r0 Crew (Channel)
@R0_Crew
8.84K subscribers
35 photos
1 video
9 files
1.98K links
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;

Join to chat: @r0crew_bot 👈

Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/R0_Crew
Download Telegram
About
Blog
Apps
Platform
Join
r0 Crew (Channel)
8.84K subscribers
r0 Crew (Channel)
Enabling debug-uarts on DFU-like iBoot https://nyansatan.github.io/dfu-uart/ #uart #debugger #iboot #dukeBarman
1.17K viewsBear0, edited  
r0 Crew (Channel)
Videos from ZN 2017: https://www.youtube.com/channel/UCtQ0fPmP4fCGBkYWMxnjh6A #darw1n
YouTube
ZeroNights
ZeroNights is the quintessence of what the cybersecurity community experienced during the year.
Pentesters, reverse-engineers, analysts gather at one place to discuss and learn about new threats, attacks, and protection measures.

ZeroNights conference website:…
1.23K viewsBear0
r0 Crew (Channel)
Shellcon 2017 videos https://www.youtube.com/playlist?list=PL7D3STHEa66R0nWbixrTo3O7haiMmA71T #re #conference #video #dukeBarman
YouTube
ShellCon 2017 - YouTube
1.33K viewsBear0
r0 Crew (Channel)
https://github.com/artkond/ios_mips_gdb #cisco #debugger #re #python #dukeBarman
GitHub
GitHub - klsecservices/ios_mips_gdb: Cisco MIPS debugger
Cisco MIPS debugger. Contribute to klsecservices/ios_mips_gdb development by creating an account on GitHub.
1.29K viewsBear0
r0 Crew (Channel)
Posts series about using Radare2 - Radare2’s Visual Mode : https://moveax.me/radare2-visual-mode/ , Crackme0x03 Dissected with Radare2 : https://moveax.me/crackme0x03/ , Crackme0x02 Dissected with Radare2 : https://moveax.me/crackme0x02/ , Crackme0x01 Dissected with Radare2 : https://moveax.me/crackme0x01/ #radare2 #re #dukeBarman
1.75K viewsBear0
r0 Crew (Channel)
https://www.reddit.com/r/SwitchHacks/comments/7rq0cu/jamais_vu_a_100_trustzone_code_execution_exploit/ #re #exploit #dukeBarman
Reddit
From the SwitchHacks community on Reddit: jamais vu - a 1.0.0 TrustZone code execution exploit on the Nintendo Switch
Explore this post and more from the SwitchHacks community
2.08K viewsBear0
r0 Crew (Channel)
http://www.abatchy.com/2018/01/kernel-exploitation-2 #exploit #dukeBarman
Abatchy
[Kernel Exploitation] 2: Payloads
Discusses payloads to be used in upcoming posts
1.66K viewsBear0
r0 Crew (Channel)
https://blankhat.blogspot.ru/2018/01/debugging-forking-server-with-r2_1.html #radare2 #debugger #ctf #dukeBarman
Blogspot
Debugging a Forking Server with r2
A blog about vulnerabilities and exploits, CTF challenges and other things I find interesting in the world of information security.
1.84K viewsBear0
r0 Crew (Channel)
Exploit Development class https://samsclass.info/127/127_S18.shtml #exploit #re #dukeBarman
2.01K viewsBear0
r0 Crew (Channel)
http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation #malware #re #ida #dukeBarman
Möbius Strip Reverse Engineering
A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM: Part One, x86 Deobfuscation — Möbius Strip Reverse Engineering
1. Introduction Normally when I publish about breaking virtual machine software protections, I do so to present new techniques. Past examples have included: Writing an IDA processor module to unpack a VM Logging VM execution with DLL injection Compiler…
1.64K viewsBear0
r0 Crew (Channel)
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ #darw1n
landave's blog
7-Zip: Multiple Memory Corruptions via RAR and ZIP
Blog about anti-virus software vulnerabilities.
1.6K viewsBear0
r0 Crew (Channel)
https://twitter.com/alsweigart/status/955936520669577216 #books #python #dukeBarman
1.53K viewsBear0
r0 Crew (Channel)
REVERSE ENGINEERING WITH RADARE - FUNDAMENTALS AND BASICS https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ #radare2 #re #dukeBarman
1.68K viewsBear0
r0 Crew (Channel)
https://packmad.github.io/debug-smali/ #android #debugger #dukeBarman
Simone Aonzo a.k.a. Packmad
Debug Android smali code (without repackaging)
Download an Android Studio version greater than 3, because Google added a very useful feature: Profile and Debug Pre-built APKs.
1.55K viewsBear0
r0 Crew (Channel)
Forwarded from canyoupwn.me
Anti-debug with VirtualAlloc’s write watch
https://codeinsecurity.wordpress.com/2018/01/24/anti-debug-with-virtualallocs-write-watch/
codeinsecurity
Anti-debug with VirtualAlloc’s write watch
A lesser-known feature of the Windows memory manager is that it can maintain write watches on allocations for debugging and profiling purposes. Passing the MEM_WRITE_WATCH flag to VirtualAlloc &#82…
118 viewsXimera R0-Crew
r0 Crew (Channel)
https://www.youtube.com/watch?v=uqhBsWXUw7Q #re #malware #frida #dukeBarman
YouTube
Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking
Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this technique using x64dbg debugger and then demo a tool to automate the whole process frida-wshook.…
1.64K viewsBear0
r0 Crew (Channel)
SMB exploit (fixed in MS17-010+) now ported to Windows 2000 up to Windows Server 2016, and all versions in between. Reliable, doesn't cause BSOD like EternalBlue either. I've tried on Win2000 and XP. https://github.com/rapid7/metasploit-framework/pull/9473 #expdev #darw1n
GitHub
MS17-010 EternalSynergy / EternalRomance / EternalChampion aux+exploit modules · Pull Request #9473 · rapid7/metasploit-framework
MS17-010 Windows SMB Remote Command and Code Execution modules for all vulnerable targets Windows 2000 through 2016 (and of course the standard home/workstation counterparts).

