Understanding and Abusing Process Tokens β Part I
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
Understanding and Abusing Access Tokens β Part II
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
#malware #reverse #lpe #windows #internals #darw1n
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
Understanding and Abusing Access Tokens β Part II
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
#malware #reverse #lpe #windows #internals #darw1n
Medium
Understanding and Abusing Process Tokens β Part II
Now, considering the knowledge gained earlier in Part I, letβs understand SeImpersonatePrivilege which the administrator account has byβ¦
CVE-2020-1054 Analysis https://0xeb-bp.github.io/blog/2020/06/15/cve-2020-1054-analysis.html #exploitation #dukeBarman
Symbolic execution with SYMCC http://www.s3.eurecom.fr/tools/symbolic_execution/symcc.html
Article: http://www.s3.eurecom.fr/docs/usenixsec20_symcc.pdf
Source: https://github.com/eurecom-s3/symcc
#reverse #fuzzing #dukeBarman
Article: http://www.s3.eurecom.fr/docs/usenixsec20_symcc.pdf
Source: https://github.com/eurecom-s3/symcc
#reverse #fuzzing #dukeBarman
www.s3.eurecom.fr
SymCC | S3
The S3 Software and System Security Group @ EURECOM website.
Hexrays Toolbox - Find code patterns within the Hexrays AST https://github.com/patois/HexraysToolbox #reverse #IDA #dukeBarman
GitHub
GitHub - patois/HexraysToolbox: Hexrays Toolbox - Find code patterns within the Hexrays ctree
Hexrays Toolbox - Find code patterns within the Hexrays ctree - patois/HexraysToolbox
A Ghidra processor module for the EFI Byte Code (EBC) https://github.com/meromwolff/Ghidra-EFI-Byte-Code-Processor #reverse #uefi #hardware #ghidra #dukeBarman
GitHub
GitHub - meromwolff/Ghidra-EFI-Byte-Code-Processor: A Ghidra processor module for the EFI Byte Code (EBC)
A Ghidra processor module for the EFI Byte Code (EBC) - meromwolff/Ghidra-EFI-Byte-Code-Processor
IDA Pro 7.5 SP1 released https://www.hex-rays.com/blog/ida-pro-7-5-sp1-released/ #reverse #ida #dukeBarman
Tools used during the reversing of the Nikon firmware https://github.com/simeonpilgrim/nikon-firmware-tools #reverse #hardware #ida #dukeBarman
GitHub
GitHub - simeonpilgrim/nikon-firmware-tools: Tools used during the reversing of the Nikon firmware
Tools used during the reversing of the Nikon firmware - simeonpilgrim/nikon-firmware-tools
Cracking BattlEye packet encryption
https://secret.club/2020/06/19/battleye-packet-encryption.html
#reverse #jeisonwi
https://secret.club/2020/06/19/battleye-packet-encryption.html
#reverse #jeisonwi
secret club
Cracking BattlEye packet encryption
Recently, Battlestate Games, the developers of Escape From Tarkov, hired BattlEye to implement encryption on networked packets so that cheaters canβt capture these packets, parse them and use them for their advantage in the form of radar cheats, or otherwise.β¦
tiny_tracer - A Pin Tool for tracing API calls etc https://github.com/hasherezade/tiny_tracer #reverse #dbi #dukeBarman
GitHub
GitHub - hasherezade/tiny_tracer: A Pin Tool for tracing API calls etc
A Pin Tool for tracing API calls etc. Contribute to hasherezade/tiny_tracer development by creating an account on GitHub.
The Intezer Analyze IDA Pro plugin is now available to community users https://intezer.com/blog/intezer-analyze/ida-pro-plugin-now-available-to-the-community/ #reverse #ida #malware #dukeBarman
Intezer
IDA Pro Plugin Now Available to the Community
Accelerate reverse engineering by enriching every function of disassembled machine code with info about where the code was seen previously.
efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation https://github.com/binarly-io/efiXplorer #reverse #ida #uefi #dukeBarman
UEFI scanner brings Microsoft Defender ATP protection to a new level https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/ #uefi #malware #dukeBarman
Microsoft News
UEFI scanner brings Microsoft Defender ATP protection to a new level
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.
OSX.EvilQuest Uncovered analyzing a new piece of mac ransomware (and more!) https://objective-see.com/blog/blog_0x59.html #reverse #malware #macos #dukeBarman
objective-see.org
OSX.EvilQuest Uncovered
part i: infection, persistence, and more!
BinaryAI Python SDK - Neural Search Engine for binaries https://github.com/binaryai/sdk #reverse #ida #dukeBarman
GitHub
GitHub - binaryai/sdk: Get results of binaryai.cn using our SDK
Get results of binaryai.cn using our SDK. Contribute to binaryai/sdk development by creating an account on GitHub.
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/ #windows #exploitation #dukeBarman
Microsoft News
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
How to unc0ver a 0-day in 4 hours or less https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html #exploitation #ios #ida #dukeBarman
projectzero.google
How to unc0ver a 0-day in 4 hours or less - Project Zero
By Brandon Azad, Project ZeroAt 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) ...
Reverse Engineering and Patching IoT with Ghidra
Part 1: https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Part 2: https://www.coalfire.com/The-Coalfire-Blog/April-2020/Reverse-Engineering-and-Patching-with-Ghidra
#reverse #ghidra #dukeBarman
Part 1: https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Part 2: https://www.coalfire.com/The-Coalfire-Blog/April-2020/Reverse-Engineering-and-Patching-with-Ghidra
#reverse #ghidra #dukeBarman
Coalfire
Coalfire Blog
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.