threatER’s Post

In the face of #Canada’s proposed ban on Flipper Zero, we stand with the security and pen-testing communities in addressing the root cause of vulnerabilities, not the tools that expose them. Flipper Zero is a powerful device for good, shining a light on outdated systems that need urgent updates. Allthenticate has proudly supported the community by giving away Flipper Zeros in the past, and we understand the importance of such tools in advancing security research and education. We encourage a deeper dialogue to ensure that measures taken truly enhance security and innovation. Let's not stifle progress by banning the very tools that help make technology safer for everyone. Read more about Flipper’s response via BleepingComputer here: https://lnkd.in/g-crxQQG #SecurityResearch #FlipperZero #InnovationNotBan #AllthenticateSupports

Do you know that a single piece of code shook the internet? The Morris Worm, released on November 2, 1988, was one of the first worms to spread across the internet, bringing thousands of computers to a standstill. It was created by Robert Tappan Morris, a graduate student at Cornell University, this worm was intended as an experiment to understand the size of the internet. However, a bug in its code caused it to replicate uncontrollably, leading to widespread disruption. #cybersecurity #techhistory #Morrisworm #techfacts #Trycle #accessiblelearning #empoweryouth #EducationToEmployment #RuralEmpowerment #SemiUrbanOpportunities #TalentRecruitment #EducationInclusion #skilldevelopment #Technicaleducation

Researchers from the Graz University of Technology have discovered a cross-cache attack named SLUBStick, which boasts a 99% success rate in converting limited heap vulnerabilities into arbitrary memory read-and-write capabilities. . Demonstrated on Linux kernel versions 5.9 and 6.2, SLUBStick works with modern kernel defenses like SMEP, SMAP, and KASLR active. . The attack exploits heap vulnerabilities to manipulate memory allocation and utilizes a timing side channel for precise memory chunk control. . This allows privilege escalation and container escapes even with state-of-the-art defenses. ---- Details of the attack will be presented at the Usenix Security Symposium, with the technical paper available for further insights at https://lnkd.in/gVcwBsgk . . . . #avmconsulting #LinuxKernel #SLUBStick #CyberSecurity #Vulnerability #PrivilegeEscalation #ContainerEscape #KernelSecurity #HeapExploitation #TechResearch #CyberAttack #SecurityConference #UsenixSecurity #SMEP #SMAP #KASLR #MemoryManagement #TechNews #GrazUniversity #LinuxSecurity #Infosec

Understanding DKOM and Rootkits (I tried to explain in layman's terms) The concept behind DKOM (Direct Kernel Object Manipulation) is to directly modify the objects that the operating system (OS) kernel uses for system maintenance and bookkeeping. In the kernel, there are structures that hold data, such as the list of running processes. In the kernel, running processes are managed using a doubly linked listdefined by EPROCESS blocks. Each EPROCESS block has two pointers: NEXT and BACK. These pointers link the processes in a sequence. When a rootkit is running, it will have its own EPROCESS block. The rootkit can modify the NEXT and BACK pointers of this block, effectively altering its position in the list. By doing so, the rootkit can hide its presence. For instance, in the Task Manager, you won't see the rootkit process, as the entire system will be unaware of it. This manipulation allows rootkits to hide processes, drivers, network ports, and more. #CyberSecurity #MalwareAnalysis #DKOM #Rootkits #KernelSecurity #DigitalForensics #SystemSecurity #ProcessHiding

Recent attempts to introduce malicious backdoors via social engineering attacks on low level open source packages are all the more scary when you consider the classic xkcd comic. Something most would consider esoteric (eg an xz compression library) can be a dependency of hundreds of projects & transitively into many more and ultimately be a massive security issue. https://lnkd.in/ecKYEvux #opensource #security

The NVD is Back... ish #cybersecurity The National Vulnerability Database (NVD) is alive again, folks! But hold the champagne corks - it's more like a shambling zombie than a superhero. 🦸 Here's the deal: Funding's back, a contractor's on board, but don't expect a complete overhaul. We're talking "back to normal" by September, which sounds suspiciously like...well, normal. What does this mean for you? Keep patching those vulnerabilities, because the NVD's still catching its breath. Multiple vulnerability intel sources are still your best bet. Anyone else hoping for a NVD 2.0? Let's discuss in the comments! https://lnkd.in/dmF5V_Em #NVD #CVEs #OpenSource

We have recommendations to spice up your hacker game... HackerBoxes is a subscription service offering monthly surprise discovery boxes containing curated electronics and computer technology gear. Each box provides an opportunity to explore new items and learn through hands-on experience, emphasising fun and challenging projects. Click the link in the comments to get yours👀 #learncybersecurity #ethicalhacking

Hacking: The Art of Exploitation by JonErickson Being able to reduce the number of punchcards needed for a program showed an artistic mastery over the computer, which was admired and appreciated by those who understood it. Analogously, a block of wood might solve the problem of supporting a vase, but a nicely crafted table built using refined techniques sure looks a lot better. The early hackers were transforming programming from an engineering task into an art form, which, like many forms of art, could only be appreciated by those who got it and would be misunderstood by those who didn't. #cybersecurity #ethicalhacking #infosec #penetrationtest #ITsecurity #pratikdhabi #wscubetech

🚨 **Crowdstrike External Technical Root Cause Analysis for the July 29th Incident is out ** 🚨 Well, it looks like regex might just be plotting our downfall! 😅 In CrowdStrike's latest saga, a tiny mismatch between expected and actual input parameters sent Windows sensors into a tizzy, leading to system crashes. The culprit? Our good old friend, the regex-based IPC Template Type, which demanded 21 inputs when it only got 20. Oops! Let’s face it—one day, regex might finally be the end of us all! 🤖 #cybersecurity #regex #CrowdStrike

THE ART OF CONTROL: A Deep Dive into the shadows of Remote Access Trojan 🎩🪄 Welcome to a chilling demonstration of actual demonstration of how a Remote Access Trojan (RAT) takes control of a target machine. I will be using my own Windows system as an example. IN THIS DEMO: 🎭 Unveil the step-by-step incantations that allow RATs to infiltrate and manipulate your digital realm. 🎭 Witness the Sinister elegance of Metasploit as it conjure and execute an unseen attack. 🎭 A clear look at what happens when a system is compromised by a RAT. 🎭 Discover the extent of power an attacker gains over a compromised machine, turning it into an unwitting pawn in a malevolent game. TOOLS OF THE TRADE: OS: Linux RAT: TheFatRat Exploitation: Metasploit Framework NOTE: All the tools used are Open Source and free to use.I will not be responsible for any misuse or illegal application of the information presented. #cybersecurity #ethicalhacking #cybersecurityawarenessmonth