Blog News Exploit -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog








FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash

Adobe Flash is one of the most exploited software components of the last decade. Its complexity and ubiquity make it an obvious target for attackers. Public sources list more than one thousand CVEs being assigned to the Flash Player alone since 2005. Almost nine hundred of these vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of nine or higher.

Exploit blog



The sights and sounds of Cisco Talos at RSA 2019 An estimated 45,000 people attended this year’s RSA Conference in San Francisco to hear talks from some of the greatest minds in security.As always, Cisco and Talos had a massive presence at the conference, topping off the week with a keynote address featuring Matt Watchinski, the vice president of Cisco Talos, and Liz Centoni, a senior vice president and general manager of Cisco’s Internet-of-things business group. Exploit blog Cisco Talos


Examining Pointer Authentication on the iPhone XS

In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel PAC signatures for the A keys, which is sufficient to execute arbitrary code in the kernel using JOP. The technique I discovered was (mostly) fixed in iOS 12.1.3. In fact, this fix first appeared in the 16D5032a beta while my research was still ongoing.

Exploit blog

Project Zero


voucher_swap: Exploiting MIG reference counting in iOS 12 In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's task_swap_mach_voucher() function. We'll see how to exploit this bug on iOS 12.1.2 to build a fake kernel task port, giving us the ability to read and write arbitrary kernel memory. (This bug was independently discovered by @S0rryMybad.) In a later post, we'll look at how to use this bug as a starting point to analyze and bypass Apple's implementation of ARMv8.3 Pointer Authentication (PAC) on A12 devices like the iPhone XS.Exploit blog Project Zero
12.12.18 Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp WhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Exploit blog Project Zero
1.12.18 Injecting Code into Windows Protected Processes using COM - Part 2 In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. Exploit blog Project Zero


Heap Feng Shader: Exploiting SwiftShader in Chrome

On the majority of systems, under normal conditions, SwiftShader will never be used by Chrome - it’s used as a fallback if you have a known-bad “blacklisted” graphics card or driver. However, Chrome can also decide at runtime that your graphics driver is having issues, and switch to using SwiftShader to give a better user experience.

Exploit blog

Project Zero

14.11.18 Deja-XNU This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2.Exploit blog Project Zero


The Emergence of the

New Azorult 3.3

During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult is a long known information stealer and malware downloader, with this particular version being advertised in an underground forum since October 4. Exploit blog Checkpoint


CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center...

Exploit blog



Return of the Festi Rootkit Festi, a once popular rootkit is back in the wild, distributed mainly by the RIG exploit kit. A long known Windows rootkit, Festi dates back to 2009 where at that time it served.Exploit blog



A New Rig Exploit Kit Campaign Dropping XMRig Miner Cryptocurrency values may be tumbling but cyber criminals are still hedging their bets on its long term returns. Check Point researchers have discovered a new malvertising campaign leading to the Rig Exploit Kit..Exploit blog



Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

FireEye identified a new exploit kit that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region.

Exploit blog