Hackers on Macs | What Are the Must-Have Apps & Tools? https://www.sentinelone.com/blog/hackers-on-macs-what-are-the-must-have-apps-tools/ #reverse #macos #dukeBarman
SentinelOne
Hackers on Macs: Must-Have Apps & Tools
New to macOS and wondering what tools are available for security researchers and infosec practitioners? Here's our guide to some of the best tools and apps.
How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard https://blog.quarkslab.com/how-a-security-anomaly-was-accidentally-found-in-an-eal6-javacard.html #hardware #exploitation #dukeBarman
Quarkslab
How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard - Quarkslab's blog
In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.
Noninvasive debugging plugin for X64Dbg https://github.com/Vicshann/GhostDbg #debugger #x64dbg #dukeBarman
GitHub
GitHub - Vicshann/GhostDbg: Noninvasive debugging plugin for X64Dbg
Noninvasive debugging plugin for X64Dbg. Contribute to Vicshann/GhostDbg development by creating an account on GitHub.
Hyper-V backdoor https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorHv #exploitation #reverse #dukeBarman
GitHub
s6_pcie_microblaze/python/payloads/DmaBackdoorHv at master · Cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info - Cr4sh/s6_pcie_microblaze
An improved nm + Objective-C & Swift class-dump https://github.com/DerekSelander/dsdump #reverse #macos #ios #dukeBarman
GitHub
GitHub - DerekSelander/dsdump: An improved nm + Objective-C & Swift class-dump
An improved nm + Objective-C & Swift class-dump. Contribute to DerekSelander/dsdump development by creating an account on GitHub.
CVE-2020-1015 Analysis https://0xeb-bp.github.io/blog/2020/05/12/cve-2020-1015-analysis.html #exploit #dukeBarman
0xeb_bp
CVE-2020-1015 Analysis
This post is an analysis of the April 2020 security patch for CVE-2020-1015. The bug was reported by Shefang Zhong and Yuki Chen of the Qihoo 360 Vulcan team. The description of the bug from Microsoft:
A collection of types & functions definitions useful for Objective-C binaries analysis (example in readme for #IDA) https://github.com/PoomSmart/IDAObjcTypes #reverse #macos #dukeBarman
GitHub
GitHub - PoomSmart/IDAObjcTypes: A collection of types & functions definitions useful for iOS/macOS binaries analysis.
A collection of types & functions definitions useful for iOS/macOS binaries analysis. - PoomSmart/IDAObjcTypes
serialsh - safety net against bootloop (reverse engineering session): spawn a shell over serial. https://github.com/haiyuidesu/serialsh #ios #dukeBarman
GitHub
GitHub - haiyuidesu/serialsh: safety net against bootloop
safety net against bootloop. Contribute to haiyuidesu/serialsh development by creating an account on GitHub.
Special IDA Pro tools for the Sega Genesis/Megadrive romhackers https://github.com/lab313ru/smd_ida_tools #reverse #ida #dukeBarman
GitHub
GitHub - lab313ru/smd_ida_tools: Special IDA Pro tools for the Sega Genesis/Megadrive romhackers
Special IDA Pro tools for the Sega Genesis/Megadrive romhackers - lab313ru/smd_ida_tools
FUZZING FOR BEGINNERS - using American fuzzy lop https://www.youtube.com/watch?v=O3hb6HV1ZQo #fuzzing #video #newbie #dukeBarman
YouTube
FUZZING FOR BEGINNERS (KUGG teaches STÖK American fuzzy lop)
In this episode of "STÖK, time to learn something new". KUGG (Christoffer Jerkeby) From F-Secure shows STÖK the basics of FUZZING using American Fuzzy lop. They FUZZ a HTTP server and get two crashes, crashes that with the right exploit could give an attacker…
A BinaryNinja plugin to graph a BNIL instruction tree https://github.com/withzombies/bnil-graph #reverse #binaryninja #dukeBarman
GitHub
GitHub - withzombies/bnil-graph: A BinaryNinja plugin to graph a BNIL instruction tree
A BinaryNinja plugin to graph a BNIL instruction tree - withzombies/bnil-graph
Tracing iOS Kernel Functions - Building a Kernel Function Trace Tool for Security Research https://www.youtube.com/watch?v=qm_oLQFGRsQ #ios #reverse #video #dukeBarman
How Windows is solving uninitialized stack memory for C/C++ code https://msrc-blog.microsoft.com/2020/05/13/solving-uninitialized-stack-memory-on-windows/ #reverse #windows #dukeBarman
Microsoft
Solving Uninitialized Stack Memory on Windows | MSRC Blog
| Microsoft Security Response Center
| Microsoft Security Response Center
This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path.
This blog post will be broken down into a few parts that folks can jump to:
Uninitialized Memory Background…
This blog post will be broken down into a few parts that folks can jump to:
Uninitialized Memory Background…
Hacktory - Immersive cybersecurity educational platform (included two free courses: web security and java secure programming) https://hacktory.ai/ #exploitation #pentest
GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE https://github.com/meme/hellscape #obfuscation #dukeBarman
GitHub
GitHub - meme/hellscape: GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.
GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE. - meme/hellscape