Our community is accused of being out of politics. Some DEF CON groups also faced something similar. It will be interesting to see how they resolve their issue.
https://forum.defcon.org/node/241880
The author of the post invites everyone who has something to say to the topic.
https://forum.defcon.org/node/241880
The author of the post invites everyone who has something to say to the topic.
π27π18π6π€3
What is your main tool which you use most often?
Anonymous Poll
67%
IDA PRO
15%
Ghidra
3%
Rizin / Cutter
5%
Radare2 / Cutter
4%
Binary Ninja
2%
Hopper
0%
Relyze
4%
JEB
π₯13π2β€1π€1
The FLARE Obfuscated String Solver (FLOSS) has been supporting analysts to extract hidden strings from malware samples for many years now. Over the last few months, weβve added new functionality and improved the toolβs performance. In this blog post we will share exciting new features and improvements including a new string deobfuscation technique, simplified tool usage, and much faster result output.
https://www.mandiant.com/resources/floss-version-2
#malware #reverse #tools #SoGood0x1
https://www.mandiant.com/resources/floss-version-2
#malware #reverse #tools #SoGood0x1
Google Cloud Blog
FLOSS Version 2.0 | Mandiant | Google Cloud Blog
β€10π8
Rizin v0.4.0 and Cutter v2.1.0 are here! π₯³
Rizin team:
We continue our focus on stability and performance while introducing new features, including:
- FLIRT signatures applied automatically during the analysis!
- New Intermediate Language β RzIL
https://github.com/rizinorg/rizin/releases/tag/v0.4.0
Cutter team:
Introducing exciting new features including auto-detection of common library functions, a YARA plugin to quickly create and test signatures, and many more...
https://github.com/rizinorg/cutter/releases/tag/v2.1.0
#reverse #rizin #cutter
Rizin team:
We continue our focus on stability and performance while introducing new features, including:
- FLIRT signatures applied automatically during the analysis!
- New Intermediate Language β RzIL
https://github.com/rizinorg/rizin/releases/tag/v0.4.0
Cutter team:
Introducing exciting new features including auto-detection of common library functions, a YARA plugin to quickly create and test signatures, and many more...
https://github.com/rizinorg/cutter/releases/tag/v2.1.0
#reverse #rizin #cutter
GitHub
Release Release v0.4.0 Β· rizinorg/rizin
Here we are again with a new release of Rizin, v0.4.0. We are still in the v0.y.z realm, but we are getting closer and closer to what we can consider our first stable release v1.0.0, with fully wor...
β€9π6π₯5
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://github.com/h3xduck/TripleCross
#rootkit #redteam #linux #kernel #Aligner
https://github.com/h3xduck/TripleCross
#rootkit #redteam #linux #kernel #Aligner
GitHub
GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence andβ¦
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. - h3xduck/TripleCross
π₯11π2
One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
GitHub
GitHub - yardenshafir/IoRingReadWritePrimitive: Post exploitation technique to turn arbitrary kernel write / increment into fullβ¦
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2 - yardenshafir/IoRingReadWritePrimitive
π₯9π7
At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode
https://github.com/chip-red-pill/MicrocodeDecryptor
#tools #reverse #intel #interlnals #microcode #Aligner
https://github.com/chip-red-pill/MicrocodeDecryptor
#tools #reverse #intel #interlnals #microcode #Aligner
π₯22β€5π4π1
IDA Pro 8.0 released!
* Golang 1.18
* iOS 16 dyld shared cache support
* ARC decompiler
* Better firmware analysis
* FLAIR pattern generator (makepat)
https://hex-rays.com/products/ida/news/8_0/
* Golang 1.18
* iOS 16 dyld shared cache support
* ARC decompiler
* Better firmware analysis
* FLAIR pattern generator (makepat)
https://hex-rays.com/products/ida/news/8_0/
Hex-Rays
IDA 8.0 | Hex-Rays Docs
π₯65π9β€4π€©3π2π₯°2
UserComment is a plugin to display user-added comments in disassembly and pseudocode views.
https://forum.reverse4you.org/t/usercomment-an-ida-plugin-to-show-user-added-comments/19747
#reverse #idapro #plugin
https://forum.reverse4you.org/t/usercomment-an-ida-plugin-to-show-user-added-comments/19747
#reverse #idapro #plugin
R0 CREW
UserComment: An IDA plugin to show user-added comments
UserComment is a plugin to display user-added comments in disassembly and pseudocode views. Provides a comment window, displaying user-added comments, including comments in assembly code and pseudocode. Support for different types of comments (common commentsβ¦
π6β€2
CASR β collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. It is based on ideas from exploitable and apport.
https://github.com/ispras/casr
https://github.com/ispras/casr
GitHub
GitHub - ispras/casr: Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. - ispras/casr
π6π₯2π2β€1π―1
π’70π3π2π€2π₯1
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/
#gamehack #expdev #reverse #v8 #exploit
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/
#gamehack #expdev #reverse #v8 #exploit
Gendigital
Dota 2 under attack: How a V8 bug was exploited in the game
Exploiting V8 in Popular Games
π4π€3
Awesome HyperDbg: A list of awesome resources about HyperDbg.
https://github.com/HyperDbg/awesome
#reverse #tools #hyperdbg
https://github.com/HyperDbg/awesome
#reverse #tools #hyperdbg
GitHub
GitHub - HyperDbg/awesome: A list of awesome resources about HyperDbg
A list of awesome resources about HyperDbg. Contribute to HyperDbg/awesome development by creating an account on GitHub.
π₯12π3
Dissecting and Exploiting TCP/IP RCE Vulnerability βEvilESPβ
https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
#expdev #windows #1day
https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
#expdev #windows #1day
Security Intelligence
Dissecting and Exploiting TCP/IP RCE Vulnerability βEvilESPβ
See how one IBM X-Force researcher reverse engineered the patch for CVE-2022-34718, and unpack the affected protocols, how the bug was identified, and how it was reproduced.
π6π2
Debugging Windows Isolated User Mode (IUM) Processes
In this blog post discussed how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.
https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html
#reverse #windows #trustlets
In this blog post discussed how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.
https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html
#reverse #windows #trustlets
Quarkslab
Debugging Windows Isolated User Mode (IUM) Processes - Quarkslab's blog
In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.
Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
#expdev #reverse #windows #poc
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
#expdev #reverse #windows #poc
Numen
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
π3β€1π1
Smart Contract Security: The Ultimate Guide
This article serves as a mini course on smart contract security and provides an extensive list of the issues and vulnerabilities that tend to recur in Solidity smart contracts.
https://www.rareskills.io/post/smart-contract-security
#crypto #security
This article serves as a mini course on smart contract security and provides an extensive list of the issues and vulnerabilities that tend to recur in Solidity smart contracts.
https://www.rareskills.io/post/smart-contract-security
#crypto #security
RareSkills
Smart Contract Security | By RareSkills
Smart Contract Security This article serves as a mini course on smart contract security and provides an extensive list of the issues and vulnerabilities that tend to recur in Solidity smart contracts. A security issue in Solidity boils down to smart contractsβ¦
π3π₯1
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
https://github.com/memN0ps/bootkit-rs
#redteam #malware #bootkit #windows #rust
https://github.com/memN0ps/bootkit-rs
#redteam #malware #bootkit #windows #rust
GitHub
GitHub - memN0ps/redlotus-rs: Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus) - memN0ps/redlotus-rs
π₯5π1