https://erfur.github.io/down_the_rabbit_hole_pt2/ #radare2 #uefi #dukeBarman

An archive of low-level CTF challenges developed by j00ru over the years https://github.com/j00ru/ctf-tasks #ctf #reverse #dukeBarman

[PoC] Windows DHCP Server RCE Vulnerability Analysis (CVE-2019-0626) https://mp.weixin.qq.com/s/OissE9gAVkKmAXuiIUeOLA #windows #expdev #rce #poc #darw1n

Linux Kernel hooking engine was updated https://github.com/milabs/khook/tree/dev Looking for testers (update is in only dev branch) and help with ARM support #linux #exploit

Finding Undocumented Intel Atom MSR's in the Viliv S5 Through BIOS Reverse Engineering https://stragedevices.blogspot.com/2019/02/finding-verified-intel-atom-msrs-in.html #reverse #bios #dukeBarman

(CVE-2019-6340) Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution https://www.ambionics.io/blog/drupal8-rce POC: https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88 #web #drupal #rce #poc

☝️ From March 1, our forum will be temporarily closed for maintenance. Therefore, it will not be available for one or two months. We are sorry for the inconvenience.

Unc0ver Jailbreak has been released for iOS 12 .1.2 to iOS 12 with full functional Cydia. Unc0ver tool compatible with iOS 11 to 11.4.1 Jailbreak too.

Article: https://pangu8.com/jailbreak/unc0ver/
Release: https://github.com/pwn20wndstuff/Undecimus/releases

#ios #jailbreak #expdev #tools #darw1n

PHP Security Check List
https://github.com/ismailtasdelen/php-security-check-list
#web #pentest #checklist #darw1n

"The Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds..." Site: http://thunderclap.io/ Paper: http://thunderclap.io/thunderclap-paper-ndss2019.pdf #hardware #dukeBarman

Awesome-WAF: A curated list of awesome web-app firewall (WAF) stuff:
- Fingerprints of almost all known WAFs (80+)
- Popular methods for evasion w/ ex.
- Compiled list of known bypasses for WAFs
- Tools,papers,videos & presentations

https://github.com/0xInfection/Awesome-WAF

#web #pentest #waf #bypass #darw1n

Radare2 team happy to announce Radare Summer of Code this year too. To learn more about RSoC'19 summer internship program visit http://rada.re/rsoc/2019 You will have chance to improve the analysis support, types inference and many other exciting things. #radare2 #reverse #dukeBarman

https://blog.kartone.ninja/2019/02/07/reverse-engineering-the-router-technicolor-tg582n/ #hardware #dukeBarman

A journey into IoT – Hardware hacking: UART https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/ #hardware #dukeBarman

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs

https://github.com/ashutosh1206/Crypton

#crypto #ctf #darw1n

This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to achieve code execution. The vulnerability was initially found in 2016 and the vendor was contacted however no response was ever received. Now several years later (March 2019 at time of writing), the vulnerability still exists in the latest version.

https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

#re #fuzzing #expdev

NSA releases own software reverse engineering (SRE) suite - GHIDRA

Site: https://ghidra-sre.org/
Github: https://github.com/NationalSecurityAgency/ghidra
Direct link: https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip

P.S. Don't forget about checking backdoors ;)

#reverse #dukeBarman

#GHIDRA (NSA Reverse Engineering Suite)

https://github.com/alexander-hanel/hansel #ida #reverse #dukeBarman

SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks (new meltdown?) https://arxiv.org/pdf/1903.00446.pdf #hardware #dukeBarman

https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/ #exploit #dukeBarman