r0 Crew (Channel)
@R0_Crew
8.83K subscribers
35 photos
1 video
9 files
1.98K links
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;

Join to chat: @r0crew_bot 👈

Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/R0_Crew
Download Telegram
About
Blog
Apps
Platform
Join
r0 Crew (Channel)
8.83K subscribers
r0 Crew (Channel)
Exploit Development class https://samsclass.info/127/127_S18.shtml #exploit #re #dukeBarman
2.01K viewsBear0
r0 Crew (Channel)
http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation #malware #re #ida #dukeBarman
Möbius Strip Reverse Engineering
A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM: Part One, x86 Deobfuscation — Möbius Strip Reverse Engineering
1. Introduction Normally when I publish about breaking virtual machine software protections, I do so to present new techniques. Past examples have included: Writing an IDA processor module to unpack a VM Logging VM execution with DLL injection Compiler…
1.64K viewsBear0
r0 Crew (Channel)
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ #darw1n
landave's blog
7-Zip: Multiple Memory Corruptions via RAR and ZIP
Blog about anti-virus software vulnerabilities.
1.6K viewsBear0
r0 Crew (Channel)
https://twitter.com/alsweigart/status/955936520669577216 #books #python #dukeBarman
1.53K viewsBear0
r0 Crew (Channel)
REVERSE ENGINEERING WITH RADARE - FUNDAMENTALS AND BASICS https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ #radare2 #re #dukeBarman
1.68K viewsBear0
r0 Crew (Channel)
https://packmad.github.io/debug-smali/ #android #debugger #dukeBarman
Simone Aonzo a.k.a. Packmad
Debug Android smali code (without repackaging)
Download an Android Studio version greater than 3, because Google added a very useful feature: Profile and Debug Pre-built APKs.
1.55K viewsBear0
r0 Crew (Channel)
Forwarded from canyoupwn.me
Anti-debug with VirtualAlloc’s write watch
https://codeinsecurity.wordpress.com/2018/01/24/anti-debug-with-virtualallocs-write-watch/
codeinsecurity
Anti-debug with VirtualAlloc’s write watch
A lesser-known feature of the Windows memory manager is that it can maintain write watches on allocations for debugging and profiling purposes. Passing the MEM_WRITE_WATCH flag to VirtualAlloc &#82…
118 viewsXimera R0-Crew
r0 Crew (Channel)
https://www.youtube.com/watch?v=uqhBsWXUw7Q #re #malware #frida #dukeBarman
YouTube
Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking
Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this technique using x64dbg debugger and then demo a tool to automate the whole process frida-wshook.…
1.64K viewsBear0
r0 Crew (Channel)
SMB exploit (fixed in MS17-010+) now ported to Windows 2000 up to Windows Server 2016, and all versions in between. Reliable, doesn't cause BSOD like EternalBlue either. I've tried on Win2000 and XP. https://github.com/rapid7/metasploit-framework/pull/9473 #expdev #darw1n
GitHub
MS17-010 EternalSynergy / EternalRomance / EternalChampion aux+exploit modules · Pull Request #9473 · rapid7/metasploit-framework
MS17-010 Windows SMB Remote Command and Code Execution modules for all vulnerable targets Windows 2000 through 2016 (and of course the standard home/workstation counterparts).

auxiliary/admin/smb/...
2K viewsBear0
r0 Crew (Channel)
Google Chrome V8 Use-After-Free Vulnerability + Exploit by Zhao Qixun (CVE-2017-15399) https://bugs.chromium.org/p/chromium/issues/detail?id=776677 #expdev #uaf #darw1n
1.48K viewsBear0
r0 Crew (Channel)
Но PoC для use after free баги в Jit V8 (CVE-2017-15399) можно было найти и раньше.
Вспоминаем недавнюю утилиту https://github.com/andreyka/chromium_bug_search и повторяем сценарий, но уже для этой CVE.

ID тикета мы бы получили из новости об этом релизе https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html, которая была опубликована 6 Ноября.

