Malware writer likes to use ptrace(), why and how?
because with ptrace(), you can essentially redirect the debuggee to call malloc(), and given the newly allocated memory, insert a new program into the newly allocated memory (making sure the pages are marked readable and executable), and redirect some existing codes to that memory for execution and then let the debuggee continue execution.
PoC:
https://github.com/gaffe23/linux-inject
https://shunix.com/shared-library-injection-in-android/
because with ptrace(), you can essentially redirect the debuggee to call malloc(), and given the newly allocated memory, insert a new program into the newly allocated memory (making sure the pages are marked readable and executable), and redirect some existing codes to that memory for execution and then let the debuggee continue execution.
PoC:
https://github.com/gaffe23/linux-inject
https://shunix.com/shared-library-injection-in-android/
GitHub
GitHub - gaffe23/linux-inject: Tool for injecting a shared object into a Linux process
Tool for injecting a shared object into a Linux process - gaffe23/linux-inject
embedded-operating-systems-2nd.rar
10.6 MB
Embedded Operating Systems: A Practical Approach, 2nd Edition 2018
HackerOne
https://t.co/xUX8nzLLgo https://t.co/5eICcCYyPA
this is not a vulnerability telegram desktop, this is a extension spoofing in windows,
if you need more info, please check youtube link,
https://www.youtube.com/watch?v=FzWuOwjK7-I
if you need more info, please check youtube link,
https://www.youtube.com/watch?v=FzWuOwjK7-I
YouTube
Spoofing exe Extension To Any Extension jpg, pdf etc
BlueHat IL 2018 - Saar Amar - Linux Vulnerabilities Windows Exploits: Escalating Privileges with WSL
https://m.youtube.com/watch?v=3deJvbBHET4
https://m.youtube.com/watch?v=3deJvbBHET4
YouTube
BlueHat IL 2018 - Saar Amar - Linux Vulnerabilities Windows Exploits: Escalating Privileges with WSL
WSL (Windows Subsystem for Linux) is an impressive mechanism integrated recently into the Windows 10 kernel. This subsystem allows Linux executables to run w...
delete any image in Facebook
https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327
https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327
Medium
How I was able to delete any image in Facebook community question forum
Hello guys, my name is Sarmad Hassan known as (Juba Baghdad), I’m a bug hunter from Iraq, it’s my first write up about bug bounty programs…
Executing JScript from Powershell via .NET reflection
[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');
$js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");'
[Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine());
[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');
$js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");'
[Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine());