https://github.com/rust-embedded/rust-raspberrypi-OS-tutorials
#rust
#Raspberrypi
@iotpenetrationtesting
#rust
#Raspberrypi
@iotpenetrationtesting
GitHub
GitHub - rust-embedded/rust-raspberrypi-OS-tutorials: :books: Learn to write an embedded OS in Rust :crab:
:books: Learn to write an embedded OS in Rust :crab: - rust-embedded/rust-raspberrypi-OS-tutorials
https://labs.bishopfox.com/tech-blog/an-intro-to-fuzzing-aka-fuzz-testing
#fuzz
#aka
@iotpenetrationtesting
#fuzz
#aka
@iotpenetrationtesting
Bishop Fox
Fuzz Testing for blackbox security analysis
Learn about fuzzing testing, who should fuzz, what types of fuzzers exist, how to write a good harness to perform blackbox analysis on a given program.
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
#wifi
#Bluetooth
@iotpenetrationtesting
https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
#wifi
#Bluetooth
@iotpenetrationtesting
Into the art of Binary Exploitation
https://7h3h4ckv157.medium.com/?p=b4658238ee62
#exploitation
@iotpenetrationtesting
https://7h3h4ckv157.medium.com/?p=b4658238ee62
#exploitation
@iotpenetrationtesting
GoSecure Titan Labs Technical Report: BluStealer Malware Threat
https://www.gosecure.net/blog/2021/09/22/gosecure-titan-labs-technical-report-blustealer-malware-threat
#Malware_analysis
@iotpenetrationtesting
https://www.gosecure.net/blog/2021/09/22/gosecure-titan-labs-technical-report-blustealer-malware-threat
#Malware_analysis
@iotpenetrationtesting
Hunting Ghosts in Bluetooth Firmware: BrakTooth Meets Frankenstein
https://naehrdine.blogspot.com/2021/09/hunting-ghosts-in-bluetooth-firmware.html
#Bluetooth
#firmware
@iotpenetrationtesting
https://naehrdine.blogspot.com/2021/09/hunting-ghosts-in-bluetooth-firmware.html
#Bluetooth
#firmware
@iotpenetrationtesting
ransomware_report_2021.pdf
1.2 MB
"Ransomware in a global context", 2021.
]-> https://blog.virustotal.com/2021/10/ransomware-in-global-context.html
#Analytics
#Malware_analysis
@iotpenetrationtesting
]-> https://blog.virustotal.com/2021/10/ransomware-in-global-context.html
#Analytics
#Malware_analysis
@iotpenetrationtesting
https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer
#Bluetooth
@iotpenetrationtesting
#Bluetooth
@iotpenetrationtesting
GitHub
GitHub - Matheus-Garbelini/esp32_bluetooth_classic_sniffer: Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board…
Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get. Works with Scapy ;-) - Matheus-Garbelini/esp32_bluetooth_classic_sniffer
1. Cisco VOIP Adapter ATA19X Privilege Escalation
and RCE (PoC for CVE-2021-34710)
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce
2. Dahua Console: access internal debug console
and/or other researched functions
https://github.com/mcw0/DahuaConsole
#IoT_Security
@iotpenetrationtesting
and RCE (PoC for CVE-2021-34710)
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce
2. Dahua Console: access internal debug console
and/or other researched functions
https://github.com/mcw0/DahuaConsole
#IoT_Security
@iotpenetrationtesting
Onekey
Advisory: Cisco ATA19X Privilege Escalation and RCE | ONEKEY Research | Research | ONEKEY
We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.
#IoT_Security
Uncovering Broadcom SDK Vulnerabilities from Bug Reports
https://www.iot-inspector.com/blog/broadcom-sdk-vulnerabilities-bug-reports
#Sdk
#Vulnerability
@iotpenetrationtesting
Uncovering Broadcom SDK Vulnerabilities from Bug Reports
https://www.iot-inspector.com/blog/broadcom-sdk-vulnerabilities-bug-reports
#Sdk
#Vulnerability
@iotpenetrationtesting
Onekey
Severe SDK vulnerabilities at Broadcom due to copy-paste engineering | ONEKEY
The Deimos implant
https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant
#Malware_analysis
@iotpenetrationtesting
https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant
#Malware_analysis
@iotpenetrationtesting
www.elastic.co
Going Coast to Coast - Climbing the Pyramid with the Deimos Implant — Elastic Security Labs
The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.
Necro Python Botnet
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Juniper Networks
Necro Python Botnet Goes After Vulnerable VisualTools DVR
In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a
1. A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy
https://cybergeeks.tech/skinnyboy-apt28
2. BlackByte Ransomware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis
#Malware_analysis
@iotpenetrationtesting
https://cybergeeks.tech/skinnyboy-apt28
2. BlackByte Ransomware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis
#Malware_analysis
@iotpenetrationtesting
Levelblue
BlackByte Ransomware – Pt. 1 In-depth Analysis | Trustwave
During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.
#exploit
CVE-2021-42342:
Goahead webserver (<5.1.5) RCE
https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-
@iotpenetrationtesting
CVE-2021-42342:
Goahead webserver (<5.1.5) RCE
https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-
@iotpenetrationtesting
GitHub
GitHub - kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-: A small PoC for the recent RCE found in the Goahead Webserver…
A small PoC for the recent RCE found in the Goahead Webserver prior to version 5.1.5. - GitHub - kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-: A small PoC for the recent RCE found i...
With the emergence of new technologies, the Internet of Things (IoT) has been proposed recently which aims at providing very-long-range transmission with low power consumption. However, this technology suffers from several security and privacy vulnerabilities that could compromise availability, authentication, and privacy. This channel aims to provide enormous stuff, for instance, books, codes, videos, and presentations slides. Please welcome and join us.
@iotpenetrationtesting
@iotpenetrationtesting