Order of Six Angles
Cracking Android apps with Frida https://www.youtube.com/watch?v=pjEd1cHYhi8
вот такие рекомендации ютуба 😁
Order of Six Angles
Интересная тема - хукинг голанг функций. Он отличается. В сети нашел всего две статьи =*( В первой рассматривается очень частный случай, когда намеренно импортируется libc, во второй я потерялся в исходниках (очень интересно, но нихуя непонятно) https://…
офигеть, вышла вторая часть!!1
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-2-the-challenges-of-dynamically-hooking-golang-program.html
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-2-the-challenges-of-dynamically-hooking-golang-program.html
Quarkslab
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
By the end of the blog, we should cover the removal and reinstallation of a physical memory chip from a broken USB storage device to a new donor module.
https://trustedsec.com/blog/hands-on-with-chip-off-non-volatile-memory
#hardwarehacking
https://trustedsec.com/blog/hands-on-with-chip-off-non-volatile-memory
#hardwarehacking
TrustedSec
Hands On with Chip Off Non-Volatile Memory
Lateral Movement with the .NET Profiler
https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
#redteam
https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
#redteam
SpecterOps
Lateral Movement with the .NET Profiler - SpecterOps
Explore lateral movement techniques using the .NET Profiler to execute custom payloads and manipulate .NET processes effectively.
Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/
https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Fuzzing embedded systems - Part 1, Introduction
As a result I developed a fuzzer to search for vulnerabilities in CGI binaries and a Binary Ninja plugin to search for ROP chains in MIPS binaries, as well as an exploit for one of the crashes triaged.
https://blog.sparrrgh.me/fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html
As a result I developed a fuzzer to search for vulnerabilities in CGI binaries and a Binary Ninja plugin to search for ROP chains in MIPS binaries, as well as an exploit for one of the crashes triaged.
https://blog.sparrrgh.me/fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html
Я стал замечать, что использую chatgpt все больше и больше в повседневной работе. А вы используете chatgpt в работе?
Final Results
57%
Да
34%
Нет
9%
Нет, но хочу
Adventures of Ox64 BL808 RISC-V SBC with Apache NuttX RTOS (видео)
Guide to Hardware Debug Ports (классный гайд)
Attacking Samsung Galaxy A* Boot Chain (слайды). Видео
ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE (мощный чувак и блог)
new persistence method macOS
Guide to Hardware Debug Ports (классный гайд)
Attacking Samsung Galaxy A* Boot Chain (слайды). Видео
ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE (мощный чувак и блог)
new persistence method macOS
This media is not supported in your browser
VIEW IN TELEGRAM
Когда напиздил статей с твитера и несешь в телегу
Order of Six Angles
Fuzzing embedded systems - Part 1, Introduction As a result I developed a fuzzer to search for vulnerabilities in CGI binaries and a Binary Ninja plugin to search for ROP chains in MIPS binaries, as well as an exploit for one of the crashes triaged. htt…
охуенная статья, жаль что сам фаззинг будет только в следующих частях, но затравка интересная. Спросил у автора когда будет вторая часть, его ответ:
I think the second part will come out in around a month. I have to fix the code of the fuzzer to make it a little more pretty and write the article :D
I think the second part will come out in around a month. I have to fix the code of the fuzzer to make it a little more pretty and write the article :D
Я изучаю фазинг и как раз вышло видео с воркшопом
https://www.youtube.com/live/gTISW-5Uy6I?si=sKLw02ws2mco7rza
чтобы паралельно проходить этот воркшоп есть соответствующие материалы на гитхабе
https://github.com/20urc3/Talks/tree/main/Off-By-One
https://www.youtube.com/live/gTISW-5Uy6I?si=sKLw02ws2mco7rza
чтобы паралельно проходить этот воркшоп есть соответствующие материалы на гитхабе
https://github.com/20urc3/Talks/tree/main/Off-By-One
YouTube
Introduction to Fuzzing
Join 2ourc3 (source) and myself for a session on fuzzing binaries in modern times!
a write-up of analyzing a memory dump of a ViewState Deserialization attack
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20ViewState%20Deserialization%20Exploitation
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20ViewState%20Deserialization%20Exploitation
GitHub
InsightEngineering/Debugging Case Studies/Debug Case Study: ViewState Deserialization Exploitation at main · DebugPrivilege/In…
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
Презентация find bugs in the linux kernel
https://github.com/sam4k/talk-slides/blob/main/so_you_wanna_find_bugs_in_the_linux_kernel.pdf
https://github.com/sam4k/talk-slides/blob/main/so_you_wanna_find_bugs_in_the_linux_kernel.pdf
GitHub
talk-slides/so_you_wanna_find_bugs_in_the_linux_kernel.pdf at main · sam4k/talk-slides
Contribute to sam4k/talk-slides development by creating an account on GitHub.
Catching Your Favorite C2 In Memory Using Stack & Thread Telemetry.
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/