ITSEC Newsletter 2024-04-04

Red team is best team

Author

Henrik Falk
April 04, 2024

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu - Exodus Intelligence

This post describes the data-only exploit strategy that we implemented, allowing a non-privileged user (and without the need of unprivileged user namespaces) to achieve root privileges on affected systems. First, a general overview of the io_uring interface is given, as well as some more specific details of the interface relevant to this vulnerability. Next, an analysis of the vulnerability is provided. Finally, a strategy for a data-only exploit is presented.

blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu

Beyond Detection SMB Staging for Antivirus Evasion

In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction is SMB (Server Message Block) staging, a maneuver that allows attackers to bypass antivirus software and gain unauthorized access to systems. In this article, we delve into the intricate world of malware development, exploring some staging mechanics.

lsecqt.github.io/Red-Teaming-Army/malware-development/beyond-detection-smb-staging-for-antivirus-evasion

Lord Of The Ring0 - Part 6 | Conclusion

In this blog post, we will write a simple driver that is capable of bypassing AMSI to demonstrate patching usermode memory from the kernel, go through credential dumping process from the kernel and finish with tampering various kernel callbacks as an example for patching kernel mode memory and last but not least - the final words and conclusion of this series.

idov31.github.io/posts/lord-of-the-ring0-p6