Rahman

Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies. If you're a stinky GitHub and VSCode nerd maybe you'll understand. tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github https://t.co/uh17usZeEH

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: https://t.co/9nqku4svkY

📉 𝐂𝐲𝐛𝐞𝐫 𝐬𝐢𝐠𝐧𝐚𝐥 𝐢𝐬 𝐝𝐫𝐨𝐩𝐩𝐢𝐧𝐠. 📈 𝐀𝐈 𝐧𝐨𝐢𝐬𝐞 𝐢𝐬 𝐫𝐢𝐬𝐢𝐧𝐠. To help, I created a list of active cybersecurity blogs written by people who still publish real research. If you follow any of these already (or have gems I should add), let me know. 📌https://t.co/Zd6y7nSFyL

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L

So here is new local privilege escalation zero-day I discovered, not patched yet too :). In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint. Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client. In the white paper below, I describe five exploit paths you can abuse. However it's architecture problem and maybe there are more. It's Not A Potato https://t.co/DOfRFgYqI9

We released a new public tool, 3LayersPersistence, that demonstrates 3 different persistence layers implemented in one executable. https://t.co/JElB2vXvTg The implementation uses WMI event subscriptions, DLL sideloading, and COM hijacking in a single workflow, with the executable patching itself into proxy DLLs at runtime, allowing execution through multiple persistence paths.