auxiliary/admin/smb/...
2K viewsBear0
r0 Crew (Channel)
Google Chrome V8 Use-After-Free Vulnerability + Exploit by Zhao Qixun (CVE-2017-15399) https://bugs.chromium.org/p/chromium/issues/detail?id=776677 #expdev #uaf #darw1n
1.48K viewsBear0
r0 Crew (Channel)
Но PoC для use after free баги в Jit V8 (CVE-2017-15399) можно было найти и раньше.
Вспоминаем недавнюю утилиту https://github.com/andreyka/chromium_bug_search и повторяем сценарий, но уже для этой CVE.

ID тикета мы бы получили из новости об этом релизе https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html, которая была опубликована 6 Ноября.

[776677] High CVE-2017-15399: Use after free in V8


Указываем ID тикета и что мы ищем ошибку в v8:

python console.py -b 776677 -p v8 -r master
[+] Commit found:
https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b


В итоге попадаем в коммит https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b, где видим готовый JS PoC - https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b/test/mjsunit/regress/wasm/regress-776677.js, который был опубликован 23 Октября
GitHub
GitHub - andreyka/chromium_bug_search: Simple commit search utility for Chromium Google Source.
Simple commit search utility for Chromium Google Source. - andreyka/chromium_bug_search
3.36K viewsdukeBarman, edited  
r0 Crew (Channel)
ARM Exploitation for IoT (Introduction) https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf #OKOB2016
1.6K viewsBear0, edited  
r0 Crew (Channel)
В феврале в московском офисе Яндекса состоится первая в этом году встреча it sec pro course. На встрече выступят эксперты из Digital Security, Qrator Labs и Positive Technologies. Они расскажут о разработке смарт-контрактов, уязвимостях Meltdown и Spectre, атаках по протоколу DHCP, а также о построении формальных моделей уязвимостей.

Участие бесплатное, но нужно заранее зарегистрироваться. Количество мест ограничено.

https://events.yandex.ru/events/yagosti/09-feb-2018/
1.85K viewsDarwin