. Due to the number of entries, we will be running multiple attempts simultaneously and extending the contest to four days. The complete schedule for the contest is below (all times Eastern [GMT -5:00]). Note: All times subject to change Tuesday, December 6 - 0930 Nettitude targeting the Canon imageCLASS MF743Cdw in the Printer category Qrious Secure ta…

A support ticket came in recently, in which a client asked whether they needed to upgrade their Microsoft 365 license to encrypt email in Outlook. Encrypt email in Outlook with Microsoft 365 first appeared on 4sysops.  ( 33 min )

In your cybersecurity practice, do you ever worry that you’ve left your back door open and an intruder might sneak inside? If you answered yes, you’re not alone. The experience can be a common one, especially for security leaders of large organizations with multiple layers of tech and cross-team collaboration to accomplish live, continuous security […] The post Worry-free Pentesting: Continuous Oversight In Offensive Security Testing appeared first on Synack.  ( 6 min )

During the summer of 2022, Google engaged NCC Group to conduct a security assessment of the Confidential Space product. The system provides a confidential computing environment that allows cloud customers to run workloads in the cloud that can be attested to run a specific payload with high assurances that the workload was not and cannot … Continue reading Public Report – Confidential Space Security Review →  ( 5 min )

SANS’s annual festive gift to the cyber community is back with a new supervillain to thwart.  ( 11 min )

Have you ever heard about Prompt Injection Attacks[1]? Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning.  This vulnerability was initially reported to OpenAI by Jon Cefalu (May 2022)[2] but it was kept in a responsible disclosure status until it was … Continue reading Exploring Prompt Injection Attacks →  ( 14 min )

The vSphere 8 release includes many new features that are exposed in the new vCenter Server 8 and ESXi 8 releases. With the release of vSphere 8, many organizations will look at upgrading to the latest VMware vSphere. New features in VMware vSphere 8 first appeared on 4sysops.  ( 33 min )

A colleague asked me for help with extracting code signing certificates from malicious files, to add them to Defender’s block list. The procedure involves right-clicking the EXE in Windows Explorer, selecting properties to view the digital signature, and so on … But I don’t like procedures where one has to click on malware. So I […]  ( 9 min )

This year, SANS hosted 13 Summits with 246 talks. Here were the top-rated talks of the year.

This is a small update to add the lineNumber variable. python-per-line_V0_0_9.zip (http)MD5: CD9FC344E4C5F649E4043BD703CDCA52SHA256: BD6713A7DF86AC75ADC2A6742A453919F56583D8CC5EB3B82B736608D2A52619  ( 9 min )

If you ever used shellcode_hashes IDA plugin from Mandiant, you probably have also used make_sc_hash_db.py before. But, if you haven’t, this post is for you. The focus of the article […]  ( 18 min )

Here is an overview of content I published in November: Blog posts: Quickpost: Testing A USB Fridge Update: pdf-parser.py Version 0.7.7 Update: oledump.py Version 0.0.71 Quickpost: Testing A USB Fridge (Update) Update: what-is-new.py Version 0.0.2 YouTube videos: Extracting Information From “logfmt” Files With CyberChef Extracting Information From “logfmt” Files With InteractiveSieve Videoblog posts: Extracting Information […]  ( 9 min )

I love environmental variables. They are often post-worthy, and sometimes they are just simply cool. Yet, many are still not known. Many are still not described. Looking for ‘easy’ research […]  ( 18 min )

After reading this post about ChatGPT imitating Linux, I wanted it to be a database server. Let’s try it out! Imagine you are a Microsoft SQL Server. I type commands, and you reply with the result, and no other information or descriptions. Just the result. Start with exec xp_cmdshell ‘whoami’; Wow, this looks like a promising start. And, it “thinks” that it is running as LOCAL SYSTEM - quite funny actually.  ( 2 min )

If you to want to upload an on-premises Hyper-V VM to the cloud to create a custom Azure image containing all your business applications in a preconfigured state, this post will help you. Create a custom Azure image first appeared on 4sysops.  ( 36 min )

Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoint Manager. However, after doing some research … Continue reading Can we block the addition of local Microsoft Defender Antivirus exclusions? →  ( 9 min )

Rightly or wrongly there’s plenty of fear, uncertainty, and downright doom associated with the IoT and devices. So, is it safe to buy these things as gifts or even as […] Consumer advice for buying smart IoT devices this Christmas first appeared on Pen Test Partners.  ( 7 min )

Okay, you got your favorite agent running on the target machine. You did a process listing, but nothing interesting popped out. You searched through every possible thing, even the trash bins to find…  ( 12 min )

Who are you? My name is Raviraj; I'm from Gujarat, India. I go by the handle, Emperor. My handle came from an anime called "Kuruko no Basuke." It r  ( 10 min )

¡Bienvenidos de nuevo a Miami! Even as we make our final preparations for our consumer-focused contest in Toronto, we’re already looking ahead to warmer climes and returning to the S4 Conference in Miami for our ICS/SCADA-themed event. Pwn2Own returns to South Beach on February 14-16, 2023, and for this year’s event, we’ve refined our target list to include the latest trends in the ICS world. As we did last year, we’ll have contestants both in person and around the world demonstrating the latest exploits on OPC Unified Architecture (OPC UA) Servers, OPC UA Clients, Data Gateways, and Edge systems. Our inaugural Pwn2Own Miami was held back in January 2020 at the S4 Conference, and we had a fantastic time as we awarded over $280,000 USD in cash and prizes for 24 unique 0-day vulnerabilities.…

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.  ( 10 min )

An elusive APT is attacking telcos, ISPs and Universities with custom backdoors and attack chains designed to bypass native security solutions.  ( 21 min )

The new FSLogix version, which was released in October, introduces a long-awaited feature: VHDX compaction. FSLogix is a standalone product acquired in late 2017 by Microsoft for profile management and application masking features. It is primarily used in virtual desktop or RDSH solutions to provide users with a persistent experience in nonpersistent environments. FSLogix VHDX compaction: Resize virtual disks first appeared on 4sysops.  ( 36 min )

It is common for organizations to host websites and other resources that may be accessible from external and internal clients on the LAN. Traditionally, organizations may have maintained two different DNS servers for this reason. Microsoft's split-brain DNS deployment using DNS policy helps consolidate these resources using Active Directory-integrated zones. Split-brain DNS deployment using Windows Server DNS policy first appeared on 4sysops.  ( 33 min )

We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vu  ( 5 min )

About the CTF  Flag Hunt 2022 CTF was the first ever two-stage event in Bangladesh, where the qualification round took place online among 159 te  ( 8 min )

Get a CISO's perspective on testing your security defenses against real-world ransomware playbooks.  ( 11 min )

Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product. Our red team requested this feature as a way to identify NTLM authentication endpoints exposed over HTTP that they could potentially leverage for password spraying attacks […] The post Automating the Discovery of NTLM Authentication Endpoints appeared first on Praetorian.  ( 7 min )

In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s  ( 6 min )

By Opal Wright Zero-knowledge (ZK) proofs are useful cryptographic tools that have seen an explosion of interest in recent years, largely due to their applications to cryptocurrency. The fundamental idea of a ZK proof is that a person with a secret piece of information (a cryptographic key, for instance) can prove something about the secret […]  ( 16 min )

Many websites ask users whether they want to receive notifications. In managed environments, this feature can be disabled via group policies. Both Chromium-based browsers and Firefox allow whitelisting and blacklisting of such websites. Block notifications in Chrome, Edge, and Firefox first appeared on 4sysops.  ( 32 min )

This step-by-step guide explains how to install the unified CloudWatch agent on Windows on EC2 Windows instances. This allows you to monitor logs and guest OS metrics. In the example here, I will show you how we can monitor IIS with CloudWatch. Install the unified CloudWatch agent on Windows EC2 instances first appeared on 4sysops.  ( 34 min )

Welcome back! In this blog entry we’ll be facing off with Microsoft’s Defender For Endpoint EDR once again to see if we can go from a low…  ( 13 min )

