SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. This...
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
tl;dr This blog post documents some of the actions taken during the initial access phase for an attack attributed to Lazarus, along with analysis o...
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
BluStealer malware was first detected in May 2021 by James_inthe_box. Back then, it was delivered through a phishing mail, either as an attachment ...
“请问,俄乌冲突将如何影响半岛局势?” APT组织KIMSUKY近期定向攻击活动分析
一、概述 近期,绿盟科技伏影实验室捕获了多个名为”TBS TV_Qs.doc”的钓鱼文档与相关木马程序。经分析,该系列恶意文件均为APT组织Kimsuky近期网络攻击活动的...
On the Fuzzing Hook
Coverage-guided fuzzers, like Jazzer, maximize the amount of executed code during fuzzing. This has proven to produce interesting findings deep ins...
Samsung Galaxy – Any App Can Install Any App In The Galaxy App Store
Product Galaxy Store Prior To Version 4.5.36.4 Severity High CVE Reference CVE-2022-28776 Type Automatic Application Install Description F...
汽车智能化系统软件分析之—操作系统
点击图片报名参加在智能网联时代,车机操作系统 OS(operating system)按下游应用划分,可以分为车控 OS和座舱 OS两大类:(1)车控 OS:主要负责实现车辆底...
Cobalt Strike模块功能修改Bypass数字核晶
众所周知,Cobalt Strike的一些功能模块都是用spawn的方法实现,其原理就是启动一个进程,然后对该进程进行功能模块dll反射注入,默认profile下是启动rundll3...
【SRC挖洞经验】GitHub页面接管并利用-子域名接管
漏洞介绍当访问一个目标的子域(假如是:wwblog.qq.com)时,长这样,可以尝试去用github.io去接管一下通过dig + 域名会得到一个cname地址,一般是 xxxx.gith...
智能电表安全之通讯分析
本文为看雪论坛优秀文章看雪论坛作者ID:blck四平时研究二进制漏洞和内核遇到的问题都在看雪得到了答案,也很感谢这些前辈将自己解决问题的思路共享出来,...