Enter Yak Lang, a language designed to address the evolving needs of security practitioners and organizations. As technology advances and the scope of security projects expands, there is a growing necessity for languages that excel in both efficiency and suitability for product distribution, engineering research and development, and platform building. This is where Golang has…
Introduction Bitbucket, a widely used Git repository management solution, provides a platform for developers to manage and collaborate on code. However, its extensive functionality and integration capabilities also present numerous attack vectors and surfaces that adversaries might exploit. This APT report outlines potential attack vectors and surfaces within Bitbucket, focusing on the data pipeline, active…
Account Creation in Linux Linux operating system can usually have two types of account “Root” and “User” account. There are two usually two ways to manipulate the Accounts to maintain the persistence access to the machine : User Account Creation If we (attacker) has compromised the host and want to maintain the persistence access by…
Android shims are small libraries that act as compatibility layers between different versions of the Android operating system. They allow developers to call newer Android APIs on older platform versions that don’t natively support those APIs. Shims provide backward compatibility by implementing newer APIs on top of older platform functionality. This enables apps built with…
In the realm of Windows persistence, key findings reveal a diverse and sophisticated array of techniques used by attackers to maintain access to systems. These methods range from simple manipulations like startup folder and registry autorun entries to more complex strategies involving service modification, DLL hijacking, and exploitation of Windows Management Instrumentation (WMI) and Component…
Shellcode is a set of instructions used as a payload in the exploitation of a software vulnerability. It is called “shellcode” because it typically opens a command shell from which the attacker can control the compromised machine. However, shellcode can perform a variety of operations, not just opening a shell. Characteristics of Shellcode Compact and…
User Account Control (UAC) in Windows is a security feature designed to prevent unauthorized changes made by malware or other threats by requesting administrative privileges. This chapter delves into the intricate design of UAC, aiming to reverse-engineer its workflow to comprehend how it defends against malicious actions. Additionally, we’ll explore methods used by threat actors…
Position-independent code (PIC) is a type of code that can be executed at any memory address without modification. This is in contrast to position-dependent code, which is tied to a specific memory address and cannot be executed correctly if it is moved to a different location. For Example a shellcode is PIC. It cannot assume…
Introduction In the vast landscape of cybersecurity, vulnerabilities often present themselves as a series of interconnected events, aptly termed the “vulnerability kill chain.” Each link in this chain provides insights into the cascading steps that can lead to unintended consequences for software applications. Today, we delve deep into an intriguing flaw that strikes at the…
Introduction In the digital realm, the battle between malicious software creators and cybersecurity defenders is a ceaseless saga, with the Mac ecosystem being no exception. The artistry of crafting malware is continually evolving, adapting to the robust security architecture of Mac systems. The infection vector, the conduit through which malware breaches a system, forms the…
In the age of DevOps and rapid software development cycles, Jenkins has emerged as a beacon of automation, aiding organizations in efficiently building, deploying, and automating their projects. Yet, as with any popular software, its wide adoption has also made Jenkins a prime target for Advanced Persistent Threat (APT) actors. Safeguarding this CI/CD linchpin necessitates an intricate understanding of its vulnerabilities and potential attack surfaces
Jenkins, an open-source automation server, is widely utilized for building, deploying, and automating any project, making it a valuable target for Advanced Persistent Threat (APT) actors. Understanding the attack vectors and surfaces within Jenkins is crucial to safeguarding the platform and protecting organizational assets. This article delves into the potential attack vectors and surfaces within Jenkins, providing insights into securing your CI/CD pipeline.