Secure Socket Layer (SSL) and Transport Layer Security (TLS, which builds on the now deprecated SSL protocol) allow you to encrypt Microsoft SQL Server network communication, which is essential for your security. In this post, you'll learn how to enable TLS on your SQL Server. Enable TLS on SQL Server first appeared on 4sysops.  ( 36 min )

You may be familiar with the Conditional Access policy feature in Azure AD as a means to control access to your tenant. In addition to granting or blocking access to the tenant as a whole, it is possible to restrict certain user actions. One important action you should consider controlling is from where a user can enroll in multifactor authentication (MFA). Restricting registration to Azure AD MFA from trusted locations with Conditional Access policy first appeared on 4sysops.  ( 32 min )

After nearly four years into my role, I am stepping down as NCC Group’s SVP & Global Head of Research. In part just for myself, to reflect on a whirlwind few years, and in part as a thank you and celebration of all of the incredible researchers with whom I have had the privilege of … Continue reading So long and thanks for all the 0day →  ( 20 min )

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications. ManageEngine recently patched a SQL injection vulnerability bug in their Password Manager Pro, PAM360, and Access Manager Plus products. The vulnerability is due to improper validation of resource …

[…]  ( 8 min )

The two most common protocols for monitoring Microsoft products are Simple Network Management Protocol (SNMP) and Windows Management Instrumentation (WMI). They are both natively supported in Windows and Windows Server, and neither one requires you to install third-party add-ons to start monitoring. This article explains the difference between the two protocols and helps you choose the one that works better for your scenario. SNMP vs WMI for Windows monitoring first appeared on 4sysops.  ( 33 min )

This update of what-is-new-.py, my tool that reports what lines inside files are new (e.g., never seen before) has a new option: -a –action. It allows me to launch a command when something new is detected. I use this for example to be alerted via TelegraM; More details in an upcoming blog post. what-is-new_V0_0_2.zip (http)MD5: […]  ( 9 min )

@import url('https://themes.googleusercontent.com/fonts/css?kit=OPeqXG-QxW3ZD8BtmPikfA');.lst-kix_9apzkelodq30-0>li:before{content:"\0025cf "}ul.lst-kix_9apzkelodq30-6{list-style-type:none}ul.lst-kix_9apzkelodq30-7{list-style-type:none}ul.lst-kix_9apzkelodq30-4{list-style-type:none}ul.lst-kix_9apzkelodq30-5{list-style-type:none}ul.lst-kix_9apzkelodq30-2{list-style-type:none}ul.lst-kix_9apzkelodq30-3{list-style-type:none}ul.lst-kix_9apzkelodq30-0{list-style-type:none}.lst-kix_9apzkelodq30-6>li:before{content:"\0025cf "}ul.lst-kix_9apzkelodq30-1{list-style-type:none}.lst-kix_9apzkelodq30-5>li:before{content:"\0025a0 "}.lst-kix_9apzkelodq30-3>li:before{content:"\0025cf "}.lst-kix_9apzkelodq30-7>li:before{content:"\0025cb "}.lst-kix_9apzkelodq30-4>li:before{content:"\0025cb "}.lst-kix_9a…  ( 9 min )

Microsoft will enable the new number matching feature by default in February 2023. Number matching for Azure AD MFA is almost the reverse of the multi-factor authentication you know. With number matching, a number is displayed to a user when they sign in, and instead of entering this number on the device, they log in to confirm the number on the MFA device. Temporary Access Pass is another feature that allows you to help end users who are unable to meet sign-in criteria. Azure AD MFA with number matching and temporary access passes first appeared on 4sysops.  ( 34 min )

The new version of the FOR500: Windows Forensics Poster was a nearly complete re-write of the poster with significant updates made to every section.  ( 8 min )

First things first: there is now a specification for the jq255e and jq255s elliptic curves; it is published on the C2SP initiative and is formally in (draft) version 0.0.1: https://github.com/C2SP/C2SP/blob/main/jq255.md The jq255e and jq255s groups are prime-order groups appropriate for building cryptographic protocols, and based on elliptic curves. These curves are from the large class … Continue reading A jq255 Elliptic Curve Specification, and a Retrospective →  ( 13 min )

