Explore >> Select a destination
|
You are here 
|
bohops.com | ||
| | | | |
m417z.com
|
|
| | | | | This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December's Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or otherwise inaccessible process, allowing for privilege escalation. The vulnerability is caused by a lack of security checks in the InitializeXamlDiagnosticsEx API, which is used for inspecting applications that use Extensible Application Markup Language (XAML) for their UI. XAML is the recommended way to build user interfaces in new Windows applications, and is used by more and more built-in applications, including Task Manager and Windows Terminal. | |
| | | | |
unit42.paloaltonetworks.com
|
|
| | | | | RCE vulnerability CVE-2023-3519 affects Citrix NetScaler products. This threat brief examines the current evidence, attack scope and interim guidance. | |
| | | | |
enigma0x3.net
|
|
| | | | | Over the past few weeks, I have had the pleasure to work side-by-side with Matt Graeber (@mattifestation) and Casey Smith (@subtee) researching Device Guard user mode code integrity (UMCI) bypasses. If you aren't familiar with Device Guard, you can read more about it here: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide. In short, Device Guard UMCI prevents unsigned binaries from... | |
| | | | |
scottiestech.info
|
|
| | | Does the water in a toilet swirl in different directions in the Northern and Southern hemispheres? After all, that's exactly what happens with hurricanes... | ||
