BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html #exploitation #linux #dukeBarman
security-research
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
Make research, not war. Happy International Day of Human Space Flight!
P.S. Thanks Google Russia for awesome video https://www.youtube.com/watch?v=3Wa0jDAU5hg
P.S. Thanks Google Russia for awesome video https://www.youtube.com/watch?v=3Wa0jDAU5hg
Tenet is an IDA PRO plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary.
Check it out: https://blog.ret2.io/2021/04/20/tenet-trace-explorer/
#idapro #reverseengineering #idapython #KosBeg
Check it out: https://blog.ret2.io/2021/04/20/tenet-trace-explorer/
#idapro #reverseengineering #idapython #KosBeg
RET2 Systems Blog
Tenet: A Trace Explorer for Reverse Engineers
Debugging is traditionally a tedious, monotonous endeavor. While some people love the archaeological process of using a debugger to uncover software defects ...
A foray into Linux kernel exploitation on Android https://mcyoloswagham.github.io/linux/ #exploitation #android #linux #dukeBarman
mcyoloswagham.github.io
A foray into Linux kernel exploitation on Android
In November of 2020, I decided to dive into the world of Android, more specifically the linux kernel. I did this because earlier in the year, around February, I broke my old phone during a skiing trip and hastily bought a cheap android phone, the Alcatel…
R.I.P Dan Kaminsky, a legend in network security (DNS security flaws, Sony Rootkit infections and more). Thanks for your researches and inspiration https://www.circleid.com/posts/20210424-security-researcher-dan-kaminsky-has-died
Circleid
Security Researcher Dan Kaminsky Has Died
The celebrated security researcher, Dan Kaminsky, widely known for his work on discovering cruicisl DNS security flaws, Sony Rootkit infections and pupular talk at the Black Hat Briefings.
Helper plugin for analyzing UEFI firmware https://github.com/zznop/bn-uefi-helper #reverse #uefi #BinaryNinja #dukeBarman
GitHub
GitHub - zznop/bn-uefi-helper: Helper plugin for analyzing UEFI firmware
Helper plugin for analyzing UEFI firmware. Contribute to zznop/bn-uefi-helper development by creating an account on GitHub.
Tools for analyzing UEFI firmware using radare2 https://github.com/binarly-io/uefi_r2 #reverse #radare2 #uefi #dukeBarman
GitHub
GitHub - binarly-io/fwhunt-scan: Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules
Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules - binarly-io/fwhunt-scan
Simple, two file immediate mode gui framework written in C++17, mainly aimed for people beginning their journey with game hacking (but not limited to) https://github.com/zxvnme/zgui #reverse #dukeBarman
GitHub
GitHub - zxvnme/zgui: zxvnme's graphical user interface
zxvnme's graphical user interface. Contribute to zxvnme/zgui development by creating an account on GitHub.
Exploiting memory corruption vulnerabilities on Android https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/ #android #exploitation #dukeBarman
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development.
The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle.
https://github.com/gand3lf/heappy
#reverse #expdev #tools #heap #debug
The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle.
https://github.com/gand3lf/heappy
#reverse #expdev #tools #heap #debug
GitHub
GitHub - gand3lf/heappy: A happy heap editor to support your exploitation process :slightly_smiling_face:
A happy heap editor to support your exploitation process :slightly_smiling_face: - gand3lf/heappy
Zero Day Initiative — CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k #exploitation #windows #dukeBarman
Zero Day Initiative
Zero Day Initiative — CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k
In March 2021, Microsoft released a patch to correct a vulnerability in the Windows kernel. The bug could allow an attacker to execute code with escalated privileges. This vulnerability was reported to the ZDI program by security researcher JeongOh Kyea (…
This proof-of-concept demonstrates a trivial no-bug, by-design virtual machine guest-to-host escape with full arbitrary code execution on the current version of Parallels Desktop for Mac https://github.com/badd1e/Proof-of-Concept/tree/main/prl_not0day #exploitation #macOS #dukeBarman
GitHub
Proof-of-Concept/prl_not0day at main · alisaesage/Proof-of-Concept
Not necessarily related to software bugs and exploits; this repo contains snippets of code that demonstrate some interesting functionality or a handy trick. - alisaesage/Proof-of-Concept
iOS Hacking videos by HackerOne:
- Application Basics https://www.youtube.com/watch?v=VQTQ0VaIXF0
- Filesystem Basics https://www.youtube.com/watch?v=voYFTRoH4CU
- Inter-App Communication https://www.youtube.com/watch?v=zld8VuihCCQ
#reverse #iOS #dukeBarman
- Application Basics https://www.youtube.com/watch?v=VQTQ0VaIXF0
- Filesystem Basics https://www.youtube.com/watch?v=voYFTRoH4CU
- Inter-App Communication https://www.youtube.com/watch?v=zld8VuihCCQ
#reverse #iOS #dukeBarman
YouTube
iOS Hacking - Application Basics
In the first video in our iOS application hacking series, we’ll look at the basics of the application package. You’ll learn how an IPA file is structured, the parts of the Mach-O binary format, and simple steps you can take to ascertain the application’s…
WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning
Georgia Tech researchers released the source code of their WinAFL fork that uses a fork server through undocumented Windows APIs. They also include an intelligent harness generation tool with it. This results in a speedup of 26.6x, supporting 2.2x more binaries than WinAFL, and harnesses which require only a few LoC of change.
Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6A-3_24334_paper.pdf
Video: https://www.youtube.com/watch?v=h7P65RJXd3c&list=PLfUWWM-POgQtbX-IfBwWlu-hQt2_f7vVK&index=4
Repo: https://github.com/sslab-gatech/winnie
#fuzzing #windows #gdynamics
Georgia Tech researchers released the source code of their WinAFL fork that uses a fork server through undocumented Windows APIs. They also include an intelligent harness generation tool with it. This results in a speedup of 26.6x, supporting 2.2x more binaries than WinAFL, and harnesses which require only a few LoC of change.
Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6A-3_24334_paper.pdf
Video: https://www.youtube.com/watch?v=h7P65RJXd3c&list=PLfUWWM-POgQtbX-IfBwWlu-hQt2_f7vVK&index=4
Repo: https://github.com/sslab-gatech/winnie
#fuzzing #windows #gdynamics
Security probe of Qualcomm MSM data services https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ #exploitation #android #hardware #dukeBarman
Check Point Research
Security probe of Qualcomm MSM data services - Check Point Research
Research By: Slava Makkaveev Introduction Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research…
Information From Thin Air: Using SDR to Extract DTMF from Radio Waves https://www.blackhillsinfosec.com/information-from-thin-air-using-sdr-to-extract-dtmf-from-radio-waves/ #hardware #dukeBarman
Black Hills Information Security, Inc.
Information From Thin Air: Using SDR to Extract DTMF from Radio Waves - Black Hills Information Security, Inc.
Ray Felch // Disclaimer When using an FM transmitter, do not modify the intended operation of the module by amplifying the transmitted signal. Also, be sure that attaching an FM high gain […]