Read this medium risk advisory to learn details about CVE-2022-3402.  ( 6 min )

As more organizations move to hardware tokens and password-less auth (e.g. Yubikeys, Windows Hello,…) attackers will look for other ways to to trick users to gain access to their data. One novel phishing technique is by using the OAuth2 Device Authorization Grant. This post describes how it works with Microsoft AAD as example. Attacker initiates the phishing flow The attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.  ( 2 min )

Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants. A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD. To learn more about ROPC, check out the previous post about the topic. This post focuses on the ropci features that can be leveraged post-exploitation.  ( 7 min )

VMware recently announced the licensing terms, editions, and pricing of vSphere 8. All components, including ESXi, vCenter, and vSAN, are still available via perpetual licenses. However, the vendor announced a switch to subscriptions, which will be made more attractive through a subscription upgrade program. VMware vSphere 8: Editions, licensing, and pricing first appeared on 4sysops.  ( 34 min )

A few days ago Brian Krebs published a piece about Zeppelin key cracking, so … since I was also involved in recovering files for some of the ransomware gang victims […]  ( 18 min )

This one is a curious one. I actually don’t know how to trigger it! Yet, I will document some bits and bobs, so that you may take these entry points […]  ( 18 min )

You can use PowerShell to find and remove duplicate files that are only wasting valuable storage. Once you identify duplicate files, you can move them to another location, or you might even want to permanently remove all duplicates. Find and remove duplicate files with PowerShell first appeared on 4sysops.  ( 37 min )

Nikhil Srivastava is a member of the Synack Red Team and co-founder of Bsides Ahmedabad. An Account Takeover (ATO) is an attack whereby attackers take ownership of online accounts using several methods. It is unfortunately more common than you’d think, despite all the warnings to create complex passwords, avoid phishing emails and use multi-factor authentication. […] The post Account Takeovers:  Believe the Unbelievable appeared first on Synack.  ( 8 min )

Why Now? Hive is not a new problem. It first surfaced in 2021 but it’s becoming a much bigger issue now. This is due to a growing number of affiliates […] Hive Ransomware is on the rise. How should you deal with it? first appeared on Pen Test Partners.  ( 9 min )

With the procedure described in this post, you can ensure that only devices with an assigned Microsoft 365 compliance policy are able to sign in. This way, you will significantly improve the security of your Microsoft 365 deployment. Microsoft 365 compliance policy: Control access with compliant devices first appeared on 4sysops.  ( 33 min )

Summary NXP System-on-a-Chip (SoC) fuse configurations with the SDP READ_REGISTER operation disabled (SDP_READ_DISABLE=1) but other serial download functionality still enabled (SDP_DISABLE=0) can be abused to read memory contents in warm and cold boot attack scenarios. In lieu of an enabled SDP READ_REGISTER operation, an attacker can use a series of timed SDP WRITE_DCD commands to … Continue reading Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) →  ( 15 min )

In this blog, learn how veterans bridge the career gap between active duty service and civilian cybersecurity.  ( 9 min )

Early this Summer, we shared our thoughts on the industry-wide shortage of cybersecurity talent to meet an ever-growing demand. One aspect of this phenomenon that we did not touch on in that post was the gender gap within the cybersecurity community, about which the World Bank hosted a Spring conference . While 50 percent of […] The post People Are People: Gender Equality at Praetorian appeared first on Praetorian.  ( 5 min )

Satellite communications are an integral part of many Industrial Control Systems, but their usage in critical infrastructure continues to be misunderstood.  ( 20 min )

If you need to download files regularly from an FTP server, Windows offers two onboard tools to automate this process. These are ftp.exe and curl, which was added just recently. For the latter, you only need one command; for FTP, you can use whole scripts. Automate file downloads with Windows FTP or curl first appeared on 4sysops.  ( 32 min )

