Script to quickly hook natives call to JNI in Android

https://github.com/Areizen/JNI-Frida-Hook

#re #hook #android #mobile #darw1n

Chrome 1-day RCE PoC (Array.prototype.map)

https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/

#re #expdev #rce #1day #browser #darw1n

Сustom shellcode compiler for Binary Ninja https://scc.binary.ninja/index.html #binaryninja #exploit #dukeBarman

Congratulations on the International Day of Human Space!

Modern Binary Exploitation Writeups
0x01: https://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4
0x02: https://medium.com/bugbountywriteup/modern-binary-exploitation-writeups-ii-62c092f7f389
0x03: https://medium.com/bugbountywriteup/binary-writeup-0x03-9a9546711ef2
0x04: https://medium.com/bugbountywriteup/binary-writeup-0x04-baeed833ddf

#radare2 #CTF #dukeBarman

A research kernel and hypervisor attempting to get fully deterministic emulation with minimum performance cost https://github.com/gamozolabs/orange_slice #fuzzing #hypervisor #dukeBarman

COM Hijacking technique has a simple theoretical basis, similar to the DLL Hijacking one: What does it happen when an application searches for a non-existent COM object on the computer where it is being executed? Or when such object exists but it cannot be found on the registry key where it was searched? An attacker may create it by means of altered information. For instance, a path leading the victim to a DLL created by the attacker instead of to the searched one.

https://blog.en.elevenpaths.com/2019/04/hijacking-research-smartscreen.html

#malware #hijacking #darw1n

AFL-unicorn: What is it and how to use it? https://tthtlc.wordpress.com/2019/03/16/afl-unicorn-what-is-it-and-how-to-use-it/ #fuzzing #dukeBarman

Reversing w/o reversing – how to become Alex in practice, Part 3 http://www.hexacorn.com/blog/2019/04/14/reversing-w-o-reversing-how-to-become-alex-in-practice-part-3/ #newbie #reverse #dukeBarman

VirusTotal for Investigators

#re #malware #osint #darw1n

The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler. It then listens on the already-bound ports 139/445 for special packets in which to execute secondary shellcode. In several ways, it has similarities with DoublePulsar and DarkPulsar, as well as ToxicSerpent.

https://github.com/zerosum0x0/smbdoor

#re #malware #backdoor #darw1n

Reversing MD380 Firmware with GHIDRA https://github.com/travisgoodspeed/md380tools/wiki/GHIDRA #ghidra #reverse #dukeBarman

Intermediate Representation for Binary analysis and transformation Github: https://github.com/GrammaTech/GTIRB Article: https://blogs.grammatech.com/open-source-tools-for-binary-analysis-and-rewriting #reverse #dukeBarman

23 марта на встрече Зеленоградского DC (@DEFCON7495), Дарвин, рассказал об истории появления R0 CREW.

https://www.youtube.com/watch?v=J8QA6iSYw20

Reverse-engineering Broadcom wireless chipsets https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html #hardware #reverse #dukeBarman

Scripts for the Ghidra software reverse engineering suite. https://github.com/ghidraninja/ghidra_scripts #ghidra #reverse #dukeBarman

Решаем простой Crackme для Sega Mega Drive https://habr.com/ru/post/448500/ #reverse #ctf #dukeBarman

The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox (CVE-2019-9810/CVE-2019-9813 )

https://www.thezdi.com/blog/2019/4/18/the-story-of-two-winning-pwn2own-jit-vulnerabilities-in-mozilla-firefox

#re #expdev #poc #jit #darw1n

Хроники битвы при Denuvo https://xakep.ru/2019/04/19/denuvo/ #reverse #dukeBarman

17-18 июня в Москве на площадке ЦДП пройдет вторая международная конференция по практической кибербезопасности OFFZONE 2019.

На CFP приглашаются спикеры, готовые представить свои доклады, как offensive, так и defensive. Подать заявку можно на сайте конференции до 29 апреля.

Выступления могут быть формата Talk (45 минут + QA) или Fastrack (20 минут + QA). В этом году на OFFZONE будет новая тематическая зона – TOOL.ZОNЕ, где можно рассказать про собственные тулзы для арсенала безопасников.

Больше информации и свежие новости о процессе подготовки можно найти на официальном ТГ канале конференции:

https://xn--r1a.website/offzone_moscow

An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra

https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra

#re #ghidra #obfuscation #plugin #darw1n