📚📚📚
#نمونه_سوال
#وجوه_نقد
#پودمان۵

✅کانال رسمی گام به گام فنی🔧

کل فرمول های فیزیک دهم تجربی📖🔍

#نکات_فیزیک #فیزیک_دهم #فرمول_فیزیک

برا دوستاتم بفرس📲

"A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes", 2022.

Memory corruption vulnerabilities are prevalent and detrimental software weaknesses, which potentially occur when programming with low-level languages (usually C and C++).

]-> Tool: https://github.com/SoftwareSecurityLab/UbSym

📚 t.iss.one/Library_Sec

Feeding Gophers to Ghidra

#Ghidra
📚 t.iss.one/Library_Sec

SMART SPEAKER SHENANIGANS:
MAKING THE SONOS ONE SING ITS SECRETS

📚 t.iss.one/Library_Sec

📚 t.iss.one/Library_Sec

#Fuzzing
"L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing", 2022.

Bluetooth is a wireless communication technology that al￾lows users to exchange various data in a short range, including Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and
Bluetooth Low Energy (BLE). Owing to their convenience, billions of devices have adopted Bluetooth technologies .

]-> A stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR LLC/L2CAP:
https://github.com/haramel/l2fuzz

📚

#Sec_code_review
"LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries", 2022.

Third-party libraries (TPLs) are important components of modern
software systems. They are reused frequently during software de velopment . Open-source repository platforms and package management systems are the major sources of third-party libraries.
However, security issues of the third-party code continue to arise.
Vulnerabilities in well-known third-party libraries, such as the
Heartbleed bug, could bring security threats to millions of devices. In addition, non-compliant reuse, which is a violation of legal software licenses, could lead to costly commercial disputes. Unfortunately, many developers do not pay sufficient attention to the code that is imported from third-party libraries.


]-> Datasets and source code:
https://github.com/DeepSoftwareAnalytics/LibDB

📚

"How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub", 2022.

CVE, which stands for Common Vulnerabilities and Expo￾sures1, is a list of publicly disclosed security flaws in software or systems, which have been assigned individual CVE IDs.

]-> Tool: https://github.com/SoftwareSecurityLab/UbSym

📚

📚 t.iss.one/Library_Sec

#tools
#Offensive_security
"Exploring Widevine for Fun and Profit", 2022.

]-> Widevine Key Ladder Script (Python3):
https://github.com/Avalonswanderer/widevine_key_ladder
]-> A tool to trace Widevine execution in Android and dump buffers: https://github.com/Avalonswanderer/wideXtractor

Nowadays, people prefer media consumption on over-the￾top platforms (OTT), such as Netflix and Amazon Prime, that distribute multimedia content over the Internet, allowing users to play them whenever they wish. Such ease of viewing the same videos across devices creates challenges for content producers and owners.

#Mobile_Security
#Sec_code_review
"Demystifying Hidden Sensitive Operations in Android apps", 2022.

]-> FlowDroid Static Data Flow Analysis Tool:
https://github.com/secure-software-engineering/FlowDroid

Android is the most adopted mobile operating systems in terms of users, applications and developers . However, its popularity means that legitimate developers must co-exist with malware writers.

#Research
"Evaluating Susceptibility of VPN Implementations to DoS Attacks Using Adversarial Testing", 2022.

In today’s Internet ecosystem, enterprise networks are often
dispersed over several locations, such as corporate branches, data centers, and infrastructure hosted by cloud providers. VPN systems are an integral part of these setups, serving as the glue that securely connects the different locations by encrypting and authenticating traffic between pairs of endpoints over an untrusted network such as the Internet. Given this role, VPN protocols are as ubiquitous in emerging SD-WAN deployments as they are in more traditional site-to-site connections. More￾over, the recent shift to remote work has led to a surge in VPN use .

📚 t.iss.one/Library_Sec

"This will only hurt for a moment": Code injection on Linux and macOS with LD_PRELOAD.

📚 t.iss.one/Library_Sec

#Mobile_Security

"Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView", 2022.

Browser fingerprinting is an effective method to identify individuals based on information accessible through browser settings without storing information locally, e.g., in cookies.

📚 t.iss.one/Library_Sec

Hacking the Cloud With SAML , Hexacon 2022.
#Cloud
📚 t.iss.one/Library_Sec

The Web Application
Hacker’s Handbook. Finding and Exploiting Security Flaws.
Dafydd Stuttard, Marcus Pinto
#BugBounty
📚 t.iss.one/Library_Sec