r0 Crew (Channel)
@R0_Crew
8.81K subscribers
35 photos
1 video
9 files
1.98K links
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;

Join to chat: @r0crew_bot πŸ‘ˆ

Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/R0_Crew
Download Telegram
About
Blog
Apps
Platform
Join
r0 Crew (Channel)
8.81K subscribers
r0 Crew (Channel)
PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass https://github.com/chompie1337/s8_2019_2215_poc/ #android #exploit #jeisonwi
GitHub
GitHub - chompie1337/s8_2019_2215_poc: PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass - chompie1337/s8_2019_2215_poc
2.58K viewsedited  
πŸ‘ 3❀️ 2
r0 Crew (Channel)
CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices https://www.synopsys.com/blogs/software-security/cve-2020-7958-trustlet-tee-attack/ #exploit #android #dukeBarman
Blackduck
Understanding CVE-2020-7958: Biometric Data Extraction in Android | Black Duck Blog
Explore our thorough analysis of CVE-2020-7958, where we delve into trustlets, their role in Android's Trusted Execution Environment, and potential attack methods.
2.79K views
πŸ‘ 3❀️ 2
r0 Crew (Channel)
β€œPsychic Paper” - history about one 0day bug for bypass security https://siguza.github.io/psychicpaper/

PoC application on Swift: https://wojciechregula.blog/post/stealing-your-sms-messages-with-ios-0day/

#ios #exploit #dukeBarman
wojciechregula.blog
Stealing your SMS messages with iOS 0day
This is a special post because I fully based on another researcher, s1guza’s 0day. All of this story began from the following tweet:
Siguza told us that his 0day was patched in the iOS 13.5 beta3. So this is actually a sandbox escape 0day for the newest,…
3.75K viewsedited  
πŸ‘ 8❀️ 0
r0 Crew (Channel)
CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://www.thezdi.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters #exploit #dukeBarman
Zero Day Initiative
Zero Day Initiative β€” CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931 and…
4.21K views
πŸ‘ 2❀️ 1
r0 Crew (Channel)
CVE-2020-3919 - IOHIDFamily Uninitialised Kernel Memory Vulnerability https://alexplaskett.github.io/CVE-2020-3919/ #macos #ios #exploit #dukeBarman
Amit Merchant - Software Engineer
CVE-2020-3919 - IOHIDFamily Uninitialised Kernel Memory Vulnerability
Recently Apple patched a vulnerability (CVE-2020-3919) in IOHIDFamily in their security update 10.15.4 which may allow a malicious application to execute arbitrary code with kernel privileges. It turns out this bug also affected iOS too.
❀1
2K views
πŸ‘ 4❀️ 0
r0 Crew (Channel)
CVE-2020-1054 https://cpr-zero.checkpoint.com/vulns/cprid-2152/ #exploit #dukeBarman
CPR-Zero
CPR-Zero: CVE-2020-1143
Check Point Research Vulnerability Repository
1.83K views
πŸ‘ 2❀️ 1
r0 Crew (Channel)
CVE-2020-1015 Analysis https://0xeb-bp.github.io/blog/2020/05/12/cve-2020-1015-analysis.html #exploit #dukeBarman
0xeb_bp
CVE-2020-1015 Analysis
This post is an analysis of the April 2020 security patch for CVE-2020-1015. The bug was reported by Shefang Zhong and Yuki Chen of the Qihoo 360 Vulcan team. The description of the bug from Microsoft:
1.84K views
πŸ‘ 3❀️ 1
r0 Crew (Channel)
The 'S' in Zoom, Stands for Security uncovering (local) security flaws in Zoom's latest macOS client https://objective-see.com/blog/blog_0x56.html #exploit #macos #dukeBarman
objective-see.org
The 'S' in Zoom, Stands for Security
uncovering (local) security flaws in Zoom's latest macOS client
2.07K views
πŸ‘ 3❀️ 2
r0 Crew (Channel)
CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys https://h0mbre.github.io/atillk64_exploit/ #exploitation #exploit #dukeBarman
The Human Machine Interface
CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys
Background
2.03K views
πŸ‘ 5❀️ 0
r0 Crew (Channel)
Chronicles of a Sandbox Escape: Deep Analysis of CVE-2019-0880 https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html #windows #exploit #dukeBarman
ByteRaptors
Chronicles of a Sandbox Escape: Deep Analysis of CVE-2019-0880
Overview
2.1K views
πŸ‘ 1❀️ 0
r0 Crew (Channel)
RCE vulnerability in Avast Antivirus by Project Zero Team https://bugs.chromium.org/p/project-zero/issues/detail?id=2018 #exploit #dukeBarman
4.15K views
πŸ‘ 5❀️ 1
r0 Crew (Channel)
Writing an iOS Kernel Exploit from Scratch https://secfault-security.com/blog/chain3.html #ios #exploitation #ghidra #exploit #dukeBarman
2.53K views
πŸ‘ 12❀️ 1
r0 Crew (Channel)
Exploiting an Envoy heap vulnerability https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792 #exploit #dukeBarman
Medium
Exploiting an Envoy heap vulnerability
Overview
2.3K views
πŸ‘ 3❀️ 0
r0 Crew (Channel)
CVE-2020–9934: Bypassing TCC https://objective-see.com/blog/blog_0x4C.html #exploit #macos #dukeBarman
objective-see.org
CVE-2020–9934: Bypassing TCC
...for unauthorized access to sensitive user data!
2.41K views
πŸ‘ 2❀️ 2
r0 Crew (Channel)
CVE-2020–9854: "Unauthd" (three) logic bugs ftw! https://objective-see.com/blog/blog_0x4D.html #macos #exploit #dukeBarman
objective-see.org
CVE-2020–9854: "Unauthd"
(three) logic bugs ftw!
2.55K views
πŸ‘ 1❀️ 0
r0 Crew (Channel)
Exploiting Android Messengers with WebRTC: Part 1 https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html #android #exploit #dukeBarman
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
2.8K views
πŸ‘ 2❀️ 0
r0 Crew (Channel)
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html #exploit #android #dukeBarman
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
2.79K views
πŸ‘ 2❀️ 1
r0 Crew (Channel)
Exploiting Android Messengers with WebRTC: Part 2 https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html #exploit #android #dukeBarman
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
3.45K views
πŸ‘ 4❀️ 0
r0 Crew (Channel)
CVE-2021-40444 Analysis / Exploit

https://forum.reverse4you.org/t/cve-2021-40444-analysis-exploit/17118

#expdev #windows #cve #office #rce #exploit #hottabych
R0 CREW
CVE-2021-40444 Analysis / Exploit
Intro I’m writing the blog post when I have no technical background on this exploit. So I would like to share my experience with it. I saw a lot of people did a proof of concept, so I decided to do something different which is I will get the exploit then…
5.94K views
πŸ‘ 4❀️ 2
r0 Crew (Channel)
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game

https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

#gamehack #expdev #reverse #v8 #exploit
Gendigital
Dota 2 under attack: How a V8 bug was exploited in the game
Exploiting V8 in Popular Games
πŸ‘4πŸ€”3
8.4K viewsedited