Zero To RCE In Two Days - Exploiting Zoom on macOS https://gsec.hitb.org/materials/sg2019/D1%20COMMSEC%20-%20Zero%20to%20RCE%20in%20Two%20Days%20-%20Exploiting%20Zoom%20On%20macOS%20-%20Michael%20Gianarakis%20&%20Sean%20Yeoh.pdf #macos #dukeBarman
Reverse Taint Analysis Using Binary Ninja
https://blog.trailofbits.com/2019/08/29/reverse-taint-analysis-using-binary-ninja/ #reverse #dukeBarman
https://blog.trailofbits.com/2019/08/29/reverse-taint-analysis-using-binary-ninja/ #reverse #dukeBarman
The Trail of Bits Blog
Reverse Taint Analysis Using Binary Ninja
We open-sourced a set of static analysis tools, KRFAnalysis, that analyze and triage output from our system call (syscall) fault injection tool KRF. Now you can easily figure out where and why, KRF crashes your programs. During my summer internship at Trail…
ROP On x64: What's ret2csu Again? https://bananamafia.dev/post/x64-rop-redpwn/ #radare2 #CTF #exploit #dukeBarman
Automated ROP Chain Integrity https://bannedit.github.io/Automated-ROP-Chain-Integrity.html#Automated-ROP-Chain-Integrity #exploit #dukeBarman
bannedit's musings
Automated ROP Chain Integrity
In software engineering unit testing has become the norm. In the world of exploit development, testing and automation is lacking. This blog post will introduce a technique for automated testing of Return Oriented Programming (ROP) chain integrity. Admittedly…
lpe is a collection of verified Linux kernel exploits https://github.com/jollheef/lpe #exploit #dukeBarman
GitHub
GitHub - jollheef/lpe: collection of verified Linux kernel exploits
collection of verified Linux kernel exploits. Contribute to jollheef/lpe development by creating an account on GitHub.
BinDiff wrapper noscript for multiple binary diffing https://github.com/TakahiroHaruyama/ida_haru/tree/master/bindiff #reverse #dukeBarman
GitHub
ida_haru/bindiff at master · TakahiroHaruyama/ida_haru
noscripts/plugins for IDA Pro. Contribute to TakahiroHaruyama/ida_haru development by creating an account on GitHub.
IDA loader for Apple 64 bits SecureROM, based on _argp's iBoot64helper https://github.com/matteyeux/srom64helper #ida #reverse #dukeBarman
GitHub
GitHub - matteyeux/srom64helper: use https://github.com/argp/iBoot64helper which is the orginal repo and far more advanced
use https://github.com/argp/iBoot64helper which is the orginal repo and far more advanced - matteyeux/srom64helper
DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables https://github.com/googleprojectzero/DrSancov #fuzzing #dukeBarman
GitHub
GitHub - googleprojectzero/DrSancov: DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables
DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables - googleprojectzero/DrSancov
[GSoC] Ghidra firmware utilities, wrap-up https://blogs.coreboot.org/blog/2019/08/22/gsoc-ghidra-firmware-utilities-wrap-up/ #ghidra #hardware #reverse #dukeBarman
coreboot
Ghidra firmware utilities, wrap-up
Hi everyone. The official programming period for GSoC 2019 is now over, and it's time for final evaluations. I will use this post to summarize what I've worked on this summer, as well as how to use the Ghidra plugin. The project is available on GitHub:
Patching system improvement plugin for IDA https://github.com/scottmudge/DebugAutoPatch #reverse #ida #dukeBarman
GitHub
GitHub - scottmudge/DebugAutoPatch: Patching system improvement plugin for IDA.
Patching system improvement plugin for IDA. Contribute to scottmudge/DebugAutoPatch development by creating an account on GitHub.
Heap exploit development - case study from an in-the-wild iOS 0-day https://azeria-labs.com/heap-exploit-development-part-1/ #exploit #ios #dukeBarman
Azeria-Labs
Heap Exploit Development
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow https://blog.talosintelligence.com/2019/09/ghida.html #ida #reverse #ghidra #dukeBarman
Cisco Talos Blog
GhIDA: Ghidra decompiler for IDA Pro
Talos intelligence and world-class threat research team better protects you and your organization against known and emerging cybersecurity threats.
This year, we will again have an interesting task for #ZeroNights #HackQuest. Do not miss it 😎
https://twitter.com/ZeroNights/status/1169616048489979904
https://twitter.com/ZeroNights/status/1169616048489979904
Ghidra decompiler integration for #radare2 & Cutter https://github.com/radareorg/r2ghidra-dec #reverse #r2con #dukeBarman
GitHub
GitHub - rizinorg/rz-ghidra: Deep ghidra decompiler and sleigh disassembler integration for rizin
Deep ghidra decompiler and sleigh disassembler integration for rizin - rizinorg/rz-ghidra
Cutter v1.9 was released on #r2con with a full integration of Ghidra decompiler in Cutter! 🥳 Download v1.9 with the Decompiler from https://cutter.re #reverse #radare2 #ghidra #dukeBarman
CPP+Dynamic+Type+Recovery.pdf
1.1 MB
Automation Techniques in C++ Reverse Engineering https://www.msreverseengineering.com/blog/2019/8/5/automation-techniques-in-c-reverse-engineering #re #cpp #darw1n