When Hypervisor Met Snapshot Fuzzing | NULL@ROOT
https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores
https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html
Old cat, new tricks, bad habits
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/old-cat-new-tricks.html
[Malware] Bypass AMSI in local process hooking NtCreateSection - Waawaa Blog
https://waawaa.github.io/es/amsi_bypass-hooking-NtCreateSection/![[Malware] Bypass AMSI in local process hooking NtCreateSection - Waawaa Blog](/image/screenshot/6dab23b84030a94843e24675615156e5.webp)
CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards
https://www.bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboards/
Hit by ransomware? No More Ransom now offers 136 free tools to rescue your files | Europol
https://www.europol.europa.eu/media-press/newsroom/news/hit-ransomware-no-more-ransom-now-offers-136-free-tools-to-rescue-your-files
WTSRM/WTSRM-SLIDES.pdf at master · rad9800/WTSRM · GitHub
https://github.com/rad9800/WTSRM/blob/master/WTSRM-SLIDES.pdf
Jason Hughes on Twitter: "Tesla really fires me up sometimes.😡🧵 I have a customer who's the ~3rd owner of a 2013 Model S 60. At some point years ago the battery pack was swapped under warranty with a 90 pack. It wasn't software limited. It was effectively made into a 90 by Tesla. Years went by. (1/*)" / Twitter
https://twitter.com/wk057/status/1551713024171548672
Zyxel authentication bypass patch analysis (CVE-2022-0342) - hn security
https://security.humanativaspa.it/zyxel-authentication-bypass-patch-analysis-cve-2022-0342/
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable – Mickey's Blogs – Exploring the world with my sword of debugger :)
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
No More Ransom helps millions of ransomware victims in 6 years
https://www.bleepingcomputer.com/news/security/no-more-ransom-helps-millions-of-ransomware-victims-in-6-years/
GitHub - DeimosC2/DeimosC2: DeimosC2 is a Golang command and control framework for post-exploitation.
https://github.com/DeimosC2/DeimosC2
LockBit claims ransomware attack on Italian tax agency
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-italian-tax-agency/
SANS Offensive Operations on Twitter: "Calling on the #PurpleTeam community! We're adding a #purpleteam track to this year's #SANSHackFest! Do you have lessons learned from building a purple team? Share your real-life use cases with us! ✍️ Submit by Aug 1: https://t.co/fVCcCXj9ca https://t.co/lSkr6XQ38g" / Twitter
https://twitter.com/sansoffensive/status/1551958682170261504
CVE-2022-31813: Forwarding addresses is hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
y0ny0ns0n on Twitter: "I write a blog post about how to use @0vercl0k’s wtf to real world target! https://t.co/SqyQQxBmin" / Twitter
https://twitter.com/y0ny0ns0n/status/1551697255932907520
x86matthew - EmbedExeReg - Embedding an EXE inside a .REG file with automatic execution
https://www.x86matthew.com/view_post?id=embed_exe_reg
GitHub - mandiant/Azure_Workshop
https://github.com/mandiant/Azure_Workshop
Amazon S3の脆弱な利用によるセキュリティリスクと対策 - Flatt Security Blog
https://blog.flatt.tech/entry/s3_security
Gigamon Careers - Sr. Security Engineer
https://jobs.jobvite.com/gigamon/job/o1u1jfwz