Apple 🍎

VBS Enclaves Development Guide - Secure Enclaves Development guide for Virtualization-based security (VBS) enclaves - Learn how to build a basic VBS enclave.

Awesome that MS are supported and documenting VBS enclaves properly. learn.microsoft.com/en-us/window.... Also awesome that in the example exported entry point they provide they don't seem to mention how careful you need to be with the input pointer that you don't just read/write enclave memory :)

25.11.2024 02:49 — 👍 15    🔁 5    💬 1    📌 0

Blog: Finding Bugs in Chrome with CodeQL Want to learn about using a static analysis tool called CodeQL to search for vulnerabilities in Google Chrome? Then this blog post is for you!

TIL Google makes CodeQL databases available for Chrome. They also have a few example queries and CodeQL libraries available in the Chromium source repo (under tools/codeql/queries).

So, happy bug hunting everyone! 🙂

bughunters.google.com/blog/5085111...

21.11.2024 12:31 — 👍 4    🔁 1    💬 0    📌 0

Local privilege escalation in Windows Velociraptor service Local privilege escalation in Windows Velociraptor service

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...

22.11.2024 17:23 — 👍 15    🔁 8    💬 0    📌 0

Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)

20.11.2024 11:21 — 👍 36    🔁 14    💬 1    📌 0

Hello 🍏

21.11.2024 08:00 — 👍 1    🔁 0    💬 0    📌 0