Playing in the (Windows) Sandbox: A Windows Sandbox deep dive.

https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

#reverse #hyperv #sandbox #internals #darw1n

CVE-2021-27365: Linux kernel LPE Exploit. Now with symbols for the latest RHEL8 kernel. Get it while it's still an 0day!

Github: https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi

The following report discloses three distinct vulnerabilities discovered by GRIMM while researching the Linux kernel. The first vulnerability is a heap buffer overflow, the second is a kernel pointer leak, and the third is an out-of-bounds kernel memory read. All three vulnerabilities are associated with the iSCSI subsystem.

Article: https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html?m=1

#reverse #lpe #heap #bof #expdev #linux #darw1n

VM Detection Tricks, Part 1: Physical memory resource maps

In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.

https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/

#reverse #detect #vm #malware #redteam #darw1n

One day short of a full chain: Part 2 - Chrome sandbox escape

https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx

#reverse #expdev #browser #chrome #sandbox #escape #darw1n

x64dbg plugin for simple spoofing of CPUID instruction behavior

https://github.com/jonatan1024/CpuidSpoofer

#reverse #tools #plugin #x64 #debugger #hwid #darw1n

fpicker: Fuzzing with Frida

https://insinuator.net/2021/03/fpicker-fuzzing-with-frida/

Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida.

https://github.com/ttdennis/fpicker

#reverse #afl #frida #darw1n

How I cut GTA Online loading times by 70% (how the Reverse Engineering helps to improve game and earn bug bounty at H1) https://nee.lv/2021/02/28/How-I-cut-GTA-Online-loading-times-by-70/ #reverse #dukeBarman

Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.

https://github.com/D3VI5H4/Antivirus-Artifacts

#malware #av #redteam #artifacts #darw1n

In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html

In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:

Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html

Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html

Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html

#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n

https://twitter.com/h0t_max/status/1316028532972281856?s=20

#reverse #intel #microcode

BinDiff 7 beta coming soon. Request yours here: https://docs.google.com/forms/d/e/1FAIpQLSdEPDTnopPEzbXXmTktshVfJb28YiFahYoRfya92yIi5iEFdg/viewform #reverse #dukeBarman

The IDA 7.6 was released!

https://www.hex-rays.com/products/ida/news/7_6/

#reverse #ida #KosBeg

Free Malware Analysis training. Volume 1 via hasherezade https://github.com/hasherezade/malware_training_vol1 (in progress) #reverse #malware #dukeBarman

https://twitter.com/h0t_max/status/1375871849079406597?s=09

#reverse #intel #microcode

D810: Creating an extensible deobfuscation plugin for IDA Pro

https://eshard.com/posts/d810_blog_post_1/

D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

https://gitlab.com/eshard/d810

#reverse #ida #plugin #deobfucation #obfuscation #QwErTyReverse

Cutter and Rizin will participate in Google Summer of Code!

If you are interested in participating as part of Rizin:

- Instructions: https://rizin.re/gsoc/2021/
- The official GSOC document: https://summerofcode.withgoogle.com/organizations/5718117306597376/
- Join the dedicated mattermost channel: https://im.rizin.re/rizinorg/channels/gsoc-2021-applicants

Official tweet - https://twitter.com/cutter_re/status/1369600822162698241

#reverse #rizin #dukeBarman

Cutter 2.0 Release (Projects enabled!)

https://cutter.re/cutter-2.0

#reverse #rizin #jeisonwi

How the Web Audio API is used for browser fingerprinting

https://fingerprintjs.com/blog/audio-fingerprinting/

#osint #browser #p_rusanov

Spectre v4: Security Analysis of AMD Zen3 Architecture Predictive Store Forwarding https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf #reverse #hardware #amd #dukeBarman

Go-iOS was inspired by the wonderful libimobiledevice. It can do all of what libimobiledevice can do and more. Highlights:

- run XCTests including WebdriverAgent on Linux, Windows and Mac
- start and stop apps
- Use a debug proxy to reverse engineer every tool Mac OSX has, so you can contrib to go-ios or build your own
- use Accessibility Inspector APIs

https://github.com/danielpaulus/go-ios

#reverse #iOS #dukeBarman