Putting it all together: Building an iOS jailbreak from scratch https://speakerdeck.com/ur0/putting-it-all-together-building-an-ios-jailbreak-from-scratch #ios #exploitation #jailbreak #dukeBarman
Speaker Deck
Putting it all together: Building an iOS jailbreak from scratch
Presented at Nullcon Goa 2020.
iOS jailbreaks have always been shrouded in mystery, with their inner workings known only to a select few. In this talk, I embark upon a journey with the audience to lift the curtain and put together a semi-untethered iOSβ¦
iOS jailbreaks have always been shrouded in mystery, with their inner workings known only to a select few. In this talk, I embark upon a journey with the audience to lift the curtain and put together a semi-untethered iOSβ¦
Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
https://www-users.cs.umn.edu/~kjlu/papers/fifuzz.pdf #fuzzing #dukeBarman
https://www-users.cs.umn.edu/~kjlu/papers/fifuzz.pdf #fuzzing #dukeBarman
Malware Evasion Encyclopedia, which contains over 50 techniques used by various malwares to detect virtualized and sandboxed environments.
https://evasions.checkpoint.com/
#re #malware #antivm #detection #redteam #darw1n
https://evasions.checkpoint.com/
#re #malware #antivm #detection #redteam #darw1n
Evasion techniques
Malware Evasion Encyclopedia
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
https://github.com/CheckPointSW/InviZzzible
#re #malware #antivm #detection #redteam #darw1n
https://github.com/CheckPointSW/InviZzzible
#re #malware #antivm #detection #redteam #darw1n
GitHub
GitHub - CheckPointSW/InviZzzible: InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way.β¦
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them....
Analysis of Latest Android Binder vulnerability (CVE-2020-0041)
Article:
https://www.synacktiv.com/posts/exploit/binder-analysis-and-exploitation-of-cve-2020-0041.html
Slides:
https://www.synacktiv.com/ressources/thcon2020_binder.pdf
#re #expdev #android #cve #mobile #darw1n
Article:
https://www.synacktiv.com/posts/exploit/binder-analysis-and-exploitation-of-cve-2020-0041.html
Slides:
https://www.synacktiv.com/ressources/thcon2020_binder.pdf
#re #expdev #android #cve #mobile #darw1n
Play fuzzing machine β hunting iOS/macOS kernel vulnerabilities automatically and smartly.
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-play-fuzzing-machine-hunting-iosmacos-kernel-vulnerabilities-automatically-and-smartly/
#re #expdev #fuzzing #ios #macos #mobile #darw1n
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-play-fuzzing-machine-hunting-iosmacos-kernel-vulnerabilities-automatically-and-smartly/
#re #expdev #fuzzing #ios #macos #mobile #darw1n
Virusbulletin
Virus Bulletin :: VB2019 paper: Play fuzzing machine β hunting iOS/macOS kernel vulnerabilities automatically and smartly
Since iOS 10, Apple has released the unpacked/decrypted kernel cache (*.ipsw), but the system source code, in particular the kernel and driver part, remain close-sourced. What is more, symbol info in the binary (kernel cache) has been greatly removed, whichβ¦
Reversing Firmware With Radare https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html #reverse #radare2 #hardware #newbie #dukeBarman
Bored Nerds Blog
Reversing Firmware With Radare
Hello everyone! Hereβs a quick guide on reversing firmware w/ radare. Or, rather, loading firmware into radare; the process of reversing software in any disassembler is a little beyond the scope of any one blog post.
Reversing Maldev.exe with Ghidra https://www.youtube.com/watch?v=uPlrtfnshGs #reverse #malware #ghidra #dukeBarman
YouTube
Reversing Maldev.exe with Ghidra
Reverse Engineer Maldev.exe with me using Ghidra!
Maldev is a homemade sample that connects to a listening controller server via TCP Socket. We will watch maldev.exe in action then Reverse Engineer it!
====================
Download maldev.exe at:
httβ¦
Maldev is a homemade sample that connects to a listening controller server via TCP Socket. We will watch maldev.exe in action then Reverse Engineer it!
====================
Download maldev.exe at:
httβ¦
Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform https://github.com/zeropointdynamics/zelos #reverse #dukeBarman
GitHub
GitHub - zeropointdynamics/zelos: A comprehensive binary emulation and instrumentation platform.
A comprehensive binary emulation and instrumentation platform. - zeropointdynamics/zelos
Port of devttyS0's IDA plugins to the Ghidra plugin framework https://github.com/fuzzywalls/ghidra_scripts #reverse #ghidra #dukeBarman
GitHub
GitHub - grayhatacademy/ghidra_scripts: Port of devttyS0's IDA plugins to the Ghidra plugin framework, new plugins as well.
Port of devttyS0's IDA plugins to the Ghidra plugin framework, new plugins as well. - grayhatacademy/ghidra_scripts
Hypervisor From Scratch β Part 8: How To Do Magic With Hypervisor! https://rayanfam.com/topics/hypervisor-from-scratch-part-8/ #reverse #hypervisor #dukeBarman
Rayanfam Blog
Hypervisor From Scratch β Part 8: How To Do Magic With Hypervisor!
We write about Windows Internals, Hypervisors, Linux, and Networks.
Getting started with bare-metal assembly (Creating a "Hello, World!" UEFI application) https://johv.dk/blog/bare-metal-assembly-tutorial.html #uefi #hardware #newbie #dukeBarman
Hacking the GameBoy cartridge protection https://www.youtube.com/watch?v=ix5yZm4fwFQ #reverse #hardware #dukeBarman
YouTube
Hacking the Game Boy cartridge protection
In this video we hack the GameBoy cartridge protection by building our own GameBoy cartridge using an FPGA!
You can find the FPGA source-code on my Github here: https://github.com/ghidraninja/gameboy-fpga-cartridge/
- ModernVintageGame on the CIC chips:β¦
You can find the FPGA source-code on my Github here: https://github.com/ghidraninja/gameboy-fpga-cartridge/
- ModernVintageGame on the CIC chips:β¦
Tunnelling TCP connections into iOS on QEMU https://alephsecurity.com/2020/03/29/xnu-qemu-tcp-tunnel/ #ios #dukeBarman
Alephsecurity
Tunnelling TCP connections into iOS on QEMU
https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/ Experimental Security Assessment on Lexus Cars #reverse #hardware #jeisonwi
Keen Security Lab Blog
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to so
Programming Linux Anti-Reversing Techniques https://leanpub.com/anti-reverse-engineering-linux #reverse #books #dukeBarman
Leanpub
Programming Linux Anti-Reversing Techniques
OWASP Firmware Security Testing Methodology https://scriptingxss.gitbook.io/firmware-security-testing-methodology/ #reverse #hardware #dukeBarman
scriptingxss.gitbook.io
OWASP Firmware Security Testing Methodology | Firmware Security Testing Methodology
FSTM is composed of nine stages tailored to enable security researchers, software developers, hobbyists, and Information Security professionals with conducting firmware security assessments.