MalwareTech - RSS Feed

Latest articles

TikTok is a National Security Risk, Not A Privacy One

An analysis of the threat posed by TikTok and why we need to weigh our options carefully.

TikTok is a National Security Risk, Not A Privacy One

An analysis of the threat posed by TikTok and why we need to weigh our options carefully.

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

Vulnerability Details From https://www.openssl.org/news/secadv/20221101.txt X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) ========================================================== Severity: High A buffer overrun can be triggered in X.509 certificate verification, specifically The post Everything you need to know about the OpenSSL 3.0.7...

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech The post [Video] Introduction to Use-After-Free Vulnerabilities...

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. The post [Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis appeared first on MalwareTech.

An in-depth look at hacking back, active defense, and cyber letters of marque

There has been much discussion in cyber security about the possibility of enabling the private sector to engage in active cyber defense, or colloquially “hacking back”. Several house bills have been introduced to study or enable this, such as the “Study on Cyber-Attack Response Options Act” and “Active Cyber Defense … The post An in-depth look at...

How I Found My First Ever ZeroDay (In RDP)

Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS. After all, there are teams of vulnerability … The post How I Found My First Ever ZeroDay (In RDP) appeared...

Are Criminals Really Using ICS Malware?

Recently, The New York Times posted a sensational article about criminals using sophisticated state software for the first time. The headline is non-specific and could be taken to mean state hacking tools in general; however, this would be completely untrue. The NSA hacking tools leaked by the shadowbrokers are used … The post Are Criminals Really...

BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)

Due to the serious risk of a BlueKeep based worm, I’ve held back this write-up to avoid advancing the timeline. Now that a proof-of-concept for RCE (remote code execution) has been release as part of Metasploit, i feel it’s now safe for me to post this. This article will be … The post BlueKeep: A Journey from DoS to RCE (CVE-2019-0708) appeared first...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!