DJI - The ART of obfuscation

https://blog.quarkslab.com/dji-the-art-of-obfuscation.html

#reverse #mobile #android #obfuscation

LayeredSyscall – Abusing VEH to Bypass EDRs

https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs

#redteam #edr #hook #bypass

Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically.

https://github.com/frkngksl/Shoggoth

#redteam

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.

https://github.com/EgeBalci/sgn

#redteam #golang

How to Bypass Golang SSL Verification

https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification

#golang #ssl #bypass #reverse #web #pentest

V8 Sandbox escape/bypass/violation and VR collection

https://github.com/xv0nfers/V8-sbx-bypass-collection

#v8 #sandbox #escape

C++ Unwind Exception Metadata: a Hidden Reverse Engineering Bonanza

https://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1

#reverse #cpp #type #reconstruction #hints

POC for trigerring CVE-2024-38063 (RCE in tcpip.sys)

https://github.com/ynwarcs/CVE-2024-38063

#expdev #poc

Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)

https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html

#expdev #poc

Native function and Assembly Code Invocation

https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/

#reverse #idapro

0-Click exploit in MediaTek Wi-Fi chipsets affects routers and smartphones / Exploiting (CVE-2024-20017) 4 different ways

https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

#expdev #poc

Attacking UNIX Systems via CUPS, Part I

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned around these CUPS issues.

CVSS 9.9

This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.

https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

A series of bugs in the CUPS printers discovery mechanism (cups-browsed) and in other components of the CUPS system, can be chained together to allow a remote attacker to automatically install a malicious printer (or hijack an existing one via mDNS) to execute arbitrary code on the target host as the lp user when a print job is sent to it.

https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1

#linux #rce #printer

Complete list of LPE exploits for Windows (starting from 2023)

https://github.com/MzHmO/Exploit-Street

#windows #expdev #lpe

Happy New Year! May every binary reveal its secrets, every challenge find its solution, and the Year of the Snake bring you stability, inspiration, and success!

New blog on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that identified by author in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.

https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/

Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.

https://github.com/passthehashbrowns/Being-A-Good-CLR-Host

#redteam #net #clr