[776677] High CVE-2017-15399: Use after free in V8


Указываем ID тикета и что мы ищем ошибку в v8:

python console.py -b 776677 -p v8 -r master
[+] Commit found:
https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b


В итоге попадаем в коммит https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b, где видим готовый JS PoC - https://chromium.googlesource.com/v8/v8/+/5f960dfc06a7c95af69e2b09f772b2280168469b/test/mjsunit/regress/wasm/regress-776677.js, который был опубликован 23 Октября
GitHub
GitHub - andreyka/chromium_bug_search: Simple commit search utility for Chromium Google Source.
Simple commit search utility for Chromium Google Source. - andreyka/chromium_bug_search
3.36K viewsdukeBarman, edited  
r0 Crew (Channel)
ARM Exploitation for IoT (Introduction) https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf #OKOB2016
1.6K viewsBear0, edited  
r0 Crew (Channel)
В феврале в московском офисе Яндекса состоится первая в этом году встреча it sec pro course. На встрече выступят эксперты из Digital Security, Qrator Labs и Positive Technologies. Они расскажут о разработке смарт-контрактов, уязвимостях Meltdown и Spectre, атаках по протоколу DHCP, а также о построении формальных моделей уязвимостей.

Участие бесплатное, но нужно заранее зарегистрироваться. Количество мест ограничено.

https://events.yandex.ru/events/yagosti/09-feb-2018/
1.85K viewsDarwin
r0 Crew (Channel)
We have a music channel. Perhaps it will be interesting to someone? https://xn--r1a.website/R0_Music
1.5K viewsDarwin
r0 Crew (Channel)
https://www.youtube.com/watch?v=cLUl_jK59EM #video #conference #frida #dukeBarman
YouTube
Prototyping And Reverse Engineering With Frida by Jay Harris
Abstract:
Frida is a framework which allows us to inject JavaScript into running applications. This has made reverse engineering and modifying applications easier than ever. Although Frida has a large following amongst mobile application testers, Frida also…
1.53K viewsBear0
r0 Crew (Channel)
Cutter 1.2 and radare2 2.3.0 (Codename: DirtyHarry) are out

- https://github.com/radare/radare2/releases/tag/2.3.0
- https://github.com/radareorg/cutter/releases/tag/v1.2

#radare2 #reverse
GitHub
Release Codename: DirtyHarry · radareorg/radare2
Builds: http://radare.mikelloc.com/get/2.3.0/
Changelog:
Release 2.3.0 - use latest acr 1.4
Analysis:

Better use of search.in and anal.in and zoom.in - sivaramaa
Initial work on CPU specific regis...
1.69K viewsdukeBarman
r0 Crew (Channel)
Windows Drivers fuzzer https://twitter.com/KeyZ3r0/status/958924764336201728 #exploit #windows #dukeBarman
Twitter
K0shl
I opened my Windows Driver Fuzzer--kDrvier Fuzzer in github based on ioctlbf framework, I gained approach 100 CVEs by kDriver Fuzzer in last 3 month!😀😀 And I wrote my kDriver Fuzzer tech. detail in Chinese😁 https://t.co/bT32kB3SjV
2.02K viewsBear0
r0 Crew (Channel)
https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak/blob/master/iOS_jailbreak_writeup.pdf #jailbreak #ios #exploit #dukeBarman
GitHub
iOS-11.1.2-15B202-Jailbreak/iOS_jailbreak_writeup.pdf at main · Coalfire-Research/iOS-11.1.2-15B202-Jailbreak
iOS 11.1.2 (15B202) Jailbreak. Contribute to Coalfire-Research/iOS-11.1.2-15B202-Jailbreak development by creating an account on GitHub.
2.09K viewsBear0
r0 Crew (Channel)
Hexrays upgraded free IDA from v5 to v7 (supports only x64 code) https://www.hex-rays.com/products/ida/support/download_freeware.shtml #re #dukeBarman
Hex-Rays
IDA Free: Disassembler & Decompiler at No Cost
Free disassembler and decompiler to learn reverse engineering. Core IDA features at no cost for students and non-commercial use. Download and start today.
2.31K viewsBear0
r0 Crew (Channel)
Decompiler internals: microcode (IDA IR) https://www.hex-rays.com/products/ida/support/ppt/recon2018.ppt #re #ida #ir #dukeBarman
2K viewsBear0