r0 Crew (Channel)
@R0_Crew
8.81K subscribers
35 photos
1 video
9 files
1.98K links
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;

Join to chat: @r0crew_bot 👈

Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/R0_Crew
Download Telegram
About
Blog
Apps
Platform
Join
r0 Crew (Channel)
8.81K subscribers
r0 Crew (Channel)
JavaScript Anti-Debugging Tricks https://forum.reverse4you.org/showthread.php?t=3055 #re #javascript #malware #tips #antidebug #darw1n
R0 CREW
JavaScript Anti-Debugging Tricks
Оригинал: x-c3ll.github.io Прошлым летом я много времени беседовал с @cgvwzq о трюках с антиотладкой в JavaScript. Мы пытались найти ресурсы или статьи, в которых эта тема была бы проанализирована, но документация оказалась плохой и в основном неполной.…
2.23K viewsBear0, edited  
👍 5❤️ 0
r0 Crew (Channel)
Malware debugging just got a lot easier. There's a new JavaScript bridge for #WinDbg. In this post, we'll walk through these new features https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html #malware #debugging #JavaScript #expdev #darw1n
Talosintelligence
JavaScript bridge makes malware analysis with WinDbg easier
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
2.24K viewsedited  
👍 4❤️ 2
r0 Crew (Channel)
Fuzzing JavaScript Engines with Aspect-preserving Mutation

https://github.com/sslab-gatech/DIE

#reverse #expdev #fuzzing #javascript #darw1n
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
3.08K views
👍 1❤️ 1
r0 Crew (Channel)
This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS 13.5, while two of the mitigation bypasses, CVE-2020-9870 and CVE-2020-9910, were fixed in iOS 13.6.

JITSploitation I: A JIT Bug
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html

JITSploitation II: Getting Read/Write
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-two.html

JITSploitation III: Subverting Control Flow
https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html

#mobile #ios #javascript #browser #jit #webkit #expdev #cve #reverse #darw1n
Blogspot
JITSploitation I: A JIT Bug
By Samuel Gro ß , Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScri...
2.91K viewsedited  
👍 4❤️ 2
r0 Crew (Channel)
JavaScript Deobfuscator and Unpacker https://forum.reverse4you.org/t/javascript-deobfuscator-and-unpacker/16986 #tools #malware #javascript #unpack #obfuscation #darw1n
R0 CREW
JavaScript Deobfuscator and Unpacker
Online: https://lelinhtinh.github.io/de4js/ Github: GitHub - lelinhtinh/de4js: JavaScript Deobfuscator and Unpacker
4.44K views
👍 5❤️ 5
r0 Crew (Channel)
Phrack 2021, Issue 0x46

* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy

http://phrack.org/issues/70/1.html

#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n
Phrack
Introduction
Click to read the article on phrack
👍1
8.82K viewsedited  
👍 9❤️ 12