Forwarded from r0 Crew (Channel)
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to achieve code execution. The vulnerability was initially found in 2016 and the vendor was contacted however no response was ever received. Now several years later (March 2019 at time of writing), the vulnerability still exists in the latest version.
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
#re #fuzzing #expdev
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
#re #fuzzing #expdev
Medium
Introduction to File Format Fuzzing & Exploitation
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to…
Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
https://arxiv.org/pdf/1903.00503.pdf
https://arxiv.org/pdf/1903.00503.pdf
What is #MITRE ATT&CK and How Is It Useful
https://www.anomali.com/resources/what-mitre-attck-is-and-how-it-is-useful
https://www.anomali.com/resources/what-mitre-attck-is-and-how-it-is-useful
Список подкастов на тему cybersecurity:
https://motherboard.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
https://itunes.apple.com/us/podcast/malicious-life/id1252417787?mt=2&ign-mpt=uo%3D4
https://malicious.life/
https://www.smashingsecurity.com/
https://feeds.megaphone.fm/darknetdiaries
https://hackinghumans.libsyn.com/
https://motherboard.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
https://itunes.apple.com/us/podcast/malicious-life/id1252417787?mt=2&ign-mpt=uo%3D4
https://malicious.life/
https://www.smashingsecurity.com/
https://feeds.megaphone.fm/darknetdiaries
https://hackinghumans.libsyn.com/
Vice
Introducing CYBER: A Hacking Podcast by Motherboard
Hacking. Hackers. Disinformation campaigns. Encryption. The Cyber. This stuff gets complicated really fast, but Motherboard spends its time embedded in the infosec world so you don't have to.
#ARM Assembly Language https://bob.cs.sonoma.edu/IntroCompOrg-RPi/intro-co-rpi.html
A toolset to make a system look as if it was the victim of an APT attack
https://github.com/NextronSystems/APTSimulator
https://github.com/NextronSystems/APTSimulator
GitHub
GitHub - NextronSystems/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
A toolset to make a system look as if it was the victim of an APT attack - NextronSystems/APTSimulator
Scripts for the #Ghidra software reverse engineering suite.
https://github.com/ghidraninja/ghidra_scripts#swift_demanglerpy
https://github.com/ghidraninja/ghidra_scripts#swift_demanglerpy
GitHub
GitHub - ghidraninja/ghidra_scripts: Scripts for the Ghidra software reverse engineering suite.
Scripts for the Ghidra software reverse engineering suite. - ghidraninja/ghidra_scripts
Forwarded from r0 Crew (Channel)
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team https://github.com/knownsec/pocsuite3 #exploit #dukeBarman
GitHub
GitHub - knownsec/pocsuite3: pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404…
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team. - knownsec/pocsuite3
Forwarded from r0 Crew (Channel)
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Article: https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
Another: https://blogs.technet.microsoft.com/srd/2019/03/14/local-privilege-escalation-via-the-windows-i-o-manager-a-variant-finding-collaboration/
#re #expdev #lpe #darw1n
Blogspot
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and wh...
#OSINT Email-Enum searches mainstream websites and tells you if an #email is registered! https://github.com/Frint0/email-enum