[DEFCON 20] Embedded device firmware vulnerability hunting using FRAK

Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole

https://youtu.be/k9nC8wYVhoU

#Eko2020​ Main Track | Static analysis-based recovery of service function calls in UEFI firmware

Reversing #UEFI​ firmware requires a lot of background and knowledge about #firmware​ and understanding of #hardware​ before you can start hunting for vulnerabilities. With our new tool, we automatically recover services calls and EFI type info, so that a firmware code looks like original

https://youtu.be/rK0tmVa19ME

Introduction to IoT Reversing Firmware

In this webinar, we talked about how to get started with IoT pentesting and hands-on approach for firmware reversing and finding bugs on the classic router and other gateways.

https://youtu.be/pHSDeCszNvU

Malware found on the Huawei's AppGallery app store for the first time (10 apps were installed by 538,000 users)
https://news.drweb.com/show/?i=14182

[Vulnerability] - Cookie Stored injection - XSS at Heroic Third Service, call cookies!

the application calls an external service to create the cookies and they are sent back to the server!

https://youtu.be/maatBdt8TPY

Youtube: @Phatansm_Lab

🕴 @Phantasm_Lab

The Mobile Application Hackers Handbook

Mobile computing has changed the game. Your personal data is no longer just stored on your desktop in the sanctuary of your office or home. You now carry personally identifiable information, financial data, personal and corporate email, and much more in your pocket, wherever you go. The smartphone is quickly becoming ubiquitous, and with at least 40 applications installed on the average smartphone the attack surface is significant.

The focus of this book is highly practical. Although we provide some background theory for you to understand the fundamentals of mobile application vulnerabilities, our primary concern is documenting the techniques you need to master to attack and exploit them. Where applicable, we include real-world examples derived from our many years of experience and from publically documented vulnerabilities.

🕴 @Phantasm_Lab

The Hacker Playbook 2 - Practical Guide To Penetration Testing | PDF/EPUB/MOBI | 23/18/53 MB |

https://drive.google.com/open?id=0B-OpLAp8EyTfV0JpS1MtX015aEU

🕴 @Phantasm_Lab

The Hacker PlayBook 3 - Pratical Guide To Penetration Testing

This is the third iteration of The Hacker Playbook (THP) series. Below is an overview of all the new vulnerabilities and attacks that will be discussed. In addition to the new content, some attacks and techniques from the prior books (which are still relevant today) are included to eliminate the need to refer back to the prior books. So, what's new? Some of the updated topics from the past couple of years include:

- Abusing Active Directory
- Abusing Kerberos
- Advanced Web Attacks
- Better Ways to Move Laterally
- Cloud Vulnerabilities
- Faster/Smarter Password Cracking
- Living Off the Land
- Lateral Movement Attacks
- Multiple Custom Labs
- Newer Web Language Vulnerabilities
- Physical Attacks
- Privilege Escalation
- PowerShell Attacks
- Ransomware Attacks
- Red Team vs Penetration Testing
- Setting Up Your Red Team Infrastructure
- Usable Red Team Metrics
- Writing Malware and Evading AV
- And so much more

🕴🏽 @Phantasm_Lab