Alaid TechThread
@offensive_thread
676 subscribers
6 photos
1 video
82 files
1.31K links
Vulnerability discovery, threat intelligence, reverse engineering, AppSec
Download Telegram
About
Blog
Apps
Platform
Join
Alaid TechThread
676 subscribers
Alaid TechThread
https://www.weibo.com/ttarticle/p/show?id=2309404245794218721506 iOS jailbreak internals (1): Remount rootfs after iOS 11.3
46 viewsedited  
Alaid TechThread
https://github.com/0x09AL/CVE-2018-8174-msf
GitHub
GitHub - 0x09AL/CVE-2018-8174-msf: CVE-2018-8174 - VBScript memory corruption exploit.
CVE-2018-8174 - VBScript memory corruption exploit. - 0x09AL/CVE-2018-8174-msf
45 views
Alaid TechThread
https://dougallj.wordpress.com/2018/06/04/writing-a-hex-rays-plugin-vmx-intrinsics/
dougallj
Writing a Hex-Rays Plugin: VMX Intrinsics
I’ve been very excited to work with the new Hex-Rays Decompiler microcode API, and I’ve finally had the chance to sit down and build a useful plugin. This post describes the development…
35 views
Alaid TechThread
https://securelist.com/disappearing-bytes/84017/
Securelist
Disappearing bytes: Reverse engineering the MS Office RTF parser
In 2017, we encountered lots of samples that were ‘exploiting’ the implementation of Microsoft Word’s RTF parser to confuse all other third-party RTF parsers, including those used in anti-malware software.
40 views
Alaid TechThread
Forwarded from r0 Crew (Channel) (Bear0)
VUzzer: application-aware evolutionary fuzzing strategy that does not require any prior knowledge of the application or input format.

https://sharcs-project.eu/m/filer_public/48/8c/488c5fb7-9aad-4c87-ab9c-5ff251ebc73d/vuzzer_ndss17.pdf

https://github.com/vusec/vuzzer #fuzzing #MorteNoir
4 views
Alaid TechThread
Forwarded from r0 Crew (Channel) (Bear0)
CVE-2018-5002 - Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East
https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack

CVE-2018-5002 – Analysis of the Second Wave of Flash Zero-day Exploit in 2018
https://blogs.360.cn/blog/cve-2018-5002-en/

Sample for Flash 0 Day - CVE-2018-5002

1. XLSX file with ActiveX Control to download 1st stage SWF
2. 1st stage SWF downloads 2nd stage AES encrypted SWF
3. 1st stage SWF decrypts and loads the 2nd stage SWF (0 day)

https://www.virustotal.com/#/file/0b4f0d8d57fd1cb9b4408013aa7fe5986339ce66ad09c941e76626b5d872e0b5/details

Decrypted SWF for CVE-2018-5002, the full hash is:
f63a51e78116bebfa1780736d343c9eb

#expdev #flash #darw1n
5 views
Alaid TechThread
https://gizmodo.com/deepfake-videos-are-getting-impossibly-good-1826759848?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gizmodo%2Ffull+%28Gizmodo%29
Gizmodo
Deepfake Videos Are Getting Impossibly Good
Fake news sucks, and as those eerily accurate videos of a lip-synced Barack Obama demonstrated last year, it’s soon going to get a hell of a lot worse. As a newly revealed video-manipulation system shows, super-realistic fake videos are improving faster than…
41 views
Alaid TechThread
https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
Volexity
Patchwork APT Group Targets US Think Tanks
In March and April 2018, Volexity identified multiple spear phishing campaigns attributed to Patchwork, an Indian APT group also known as Dropping Elephant. This increase in threat activity was consistent with other observations documented over the last few…
34 views
Alaid TechThread
https://www.twitch.tv/videos/271347409
Twitch
Twitch is the world's leading video platform and community for gamers.
44 views
Alaid TechThread
https://github.com/redmed666/mal6raph
GitHub
redmed666/mal6raph
Contribute to mal6raph development by creating an account on GitHub.
36 views
Alaid TechThread
https://github.com/iGio90/frick
GitHub
GitHub - iGio90/frick: frick - aka the first debugger built on top of frida
frick - aka the first debugger built on top of frida - iGio90/frick
31 views
Alaid TechThread
https://twitter.com/marcan42/status/1008981518159511553
Twitter
Hector Martin 💉💉
HP iLO4 authentication bypass: curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA" No, that's not a crash PoC. That's a full blown auth bypass. sscanf into fixed buffer overwrites a flag field that bypasses auth. Yes, really. airbus-seclab.github.io/ilo/SSTIC2018…
34 views
Alaid TechThread
https://www.cyberscoop.com/olympic-destroyer-kaspersky-biochemical-research/
CyberScoop
Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers
The same Russian-linked hacking group responsible for a historic cyberattack on the 2018 Winter Olympics is now targeting biochemical research and domestic financial organizations.
48 views
Alaid TechThread
https://academy.yandex.ru/events/system_administration/msk-2018/
59 views
Alaid TechThread
Forwarded from r0 Crew (Channel) (Bear0)
Static instrumentation based on executable file formats https://romainthomas.fr/slides/18-06-Recon18-Formats-Instrumentation.pdf #reverse #dukeBarman
5 views
Alaid TechThread
Data Insertion in Bitcoins Blockchain.pdf
469.3 KB
45 views
Alaid TechThread
https://gist.github.com/Neo23x0/fd9af35c5061578025d00838c215dfe4
Gist
Typical False Positive Hashes
Typical False Positive Hashes. GitHub Gist: instantly share code, notes, and snippets.
37 views
Alaid TechThread
https://github.com/necst/crave
GitHub
necst/crave
Framework to automatically test and explore the capabilities of generic AV engines - necst/crave
44 views
Alaid TechThread
https://github.com/mwrlabs/dref
GitHub
GitHub - FSecureLABS/dref: DNS Rebinding Exploitation Framework
DNS Rebinding Exploitation Framework . Contribute to FSecureLABS/dref development by creating an account on GitHub.
49 views
Alaid TechThread
https://github.com/Patrowl/PatrowlManager
GitHub
GitHub - Patrowl/PatrowlManager: PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform - Patrowl/PatrowlManager
64 views