Emotet malware distributed as fake W-9 tax forms from the IRS
https://www.bleepingcomputer.com/news/security/emotet-malware-distributed-as-fake-w-9-tax-forms-from-the-irs/
GitHub - Cryptogenic/PS5-IPV6-Kernel-Exploit: An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW
https://github.com/Cryptogenic/PS5-IPV6-Kernel-Exploit
Utah social media law requires parental permission for kids : NPR
https://www.npr.org/2023/03/24/1165764450/utahs-new-social-media-law-means-children-will-need-approval-from-parents
GitHub - corkami/pics: Posters, drawings...
https://github.com/corkami/pics
GitHub - Acceis/exploit-CVE-2023-23752: Joomla! < 4.2.8 - Unauthenticated information disclosure
https://github.com/Acceis/exploit-CVE-2023-23752
Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/
GitHub - ZeroMemoryEx/Chaos-Rootkit: x64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilities
https://github.com/ZeroMemoryEx/Chaos-Rootkit
Josh on Twitter: "Seeing people trot out mom-n-pop ransomware victims to complain about OST is so odd. Those shops would benefit so much more if you yelled at Microsoft to ship actual endpoint protection by default instead of sending nastygrams to random GitHub authors" / Twitter
https://twitter.com/passthehashbrwn/status/1640020575316746243
[QuickNote] Decrypting the C2 configuration of Warzone RAT | 0day in {REA_TEAM}
https://kienmanowar.wordpress.com/2023/03/25/quicknote-decrypting-the-c2-configuration-of-warzone-rat/![[QuickNote] Decrypting the C2 configuration of Warzone RAT | 0day in {REA_TEAM}](/image/screenshot/e2f9e2d884cc08f329e29503085542a1.webp)
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA
https://www.cisa.gov/news-events/alerts/2023/03/23/untitled-goose-tool-aids-hunt-and-incident-response-azure-azure-active-directory-and-microsoft-365
yara-rules/msil_susp_obf_xorstringsnet.yar at main · dr4k0nia/yara-rules · GitHub
https://github.com/dr4k0nia/yara-rules/blob/main/dotnet/msil_susp_obf_xorstringsnet.yar
GitHub - cecio/USBvalve: Expose USB activity on the fly
https://github.com/cecio/USBvalve
Triage | Behavioral Report
https://tria.ge/230326-sncxfagh98/behavioral2
David Buchanan on Twitter: "holy FUCK. Windows Snipping Tool is vulnerable to Acropalypse too. An entirely unrelated codebase. The same exploit script works with minor changes (the pixel format is RGBA not RGB) Tested myself on Windows 11 https://t.co/ovJKPr0x5Y" / Twitter
https://twitter.com/David3141593/status/1638222624084951040
Our Pwn2Own journey against time and randomness (part 1)
https://blog.quarkslab.com/our-pwn2own-journey-against-time-and-randomness-part-1.html
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
https://github.com/timetravelthree/IDARustDemangler
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/1c9264473281f0d5144912a8c05d803697c7da8707cd5607017e6936d2fa1588/
Rob on Twitter: "@RDKLInc School IT staff are people who couldn’t get a better paying IT job in the private sector." / Twitter
https://twitter.com/RockyMtnPaper_/status/1639370154365599744
strandjs - @[email protected] on Twitter: "Warning signs of infosec disaster. "8 characters is fine." "No one wants to hack us." "We are compliant." "No one will find that API." "Insurance will cover us." "If it ain't broke, don't fix it." Yours?" / Twitter
https://twitter.com/strandjs/status/1639637495062077441
Apple Safari JavaScriptCore Inspector Type Confusion - SSD Secure Disclosure
https://ssd-disclosure.com/apple-safari-javascriptcore-inspector-type-confusion/
Vibrator maker ordered to pay out C$4m for tracking users' sexual activity | Data protection | The Guardian
https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits
Jamie Williams on Twitter: "Tweet a random photo from your phone with no explanation. https://t.co/Zmda1blBvN" / Twitter
https://twitter.com/jamieantisocial/status/1640016841450967040
Reversing UK mobile rail tickets
https://eta.st/2023/01/31/rail-tickets.html
The SQL Injection Knowledge Base
https://www.websec.ca/kb/sql_injection
#1865991 Open Redirect Vulnerability in Action Pack
https://hackerone.com/reports/1865991
grsecurity - Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse
https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse
GitHub - TheD1rkMtr/HeapCrypt: Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
https://github.com/TheD1rkMtr/HeapCrypt
Release TokenUniverse v0.3 · diversenok/TokenUniverse · GitHub
https://github.com/diversenok/TokenUniverse/releases/tag/v0.3
h26forge.pdf
https://wrv.github.io/h26forge.pdf
Custom Application Development Software for Business - Salesforce.com
http://site.com/?q=HERE
Michael Koczwara on Twitter: "Sliver C2 infra in one tweet 😆 263 IPs most of them run Sliver on 31337 but there are also quite a lot of unusual ones There is also overlap with Cobalt Strike, Mythic, Deimos, and so on as TA runs multiple C2 on the servers 🤷♂️ 1.13.174.161 3.8.115.155 3.128.135.199… https://t.co/znXZFP6Myt" / Twitter
https://twitter.com/i/web/status/1639587828899147777
PoC-Malware-TTPs/PrintBrm-Impant-Exec at main · knight0x07/PoC-Malware-TTPs · GitHub
https://github.com/knight0x07/PoC-Malware-TTPs/tree/main/PrintBrm-Impant-Exec
InfoSec Handlers Diary Blog - SANS Internet Storm Center
https://i5c.us/d29672
ハッキングAPI ―Web APIを攻撃から守るためのテスト技法 | Corey Ball, 石川 朝久, 北原 憲, 洲崎 俊 |本 | 通販 | Amazon
https://amzn.to/3nokDdK
дэн on Twitter: "if i was 20 now i’d drop everything and jump into AI. i feel a great deal of FOMO tbh but also hesitant about abandoning all the context i already have in my field. not sure what to do." / Twitter
https://twitter.com/dan_abramov/status/1640022734989139970
#1265709 Lack of bruteforce protection for TOTP 2FA
https://hackerone.com/reports/1265709
Vice Society claims attack on Puerto Rico Aqueduct and Sewer AuthoritySecurity Affairs
https://securityaffairs.com/144022/hacking/puerto-rico-aqueduct-and-sewer-authority-attack.html
Week 13 – 2023 – This Week In 4n6
http://thisweekin4n6.com/2023/03/26/week-13-2023/
Exploit Pack
https://exploitpack.com
Breaking Pedersen Hashes in Practice – NCC Group Research
https://research.nccgroup.com/2023/03/22/breaking-pedersen-hashes-in-practice/
#1302155 Arbitrary read of all SVG files on a Nextcloud server
https://hackerone.com/reports/1302155
Nitrous oxide: Possession of laughing gas to be criminal offence - BBC News
https://www.bbc.co.uk/news/uk-politics-65079772
Richard Johnson on Twitter: "I wanted to give Philippe the spotlight first but I was also laid off two weeks ago. I’m available for fuzzing related contract work and private trainings. I’ll be posting some public online training events soon. I’m also researching AI model fine tuning for security applications" / Twitter
https://twitter.com/richinseattle/status/1640109577864896512