Залутал два баджа, один за 2 место в Sans DFIR Netwars (ctf), и другой за первое место в ctf чисто по малвейр реверсу, который проводился среди учащихся на курсе sans for610
hyperv-1dayclass_CVE-2024-38080
https://hackyboiz.github.io/2024/09/01/pwndorei/hyperv-1dayclass_CVE-2024-38080/
https://hackyboiz.github.io/2024/09/01/pwndorei/hyperv-1dayclass_CVE-2024-38080/
TRACE is a digital forensic tool I developed as my final year project. It provides an intuitive interface for analyzing disk images and includes a range of functionalities to assist forensic examiners in extracting and viewing the contents of various image file formats.
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit
GitHub
GitHub - Gadzhovski/TRACE-Forensic-Toolkit: Digital forensic analysis tool that provides a user-friendly interface for investigating…
Digital forensic analysis tool that provides a user-friendly interface for investigating disk images. - Gadzhovski/TRACE-Forensic-Toolkit
Пополнение в списке тулз для анализа вредоносных PDF! Давно ничего нового небыло
https://github.com/seekbytes/IPA/
https://github.com/seekbytes/IPA/
GitHub
GitHub - seekbytes/IPA: GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships…
GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for threat analysis. - seekbytes/IPA
Using Symbolic Execution to Devirtualise a Virtualised Binary
https://blog.deobfuscate.io/using-symbolic-execution-for-devirtualisation
https://blog.deobfuscate.io/using-symbolic-execution-for-devirtualisation
Reverse Engineering Blog
Using Symbolic Execution to Devirtualise a Virtualised Binary
Using symbolic execution to reverse engineer and devirtualise a binary using virtual machine obfuscation.
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
https://www.embeeresearch.io/advanced-cyberchef-techniques-defeating-nanocore-obfuscation-with-math-and-flow-control/
https://www.embeeresearch.io/advanced-cyberchef-techniques-defeating-nanocore-obfuscation-with-math-and-flow-control/
Embee Research
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.
A Comprehensive Survey on Advanced Persistent Threat (APT) Detection Techniques
https://cdn.techscience.cn/files/cmc/2024/TSP_CMC-80-2/TSP_CMC_52447/TSP_CMC_52447.pdf
https://cdn.techscience.cn/files/cmc/2024/TSP_CMC-80-2/TSP_CMC_52447/TSP_CMC_52447.pdf
A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
CVE-2024-5274: A Minor Flaw in V8 Parser Leading to Catastrophes
https://www.darknavy.org/blog/cve_2024_5274_a_minor_flaw_in_v8_parser_leading_to_catastrophes/
https://www.darknavy.org/blog/cve_2024_5274_a_minor_flaw_in_v8_parser_leading_to_catastrophes/
DARKNAVY
CVE-2024-5274: A Minor Flaw in V8 Parser Leading to Catastrophes
In May of this year, we noticed that Chrome fixed a V8 vulnerability that was being exploited in the wild in this update. We quickly pinpointed the fix for this vulnerability and discovered that it was a rare bug in the Parser module, which piqued our interest…
Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
Hamza’s blog posts, notes and thoughts.
Emulating Android native libraries using unidbg
Introduction Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single use…
Diving into ADB protocol internals
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Synacktiv
Diving into ADB protocol internals (1/2)