As promised in November, we're taking a strong stance against in-the-wild abuse of Mark-of-the-Web issues. Many thanks to our OneNote and Office Security partners for getting this done.
https://www.bleepingcomputer.com/news/security/microsoft-onenote-will-block-120-dangerous-file-extensions/
Microsoft OneNote will block 120 dangerous file extensions
Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware.
New research 👉 Exception Oriented Programming, Part 2: Weaponizing Fundamental Weaknesses in Exception Unwinding to Gain Code Execution
https://billdemirkapi.me/abusing-exceptions-for-code-execution-part-2/
Abusing Exceptions for Code Execution, Part 2
In this article, we'll explore how the concepts behind Exception Oriented Programming can be abused when exploiting stack overflow vulnerabilities on Windows.
Part 2 of my Exception Oriented Programming series goes live tomorrow morning at 10 AM ET. You won't want to miss it. Here is part 1 from last year:
https://billdemirkapi.me/exception-oriented-programming-abusing-exceptions-for-code-execution-part-1/
Abusing Exceptions for Code Execution, Part 1
A common offensive technique used by operators and malware developers alike has been to execute malicious code at runtime to avoid static detection. Often, methods of achieving runtime execution have focused on placing arbitrary code into executable memory that can then be executed. In this article, we will explore a
ChatGPT decompiling assembly is pretty impressive. Watch out Hex-Rays 👀​