The ethical hacker community is one of the most powerful security resources available to any organization. We’ve worked with this community firsthand for the last decade and have witnessed their effectiveness and ingenuity. We’ve also learned a lot while helping organizations engage the world’s largest community of ethical hackers.  Today, we’re pleased to announce a new tool to align your program with the state-of-the-art and signal your program maturity: Program Levels, a structured framework that lets programs level up by publicly committing to certain best practices.  ( 7 min )

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately submitted to Microsoft. They patched both bugs along with several other Exchange vulnerabilities in the November Patch Tuesday release. It is a beautiful chain, with an ingenious vector for gaining remote code execution. The tricky part is that it can be exploited in multiple ways, making both mitigation and detection harder. This blog post is divided into two main parts: ·       Part 1 – where we review details of the good old ProxyShell Path Confusion vulnerability (CVE-2021-34473), and we sh…

SANS experts give an update on the five attack techniques shared at RSA Conference 2022.  ( 12 min )

Lateral movement is extremely important for any red team engagement. Getting your initial shell is great, but if you can’t move off the box…  ( 9 min )

What Is a Bug Bounty Program?  The concept of bug bounty programs is simple. You allow a group of security researchers, also known as ethical hackers, to access your systems and applications so they can probe for security vulnerabilities – bugs in your code. And you pay them a bounty on the bugs they find. […] The post What’s Wrong with Bug Bounty Programs? appeared first on Synack.  ( 7 min )

HackerOne sat down with Wendy Ng, Principal Cloud Security Architect at OneWeb, to talk about their experience with their private HackerOne bug bounty program.  ( 8 min )

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose  ( 6 min )

TL;DR: Trail of Bits has developed abi3audit, a new Python tool for checking Python packages for CPython application binary interface (ABI) violations. We’ve used it to discover hundreds of inconsistently and incorrectly tagged package distributions, each of which is a potential source of crashes and exploitable memory corruption due to undetected ABI differences. It’s publicly […]  ( 16 min )

Are backups required for Microsoft 365? We look at the reasons you should back up your Microsoft 365 data and the new Veeam Backup for Microsoft 365 v6 features to protect your M365 data. Veeam Backup for Microsoft 365—Why you need to back up your M365 data first appeared on 4sysops.  ( 35 min )

No content preview

Over the years, we’ve built many high-impact tools that we use for security reviews. You might know some of them, like Slither, Echidna, Amarna, Tealer, and test-fuzz. All of our tools are open source, and we love seeing the community benefit from them. But mastering our tools takes time and practice, and it’s easier if […]  ( 7 min )

PsInfo, a command-line tool that is part of the Sysinternals suite, gets key information about Windows systems, such as the type of installation, available disk space, installed applications, kernel build number, uptime, registered owner, and the number of processors. PsInfo: Get disk space, installed applications, and other information about local and remote Windows systems first appeared on 4sysops.  ( 34 min )

SANS Cybersecurity Blog pertaining to a summary of the SANS Pen Test HackFest Summit 2022  ( 9 min )

Amazon provides three ways you can access and manage Amazon Web Services: AWS Management Console, AWS Command Line Interface (AWS CLI), and software development kits (SDKs). Our focus here will be on the software development kit using the Go programming language. We will look at what the SDK actually is and how to get up and running with installation and AWS account access. As an example, we will use the Go AWS SDK to create an S3 bucket. A Go AWS SDK example first appeared on 4sysops.  ( 36 min )

I performed some extra tests with my USB fridge (see Quickpost: Testing A USB Fridge). Here is how the temperature evolved when I put a can with cold water (around 12° C) in the USB fridge: The temperature increased around 2° C over a period of 12 hours (room temperature was around 17 °C). That […]  ( 9 min )

Changing passwords regularly is no longer recommended, and the Security Baseline for Windows doesn't include a corresponding setting. Nevertheless, in certain situations, it can be important to know how old the user's passwords are. You can easily find this out with PowerShell. When did users last change their password in Active Directory? first appeared on 4sysops.  ( 32 min )

