[~]$ whoami?

TL;DR Last week, while investigating some suspicious Microsoft Outlook activity for a client at iZOOlogic, I stumbled upon something that made my heart sink for a while. What started as a routine incident response engagement turned into the discovery of one of the most sophisticated OAuth phishing campaigns I’ve seen in my experience so far of security research. Here’s the kicker - this attack doesn’t steal your password. It doesn’t care about your MFA. Instead, it tricks you into granting a malicious application complete access to your mailbox, and it does it so smoothly that most users won’t think twice before clicking “Accept.” ...

Hi, kernel and sec enthusiasts! It’s been a while since my last post(2022), but I’ve got something juicy for you today. We are going to dive into an exciting new proposal that aims to bolster the Linux kernel’s defenses against those persistent use-after-free (UAF) vulnerabilities. Grab your favorite beverage or drink(Try Amul Kool once, Thank me later), because we’re about to get our hands dirty with some kernel internals! The Persistent Threat of UAF Vulnerabilities If you’ve been in the low-level security for a while, you’re probably sick of hearing about UAF vulnerabilities. But for those who need a refresher, UAFs occur when a program continues to use a pointer to memory after it’s been freed. This can lead to all sorts of fun exploitation scenarios, especially in kernel-land where the stakes are highest. ...