#CVE-2018-8453 deep analysis, from Use After Free to arbitrary memory read/write by 360 Threat Intelligence Center, a follow up of vulnerability being used by #FruityArmor group targeting the Middle East. ti.360.net/blog/articles/… the video：video.twimg.com/tweet_video/Dx…

Version 1.1 of BinCAT, our static binary code analyzer for reversers, was just released, with long awaited AMD64 support and huge performance improvements. Get it there: github.com/airbus-seclab/…

#Zebrocy MD5 c9e1b0628ac62e5cb01bf1fa30ac8317 cape.contextis.com/analysis/32273/

CVE-2018-16858 - My writeup about a RCE vulnerability via macro execution in Libreoffice: insert-script.blogspot.com/2019/02/libreo…

#ExileRAT is still up n running hxxp://27.126.188.212/2//

2019-02-08: #ExileRAT Group: "CVE-2017-8759" altered toolkit "get_robin.py" server thread w/ local logging { SHELLCODE1 = 'sc.dat' as JScript | LOG_FILE = 'robins.log' } h/t PhysicalDrive0 Original Research 👍 -> x.com/TalosSecurity/…

A curated list of IDA x64DBG and OllyDBG plugins github.com/fr0gger/awesom…

#GandCrab V5.2 BitdefenderLabs

#WinPot Sample MD5 821e593e80c598883433da88a5431e9d #ATM cape.contextis.com/analysis/39924/

Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape: chromereleases.googleblog.com/2019/03/stable… In 2019, I expect epic 0days to be found in the wild: Android, iOS, Windows, Office, virtualization, and more. Stay safe and enjoy the show.

One more #zeroday exploit was used in APT attack. securelist.com/cve-2019-0797-…

Microsoft fixed a Windows 0day (CVE-2019-0808) in Patch Tuesday. Our team constructed the POC and reproduced the vulnerability triggering process. Click here to read more: blogs.360.cn/post/RootCause…

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86 github.com/exodusintel/CV…

WINRAR EXPLOIT BUILDER Select your malware file and upload it and your malicious RAR-file will be created hxxp://lofi.stream cve-2018-20250

Operation #ShadowHammer Sample MD5 aa15eb28292321b586c27d8401703494 cape.contextis.com/analysis/55097/ #Asus #Susafone

Circumventing Windows Defender ATP's user-mode APC Injection sensor from Kernel-mode : rce4fun.blogspot.com/2019/04/circum…

Now, Sibyl can be called from sigpwn (github.com/cea-sec/Sibyl/…) or use it headless for function address discovering (github.com/cea-sec/Sibyl/…) :)

We found one more #zeroday exploit that was used in APT. securelist.com/new-win32k-zer…