Exploiting memory corruption vulnerabilities on Android https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/ #android #exploitation #dukeBarman
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development.
The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle.
https://github.com/gand3lf/heappy
#reverse #expdev #tools #heap #debug
The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle.
https://github.com/gand3lf/heappy
#reverse #expdev #tools #heap #debug
GitHub
GitHub - gand3lf/heappy: A happy heap editor to support your exploitation process :slightly_smiling_face:
A happy heap editor to support your exploitation process :slightly_smiling_face: - gand3lf/heappy
Zero Day Initiative — CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k #exploitation #windows #dukeBarman
Zero Day Initiative
Zero Day Initiative — CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k
In March 2021, Microsoft released a patch to correct a vulnerability in the Windows kernel. The bug could allow an attacker to execute code with escalated privileges. This vulnerability was reported to the ZDI program by security researcher JeongOh Kyea (…
This proof-of-concept demonstrates a trivial no-bug, by-design virtual machine guest-to-host escape with full arbitrary code execution on the current version of Parallels Desktop for Mac https://github.com/badd1e/Proof-of-Concept/tree/main/prl_not0day #exploitation #macOS #dukeBarman
GitHub
Proof-of-Concept/prl_not0day at main · alisaesage/Proof-of-Concept
Not necessarily related to software bugs and exploits; this repo contains snippets of code that demonstrate some interesting functionality or a handy trick. - alisaesage/Proof-of-Concept
iOS Hacking videos by HackerOne:
- Application Basics https://www.youtube.com/watch?v=VQTQ0VaIXF0
- Filesystem Basics https://www.youtube.com/watch?v=voYFTRoH4CU
- Inter-App Communication https://www.youtube.com/watch?v=zld8VuihCCQ
#reverse #iOS #dukeBarman
- Application Basics https://www.youtube.com/watch?v=VQTQ0VaIXF0
- Filesystem Basics https://www.youtube.com/watch?v=voYFTRoH4CU
- Inter-App Communication https://www.youtube.com/watch?v=zld8VuihCCQ
#reverse #iOS #dukeBarman
YouTube
iOS Hacking - Application Basics
In the first video in our iOS application hacking series, we’ll look at the basics of the application package. You’ll learn how an IPA file is structured, the parts of the Mach-O binary format, and simple steps you can take to ascertain the application’s…
WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning
Georgia Tech researchers released the source code of their WinAFL fork that uses a fork server through undocumented Windows APIs. They also include an intelligent harness generation tool with it. This results in a speedup of 26.6x, supporting 2.2x more binaries than WinAFL, and harnesses which require only a few LoC of change.
Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6A-3_24334_paper.pdf
Video: https://www.youtube.com/watch?v=h7P65RJXd3c&list=PLfUWWM-POgQtbX-IfBwWlu-hQt2_f7vVK&index=4
Repo: https://github.com/sslab-gatech/winnie
#fuzzing #windows #gdynamics
Georgia Tech researchers released the source code of their WinAFL fork that uses a fork server through undocumented Windows APIs. They also include an intelligent harness generation tool with it. This results in a speedup of 26.6x, supporting 2.2x more binaries than WinAFL, and harnesses which require only a few LoC of change.
Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6A-3_24334_paper.pdf
Video: https://www.youtube.com/watch?v=h7P65RJXd3c&list=PLfUWWM-POgQtbX-IfBwWlu-hQt2_f7vVK&index=4
Repo: https://github.com/sslab-gatech/winnie
#fuzzing #windows #gdynamics
Security probe of Qualcomm MSM data services https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ #exploitation #android #hardware #dukeBarman
Check Point Research
Security probe of Qualcomm MSM data services - Check Point Research
Research By: Slava Makkaveev Introduction Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research…
Information From Thin Air: Using SDR to Extract DTMF from Radio Waves https://www.blackhillsinfosec.com/information-from-thin-air-using-sdr-to-extract-dtmf-from-radio-waves/ #hardware #dukeBarman
Black Hills Information Security, Inc.
Information From Thin Air: Using SDR to Extract DTMF from Radio Waves - Black Hills Information Security, Inc.
Ray Felch // Disclaimer When using an FM transmitter, do not modify the intended operation of the module by amplifying the transmitted signal. Also, be sure that attaching an FM high gain […]
IDA-minsc is a plugin for IDA Pro that simplifies IDAPython https://github.com/arizvisa/ida-minsc #reverse #IDA #dukeBarman
GitHub
GitHub - arizvisa/ida-minsc: A plugin based on IDAPython for a functional DWIM interface. Current development against most recent…
A plugin based on IDAPython for a functional DWIM interface. Current development against most recent IDA is in the "persistence-refactor" branch, ancient (but stable) work is in &...
Database of private SSL/SSH keys for embedded devices https://github.com/devttys0/littleblackbox #reverse #hardware #dukeBarman
GitHub
GitHub - devttys0/littleblackbox: Database of private SSL/SSH keys for embedded devices
Database of private SSL/SSH keys for embedded devices - devttys0/littleblackbox
FIN7: Lizar toolkit architecture
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
Medium
From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s…
The article was prepared by BI.ZONE Cyber Threats Research Team
Experiment to attempt to build Apple's dyld tools. https://github.com/oleavr/dyld-tools #iOS #macOS #reverse #dukeBarman
GitHub
GitHub - oleavr/dyld-tools: Experiment to attempt to build Apple's dyld tools.
Experiment to attempt to build Apple's dyld tools. - oleavr/dyld-tools
A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence https://github.com/MCUSec/uEmu #reverse #hardware #dukeBarman
GitHub
GitHub - MCUSec/uEmu: A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence.
A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence. - MCUSec/uEmu