A new plugin and an updated plugin. Plugin plugin_dttm is a plugin for Word documents: it searches for Dop structures. They contain DTTM timestamps. And plugin plugin_metadata has been updated to parse digital signatures (option -s). oledump_V0_0_71.zip (http)MD5: BA1142136F28DB218BADEAA642EA0EA9SHA256: FA09766D138A1AA60523B487D947BF29222D409CF1FCE078DE61BF62768A5950  ( 9 min )

After a while, I’m publishing a blog post which made me interested. With the recent tweets about the uncodumented SystemFunction032 Win32 API function, I decided to quickly have a look at it. The first thing I noted after Googling this function was the source code from ReactOS. Seems like other SystemFunctions from 001 got other […]  ( 7 min )

Web3 Decoder is a Burp Suite Extension that allows to decode “web3” JSON-RPC calls that interact with smart contracts in a EVM blockchain. As it is said that a picture is worth a thousand words, the following two screenshots shows a Raw JSON-RPC call, and its decoded function call: Background When auditing a DApp (Decentralized … Continue reading Tool Release – Web3 Decoder Burp Suite Extension →  ( 8 min )

Last week, we released a new API Pentesting product that allows you to test your headless API endpoints through the Synack Platform. Before the release, we conducted more than 100 requests for headless API pentests, indicating a growing need from our customers. This new capability provides an opportunity to get human-led testing and proof-of-coverage on […] The post Minimize Noise With Human-Led API Pentesting appeared first on Synack.  ( 6 min )

In recent conflicts, digital technology has become weaponized, eroding the traditional barriers that divide the roles of civilians and combatants.  ( 20 min )

By Andreas Kellas Trail of Bits recently published a blog post about a signed integer overflow in certain versions of SQLite that can enable arbitrary code execution and result in a denial of service. While working on proof-of-concept exploits for that vulnerability, we noticed that the compiler’s representation of an important integer variable is semantically […]  ( 14 min )

The automatic variable PSBoundParameters stores the parameters that you explicitly passed to a function in a hash table. With the help of splatting, you can use this PowerShell feature to simplify passing of parameters to functions. Use splatting and PSBoundParameters to pass parameters in PowerShell first appeared on 4sysops.  ( 36 min )

This is a small update: you can now select which hash algorithm to use for option -H by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS. And the statistics options (-a) also display a list of objects with streams. pdf-parser_V0_7_7.zip (http)MD5: BCAE193F171184F979603DFB1380FF43SHA256: 576C429FA88CF0A7A110DAB25851D90670C88EC4CD7728329E754E06D8D26A70  ( 9 min )

No content preview

As one of the only EU-based Cyber Security companies, NVISO successfully participated in a first-of-its-kind, MITRE-led, evaluation of Managed Security Services (MSS). The inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Security Services ran in June 2022 and its results have been published today. NVISO performed excellently in the evaluation, demonstrating services that are at or … Continue reading NVISO EXCELS IN MITRE ATT&CK® MANAGED SERVICES EVALUATION →  ( 6 min )

In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.  ( 23 min )

We released a new version of Burp recently on the Early Adopter channel that updates DOM Invader to help find cross-domain secrets. In this post we are going to show you how to use DOM Invader to dete  ( 3 min )

A friend of the site recently suggested that we create a current-issue case study using our updated risk discovery approach. “It’s a great idea,” we replied and immediately started kicking around ideas.

Nicholas Baker’s book Human Smoke brilliantly illustrates a unique approach to historical narrative. It also underscores the need to remember that every artist paints with intent.

In this new age of giant monsters, advanced awareness of classical surprise—that one big tipping moment—no longer suffices.

Accommodate but don’t fight the limitations you can’t control, recognize those you can influence and leverage, and don't imagine you have more free cells than you actually do.

British officer Vladimir Peniakoff’s approach to planning might sound a bit unorthodox at first, but it aligns nicely with Patton’s view of intelligence and speaks to an enduring need to understand front-line conditions.

We need a more flexible game board where players can explore hypergame strategies—in other words, a game board where the strategist can play the hero for a change. We’ve built it.

Not every surprise is a cunning thunderbolt. Some surprises creep up slowly, rusting away former resilience until a simple nudge reveals the rot.