Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser This article has been indexed from MalwareTech Read the original article: CVE-2024-38063 – Remotely Exploiting The Kernel Via IPv6
Tag: MalwareTech
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
Performing a root cause analysis and building proof-of-concept for the recent August 2024 CVSS 9.0 TCP/IP RCE vulnerability This article has been indexed from MalwareTech Read the original article: Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer This article has been indexed from MalwareTech Read the original article: Bypassing EDRs With EDR-Preloading
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks. This article has been indexed from MalwareTech Read the original article: Silly EDR Bypasses and Where To Find Them
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations. This article has been indexed from MalwareTech Read the original article: An Introduction to Bypassing User Mode EDR Hooks
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it. This article has been indexed from MalwareTech Read the original article: It might Be Time to Rethink Phishing Awareness
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT’s capabilities and various claims about how it will revolutionize cybercrime. This article has been indexed from MalwareTech Read the original article: A Realistic Look at Implications of ChatGPT for Cybercrime
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully. This article has been indexed from MalwareTech Read the original article: TikTok is a National Security Risk, Not A Privacy One
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
Live Status: this is an ongoing issue, and I plan to update this article when new information become available. Make sure to deep-refresh to avoid The post Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)…
Everything you need to know about the OpenSSL 3.0.7 Patch
Live Status: this is an ongoing issue, and I plan to update this article when new information become available. Make sure to deep-refresh to avoid The post Everything you need to know about the OpenSSL 3.0.7 Patch appeared first on…
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
This article has been indexed from MalwareTech An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech The post [Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part:…
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
This article has been indexed from MalwareTech An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech The post [Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part:…
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis
This article has been indexed from MalwareTech Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. The post [Video] Exploiting Windows RPC – CVE-2022-26809 Explained…
An in-depth look at hacking back, active defense, and cyber letters of marque
This article has been indexed from MalwareTech There has been much discussion in cyber security about the possibility of enabling the private sector to engage in active cyber defense, or colloquially “hacking back”. Several house bills have been introduced to…
How I Found My First Ever ZeroDay (In RDP)
Read the original article: How I Found My First Ever ZeroDay (In RDP) Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the…
Are Criminals Really Using ICS Malware?
Read the original article: Are Criminals Really Using ICS Malware? Recently, The New York Times posted a sensational article about criminals using sophisticated state software for the first time. The headline is non-specific and could be taken to mean state…