iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE
https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/
#reverse #expdev #mobile #ios #rce #formatstring #darw1n
https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/
#reverse #expdev #mobile #ios #rce #formatstring #darw1n
DEEP
DEEP – Votre partenaire pour une transformation digitale réussie
Avec son expertise en Cloud, Cybersécurité, Data et Télécom, DEEP aide les organisations à innover de manière responsable et à créer de la valeur à l’ère numérique.
GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
#expdev #tar #cli #darw1n
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
#expdev #tar #cli #darw1n
The GitHub Blog
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
Between July 21 and August 13 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.
👍1
Roppeer is a tool to find gadgets and build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64)
https://forum.reverse4you.org/t/roppeer-is-a-tool-to-find-gadgets-and-build-rop-chains-for-different-architectures-x86-x86-64-arm-arm64-mips-powerpc-sparc64/17064
#tools #expdev #ropchain #rop #python #diablo
https://forum.reverse4you.org/t/roppeer-is-a-tool-to-find-gadgets-and-build-rop-chains-for-different-architectures-x86-x86-64-arm-arm64-mips-powerpc-sparc64/17064
#tools #expdev #ropchain #rop #python #diablo
R0 CREW
Roppeer is a tool to find gadgets and build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64)
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework. https://github.com/sashs/Ropper
Analyzing a Patch of a Virtual Machine Escape on VMware
https://forum.reverse4you.org/t/analyzing-a-patch-of-a-virtual-machine-escape-on-vmware/17110
#reverse #windows #expdev #patchanalysis #patch #analysis #vmware #darw1n
https://forum.reverse4you.org/t/analyzing-a-patch-of-a-virtual-machine-escape-on-vmware/17110
#reverse #windows #expdev #patchanalysis #patch #analysis #vmware #darw1n
R0 CREW
Analyzing a Patch of a Virtual Machine Escape on VMware
The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. On Workstation Pro and Fusion, the issue cannot…
👍1
CVE-2021-40444 Analysis / Exploit
https://forum.reverse4you.org/t/cve-2021-40444-analysis-exploit/17118
#expdev #windows #cve #office #rce #exploit #hottabych
https://forum.reverse4you.org/t/cve-2021-40444-analysis-exploit/17118
#expdev #windows #cve #office #rce #exploit #hottabych
R0 CREW
CVE-2021-40444 Analysis / Exploit
Intro I’m writing the blog post when I have no technical background on this exploit. So I would like to share my experience with it. I saw a lot of people did a proof of concept, so I decided to do something different which is I will get the exploit then…
CVE-2021-30632 Chrome V8 RCE Exploit for Windows
https://forum.reverse4you.org/t/cve-2021-30632-chrome-v8-rce-exploit-for-windows/17286
#expdev #windows #browser #chrome #v8 #rce #hottabych
https://forum.reverse4you.org/t/cve-2021-30632-chrome-v8-rce-exploit-for-windows/17286
#expdev #windows #browser #chrome #v8 #rce #hottabych
R0 CREW
CVE-2021-30632 Chrome V8 RCE Exploit for Windows
On September 13, 2021, Google released version 93.0.4577.82 of Chrome. The release note specified that two of the security fixed bugs, CVE-2021-30632 and CVE-2021-30633, are being exploited in the wild (both reported by anonymous researchers). CVE-2021-30632…
Phrack 2021, Issue 0x46
* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy
http://phrack.org/issues/70/1.html
#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n
* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy
http://phrack.org/issues/70/1.html
#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n
Phrack
Introduction
Click to read the article on phrack
👍1
One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
GitHub
GitHub - yardenshafir/IoRingReadWritePrimitive: Post exploitation technique to turn arbitrary kernel write / increment into full…
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2 - yardenshafir/IoRingReadWritePrimitive
🔥9👍7
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/
#gamehack #expdev #reverse #v8 #exploit
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/
#gamehack #expdev #reverse #v8 #exploit
Gendigital
Dota 2 under attack: How a V8 bug was exploited in the game
Exploiting V8 in Popular Games
👍4🤔3
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
#expdev #windows #1day
https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
#expdev #windows #1day
Security Intelligence
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
See how one IBM X-Force researcher reverse engineered the patch for CVE-2022-34718, and unpack the affected protocols, how the bug was identified, and how it was reproduced.
👍6👎2
Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
#expdev #reverse #windows #poc
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
#expdev #reverse #windows #poc
Numen
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
👍3❤1🎉1
Analyzing a Modern In-the-wild Android Exploit
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
🔥5
HEVD: How a simple K-TypeConfusion took me 3 months long to create a exploit? — Windows 11 (build 22621)
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
#expdev #windows #hevd #kaslr #smep
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
#expdev #windows #hevd #kaslr #smep
Medium
How a simple K-TypeConfusion took me 3 months long to create a exploit?
Have you ever tested something for a really long time, that it made part of your life? that’s what happen to me for the last months when a…
👍11❤1
Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
GitHub
GitHub - leesh3288/CVE-2023-4911: PoC for CVE-2023-4911
PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.
🔥8👍4❤1
PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and more. This tool operates entirely offline once the data has been fetched, ensuring that your analyses can continue even without an internet connection.
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
GitHub
GitHub - xaitax/PatchaPalooza: A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. - xaitax/PatchaPalooza
👍2❤1
POC for trigerring CVE-2024-38063 (RCE in tcpip.sys)
https://github.com/ynwarcs/CVE-2024-38063
#expdev #poc
https://github.com/ynwarcs/CVE-2024-38063
#expdev #poc
GitHub
GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys)
poc for CVE-2024-38063 (RCE in tcpip.sys). Contribute to ynwarcs/CVE-2024-38063 development by creating an account on GitHub.
❤10👍3
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
#expdev #poc
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
#expdev #poc
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
👍11😍2
0-Click exploit in MediaTek Wi-Fi chipsets affects routers and smartphones / Exploiting (CVE-2024-20017) 4 different ways
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
#expdev #poc
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
#expdev #poc
hyprblog
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways
a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.
❤10👍3🔥1
Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street
#windows #expdev #lpe
https://github.com/MzHmO/Exploit-Street
#windows #expdev #lpe
GitHub
GitHub - MzHmO/Exploit-Street: Complete list of LPE exploits for Windows (starting from 2023)
Complete list of LPE exploits for Windows (starting from 2023) - MzHmO/Exploit-Street
❤13🤯3👍2🥱2🤣1