Malicious code in vite-plugin-css-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76 The package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented applyGlobalStylespalette, accents export, when called on...

pickle-scan-bypass-poc

CTF Write-up: BrineBreaker Pickle Scan Evasion Este reposit...

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network VPN tool. "The malware can execute remote PowerShell commands, download and exfiltrate files,...

CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique

In Zscaler Internet Access ZIA a mismatch between Connect Host and Client Hello's Server Name Indication SNI enables attackers to evade network security controls by hiding their communications within legitimate traffic...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known ...

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps

Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack...

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

DeathSleep - A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

Suricata 缓冲区错误漏洞

Suricata is a network intrusion detection system IDS, intrusion prevention system IPS, and network security monitoring engine developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load pre-defined...

SysWhispers - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Introduction Various security products place hooks in user-mode APIs which allow...

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

ARCHIVED STORY In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass By Eoin Carroll · June 20, 2019 Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILEOBJECT locations, which impacts non-EDR Endpoint Detection a...

Threat Roundup for June 16-22

As usual, we are bringing you the weekly Threat Roundup to highlight the most prevalent threats we've seen between June 15 and 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgres Database to Start Mining Monero

As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database...

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...

UniByAv - Shellcode Obfuscator Anti-Virus Friendly

UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time th...

Demiguise - HTA Encryption Tool for RedTeams

What does it do? The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to ge...

APT Group Embeds C&C Data on TechNet Pages

The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources. New research published last week by Microsoft and FireEye revealed targeted attacks against organizations have been...

Dyre Banking Trojan Avoids Sandbox Detection

A number of unidentified commercial and freely available sandboxes fail to detect a new version of the Dyre banking Trojan, which was recently blamed for more than $1 million in losses to financial institutions and enterprises. The new strain of Dyre, also known as Dyreza, uses a fairly new...