A real-life case of the Log4Shell vulnerability
The cybersecurity incident at ONUS started with a Log4Shell vulnerability in their payment software provided by Cyclos but later escalated due to misconfigurations and mistakes in granting permissions at AWS S3. Attackers took advantage of the vulnerability in the Cyclos software to attack even before the vendor could inform and provide patch instructions for its clients.
https://cystack.net/research/the-attack-on-onus-a-real-life-case-of-the-log4shell-vulnerability
   
Bypassing early 2000s copy protection for software preservation
The CD of Bygg hus med Mulle Meck incorporates a disc copy protection scheme known as SafeDisc V2, which was very common in games of the era.
https://blog.paavo.me/masa-copy-protection/
Still waiting on the daybreak, its shadows in my mind
The following simple code was used to extract the differences between the two speckle patterns, I picked the red channel from the image and found out about this way to 'difference' two images from - https://www.
https://www.anfractuosity.com/projects/fun-with-speckle-patterns/
PHP LFI with Nginx Assistance
Upload a big client body to force nginx to create a /var/lib/nginx/body/$X def.
http://bierbaumer.net/security/php-lfi-with-nginx-assistance/
archercreat/vmpfix: Universal x86/x64 VMProtect 2.0-3.X Import fixer
VMPfix is a dynamic x86/x64 VMProtect 2.13-3.5 import fixer.
https://github.com/archercreat/vmpfix
Microsoft Defender for Identity security alert lateral movement playbook
The lateral movement playbook is third in the four part tutorial series for Microsoft Defender for Identity security alerts.
https://docs.microsoft.com/en-us/defender-for-identity/playbook-lateral-movement
|
