Pwntools 101 - Pwndbg & Buffer Overflows #Pwntools #Pwndbg #BufferOverflows #ArchCloudLabs #ExploitDevelopment https://www.archcloudlabs.com/projects/pwntools-bof/
Arch Cloud Labs
Pwntools 101 - Pwndbg & Buffer Overflows
About The Project Pwndbg and Pwntools are Python frameworks for automating different parts of exploit development. These frameworks are highly popular amongst CTF players as they simplify and accelerate the creation of Proof of Concept (PoC) scripts for memory…
Setting up an x86 CPU in 64-bit mode #x86CPU #64BitMode #BootSectorSetup #ProtectedMode #LongModeSwitch https://thasso.xyz/2024/07/13/setting-up-an-x86-cpu.html
thasso.xyz
Thasso's Cyberspace Home
blackbox-fuzzing: Fuzzing IoT Devices Using the Router TL-WR902AC as Example #GitHub #Fuzzing #IoTDevices #MemoryVulnerability #RouterTLWR902AC https://github.com/otsmr/blackbox-fuzzing
GitHub
GitHub - otsmr/blackbox-fuzzing: Fuzzing IoT Devices Using the Router TL-WR902AC as Example
Fuzzing IoT Devices Using the Router TL-WR902AC as Example - otsmr/blackbox-fuzzing
Pwntools 103 - Automating Binary Interaction #Pwntools #BinaryAutomation #CTF #CyberSecurity #ArchCloudLabs https://www.archcloudlabs.com/projects/pwntools-automating-interactions/
Arch Cloud Labs
Pwntools 103 - Automating Binary Interaction
About The Project In continuation of Arch Cloud Labs’ previous blog post on Pwntools, we dive deeper into the Pwntools framework, focusing on automating interactions with binary programs. Imagine a scenario where you need your binary to follow a specific…
Pwntools 102 - Crafting Shellcode with Shellcraft #Shellcraft #Pwntools #CTF #ReverseEngineering #ShellcodeCrafting https://www.archcloudlabs.com/projects/pwntools-shellcraft/
Arch Cloud Labs
Pwntools 102 - Crafting Shellcode with Shellcraft
About The Project Following up from Arch Cloud Labs’ previous blog post on Pwntools, we’ll continue to explore the pwntools framework this time focusing on shellcode generation. It’s not uncommon in the world of pwn/reverse engineering challenges for a requirement…
Scaling Up Malware Analysis with Gemini 1.5 Flash #MalwareAnalysis #Gemini1.5 #GoogleCloud #ThreatIntelligence #AIAnalysis https://cloud.google.com/blog/topics/threat-intelligence/scaling-up-malware-analysis-with-gemini
Google Cloud Blog
Scaling Up Malware Analysis with Gemini 1.5 Flash | Google Cloud Blog
We demonstrate how Gemini 1.5 Flash is capable of large-scale malware analysis in under a minute.
ebpf-for-windows: eBPF implementation that runs on top of Windows #eBPF #Windows #Implementation #Microsoft #GitHub https://github.com/microsoft/ebpf-for-windows
GitHub
GitHub - microsoft/ebpf-for-windows: eBPF implementation that runs on top of Windows
eBPF implementation that runs on top of Windows. Contribute to microsoft/ebpf-for-windows development by creating an account on GitHub.
XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability #XenForo #CSRF #Vulnerability #RCE #KarmaInSecurity https://karmainsecurity.com/KIS-2024-05
Karmainsecurity
XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability #IdentityCrisis #Vulnerability #CyberArk #IdentitySecurity #PrivilegeEscalation https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability
Cyberark
Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability
During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic...
How to Bypass Golang SSL Verification #Golang #SSLVerification #CyberArk #Security #Programming https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
Cyberark
How to Bypass Golang SSL Verification
Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...
👍1
Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA #FirmwareSecurity #EMBAAnalyzer #AutomatedAnalysis #OpenSource #IoTSecurity https://medium.com/@iugkhgf/leveraging-automated-firmware-analysis-with-the-open-source-firmware-analyzer-emba-46d30d587a87
Medium
Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA
The Internet of Things (IoT) ecosystem as well as critical infrastructure represents a rapidly growing technology field that connects…
Windows Installer, Exploiting Custom Actions #WindowsInstaller #CustomActions #Vulnerability #ElevationOfPrivileges #CVE2023-32016 https://blog.doyensec.com/2024/07/18/custom-actions.html
👍1
Compiler Options Hardening Guide for C and C++ #CompilerOptionsHardening #OpenSSF #BestPractices #CProgramming #C++Programming https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
OpenSSF Best Practices Working Group
Compiler Options Hardening Guide for C and C++
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
👍2
Attacking Connection Tracking Frameworks as used by Virtual Private Networks https://petsymposium.org/popets/2024/popets-2024-0070.pdf
👍1
How did I approach making linux LKM rootkit, “reveng_rtkit” ? #LinuxLKM #Rootkit #reveng_rtkit #KernelManipulation #SyscallInterception https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html
reveng007’s Blog
How did I approach making linux LKM rootkit, “reveng_rtkit” ?
READING TIME: 53 min.
👍1
Unveiling secrets of the ESP32: creating an open-source MAC Layer #ESP32 #OpenSource #MACLayer #ReverseEngineering #Wi-FiNetworking https://zeus.ugent.be/blog/23-24/open-source-esp32-wifi-mac/
Zeus WPI
Unveiling secrets of the ESP32: creating an open-source MAC Layer
Reverse engineering the ESP32 Wi-Fi hardware registers
Code injection on Android without ptrace #CodeInjection #Android #Rust #Shellcode #SELinux https://erfur.dev/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace
Prompt Engineering https://x.com/bindureddy/status/1814409737557160044?s=61
Exploring GNU extensions in the Linux kernel https://maskray.me/blog/2024-05-12-exploring-gnu-extensions-in-linux-kernel
MaskRay
Exploring GNU extensions in the Linux kernel
The Linux kernel is written in C, but it also leverages extensions provided by GCC. In 2022, it moved from GCC/Clang -std=gnu89 to -std=gnu11. This article explores my notes on how these GNU extension
🤷2
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android #EvilVideoVulnerability #TelegramAndroidExploit #ZeroDayDiscovery #CyberSecurity #MaliciousPayloads https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Welivesecurity
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos.
👍2🥱2