The past weeks have been very busy with the critical vulnerability PrintNigthmare and the REvil attack which breached Kaseya MSP. A lot of content have already been published and discussed. In this Security Highlight expect content not related to these two, but information that you may have missed.

Here is your weekly update with fresh and entertaining content! Good reading! :)

If you want to stay up to date on future Security Highlight consider following me on Twitter @fr0gger_ or Medium, you can also subscribe to this newsletter at the end of the article. …

Already summertime and I know that some of you are experiencing hot weather in some parts of the planet! Here is Security Highlight number 3: your fresh news condensed to stay up to date in just 3 minutes! Enjoy reading!

If you want to stay up to date on future Security Highlight consider following me on Twitter @fr0gger_ or Medium, you can also subscribe to this newsletter at the end of the article.

1. PrintNightmare: an RCE in Windows spooler service

[Vulnerability, RCE]

This week, a Proof Of Concept of the vulnerability CVE-2021–1675 and CVE-2021–34527 has leaked online. The vulnerability affects the spooler service named “Print Spooler” which…

Last week I launched this newsletter and wanted to thank you all for your wonderful feedback. In this second Security Highlight, we’ll talk about recent breaches and technical analyzes. Feel free to send me your feedback or suggestion on Twitter. Good reading!

If you want to stay up to date on future Security Highlight consider following me on Twitter @fr0gger_ or Medium, you can also subscribe to this newsletter at the end of the article.

1. North Korean attackers breached South Korea’s atomic research agency

[APT, Espionage]

The Kimsuki APT has breached a nuclear agency in South Korea. KOERI described in a press release how the attackers breached the network…

It’s been a while since I wanted to create a kind of newsletter with security news that I find interesting. The aim is to provide summaries of the 10 interesting topics of the week. The main goal is to provide a weekly or bi-weekly summary (depending on how much time I can devote to it) where you can check in a few minutes what has been posted recently.

If you want to stay up to date on future Security Highlight consider following me on Twitter @fr0gger_ or on Medium, you can also subscribe to this newsletter at the end of…

Run-time type information (RTTI) is a feature of C++ that allows the determination of an object data type at runtime (runtime, or execution time is the final phase of a computer program’s life cycle, in which the code is being executed on the computer’s central processing unit (CPU) as machine code. In other words, “runtime” is the running phase of a program).

RTTI applies to classes with virtual functions and is only incorporated with binaries compiled with Visual Studio.

In C++ there are 3 main elements:

• dynamic_cast operator: used for conversion of polymorphic types.
• typeid operator: used for identifying the…

Name mangling is a mechanism used by compilers to add additional characters to functions with the same name (function overloading). The goal of name mangling is to avoid any confusion when executing the program and calling a function that may have the same name as another one.

To understand better this concept here is two definitions from Wikipedia that are important to understand:

Function Overloading:

In some programming languages, function overloading or method overloading is the ability to create multiple functions of the same name with different implementations. …

Deobfuscation is an important part of malware analysis. Many malware currently uses obfuscation to hide from analysts but also to avoid detection. We keep track of some of these techniques in the Unprotect Project.

In this short tip, we will discuss the cool tool from Fireeye: Floss. I already discussed this tool in a previous article.

What is FLOSS?

Floss is basically a string extractor tool with the addition of features that emulate code to deobfuscate content.

According to the documentation:

FLOSS combines and automates the best manual reverse engineering techniques for string decoding. First, it uses heuristics to identify decoding routines in…

Binary diffing is a great way to visualize and spot differences and similarities in multiple binaries. As a malware researcher, this is useful for identifying similarity with another malware family, but also for identifying code changes between multiple variants of the same malware. As a vulnerability researcher, it is interesting to use it against two patches to understand where the vulnerabilities were and what code was added.

In this quick tip, I want to outline some of the tools I use to understand the similarities and differences in binaries.

Hexfiend

Hexfiend is an open-source hex editor. It contains a useful feature…