We are approaching 300,000 followers on Twitter.

This is an astronomically large number that we never expected to reach.

Some thoughts and feelings:

When vx-underground was first created in May, 2019 the initial goal was to 'revive the VX-scene' – with the hopes that with

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.

The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:

Constantly updated collection of links to blog posts, write-ups and papers related to cybersecurity, reverse engineering and exploitation

github.com/0xor0ne/awesom…

#cybersecurity #infosec

Windows Device Drivers Internals and some Reversing twitter.com/i/broadcasts/1…

Exploiting the libwebp Vulnerability, Part 1 : Playing with Huffman Code : darknavy.org/blog/exploitin…

Exploiting the libwebp Vulnerability, Part 2: Diving into Chrome Blink : darknavy.org/blog/exploitin…

Mandiant reveals that a “hacktivist” persona created by APT44, has recently targeted & disrupted U.S. and Polish water utilities, as well as a French dam.

Read more on our latest findings here: bit.ly/4aS7RYe

#Mandiant #APT44

Hunting and analysing (Windows) vulnerable kernel drivers by Takahiro Haruyama (VMware)

blogs.vmware.com/security/2023/…

#Windows

Binarly advisories are up and documenting detailed guidance for the security community, as always.

OOB Read in BMC firmware - Medium (CWE-125)
🔥BRLY-2024-002 binarly-io.webflow.io/advisories/brl…
🔥BRLY-2024-003 binarly-io.webflow.io/advisories/brl…
🔥BRLY-2024-004 binarly-io.webflow.io/advisories/brl…

The OpenJS Foundation spotted three other 'Jia Tan'-like supply chain attack attempts. One targeted OpenJS and two other targeted unnamed 'popular JavaScript projects'. Unclear if related to the XZ supply chain attack or how recent they are. Would be nice to get a bit more

Awhile back we heard rumors of a Telegram RCE 0day. We brushed it off as silly memes. Turns out the 0day was 100% real and you're all probably pwned.

It was unveiled on XSS. Nerds celebrated

(joking about pwned part... kind of)

More information: bleepingcomputer.com/news/security/…

There is still time to register for my new hands-on debugging class next month!
I’m not likely to teach this class again soon so if you want to take it, now is your chance 😊

Jigsaw is a tool to obfuscate raw shell code by outputting randomized shell code, a lookup table, and a C/C++ stub to reassemble it at runtime. #CyberSecurity #InfoSec

github.com/RedSiege/Jigsaw

🚨 CYBERALERT 🚨 Polacy masowo otrzymują SMS-y informujące o wpisie do rejestru długów. Co ciekawe, SMS-y zawierają poprawne imię i nazwisko.

⚠️ Jeśli ktoś pobierze zalinkowany raport, to zostanie mu naliczona opłata w wysokości 1299zł.

Kim jest nadawca SMS-ów i skąd ma dane?

Mamy kolejną falę spoofingu telefonicznego. Najnowszymi ofiarami Sławomir Mentzen i Krzysztof Stanowski

Pomimo wejścia w życie ustawy antyspoofingowej wciąż każdy może dzwonić z cudzych numerów telefonów, np. dziennikarzy czy polityków. To bardzo proste i dalej możliwe do osiągnięcia

Random useful information: Twitter IDs are 63 bits (minus sign bit), and the first 41 are the timestamps since ≈Nov. 3, 2010

''GitHub - eversinc33/Banshee: Experimental Windows x64 Kernel Rootkit.''

#infosec #pentest #redteam #blueteam
github.com/eversinc33/Ban…

I’ve been outed as a chronic procrastinator. So I’ll use this chance to ask - what do you want me to talk about?
Let me know about any topics you think are interesting and would like to hear me talk about 😊

It seems #Gamaredon #APT is using CVE-2023-3881 to attack Ukraine. This sample was submitted to VT from Poland.
d8ccaef116cada9c558f9e912d5cf7ef2978082611e677f6f55ca233f47a2f68

During the last two weeks, we have been focused on detailed analysis and validation of the existing public information. Today, we want to share our validated results and interesting new discoveries on #XZbackdoor .

The REsearch is in progress ...

While Microsoft's User Account Control is not defined as a security boundary, bypassing UAC is still something attackers frequently do. Check out this blog post from Matt Nelson detailing one method for bypassing UAC using App Paths. ghst.ly/43U8XQY