2286 matches found
Memory corruption
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root but not escape the sandbox via vectors involving IPCRMID shmctl calls, because reference counting is mishandled...
CVE-2018-19333
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root but not escape the sandbox via vectors involving IPCRMID shmctl calls, because reference counting is mishandled...
CVE-2018-6080
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...
Design/Logic Flaw
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...
CVE-2018-6080
Removed by vendor...
Advanced tools: Process Hacker
Process Hacker is a very valuable tool for advanced users. It can help them to troubleshoot problems or learn more about specific processes that are running on a certain system. It can help identify malicious processes and tell us more about what they are trying to do. Background information...
Memory Man in the Middle: MemITM
The MemITM Mem In The Middle tool has been developed in order to easily intercept “messages” in Windows processes memory. We developed a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them to...
(Pwn2Own) Apple macOS task_set_special_port Port Overwrite Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach...
CVE-2018-18850
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server f...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. In addition it was discovered that Gentoo’s PostgreSQL installation suffered fro...
Injecting Code into Windows Protected Processes using COM - Part 1
Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...
A Hybrid Solution to Taming SOC Alert Overload
The moving assembly line was one of the greatest innovations of the Industrial Revolution. Prior to 1913, when Henry Ford installed the first moving assembly line in his factory, cars were built by humans performing manual, mundane tasks. Imagine humans hand painting cars on the factory floor –...
Starbucks: Unauthorized access to a system used for CI/CD processes
@k3m reported a vulnerability allowing unauthorized access to a system used for CI/CD processes. Our teams quickly restricted access and fixed the vulnerability. Thank you @k3m for a detailed report...
Mac App Store apps are stealing user data
There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. This is referred to as exfiltrating the data. Some of this data is actuall...
Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)
Windows/x64 10 - WoW64 Egghunter w00tw00t Shellcode 50 bytes. Shellcode exploit for Windowsx86-64 platform include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd -...
Cybercriminals Changing Tactics as Seen in First Half Report
Today, Trend Micro released its first half 2018 security roundup report in which we want to share the threat intelligence we discovered through the Trend Micro Smart Protection Network that allows us to identify the threats that have targeted our customer base. Below are some thoughts I’d like to...
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
Kernel update: Virtuozzo ReadyKernel patch 58.0 for Virtuozzo 7.0.8
The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to the kernel 3.10.0-862.9.1.vz7.63.3 7.0.8. Vulnerability id: PSBM-87858 Haproxy processes were getting stuck in D state in locksock. Vulnerability id: PSBM-87877 It was found that rpcgethdr function...
Dynamic API Call Tracer for Windows and Linux Applications: Drltrace
Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. Motivation Malware analysis is not an easy task. Sophisticated software packers like Themida and...