PHP Security Check List
https://github.com/ismailtasdelen/php-security-check-list
#web #pentest #checklist #darw1n

"The Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds..." Site: http://thunderclap.io/ Paper: http://thunderclap.io/thunderclap-paper-ndss2019.pdf #hardware #dukeBarman

Awesome-WAF: A curated list of awesome web-app firewall (WAF) stuff:
- Fingerprints of almost all known WAFs (80+)
- Popular methods for evasion w/ ex.
- Compiled list of known bypasses for WAFs
- Tools,papers,videos & presentations

https://github.com/0xInfection/Awesome-WAF

#web #pentest #waf #bypass #darw1n

Radare2 team happy to announce Radare Summer of Code this year too. To learn more about RSoC'19 summer internship program visit http://rada.re/rsoc/2019 You will have chance to improve the analysis support, types inference and many other exciting things. #radare2 #reverse #dukeBarman

https://blog.kartone.ninja/2019/02/07/reverse-engineering-the-router-technicolor-tg582n/ #hardware #dukeBarman

A journey into IoT – Hardware hacking: UART https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/ #hardware #dukeBarman

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Hashing Algorithms along with example challenges from CTFs

https://github.com/ashutosh1206/Crypton

#crypto #ctf #darw1n

This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to achieve code execution. The vulnerability was initially found in 2016 and the vendor was contacted however no response was ever received. Now several years later (March 2019 at time of writing), the vulnerability still exists in the latest version.

https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

#re #fuzzing #expdev

NSA releases own software reverse engineering (SRE) suite - GHIDRA

Site: https://ghidra-sre.org/
Github: https://github.com/NationalSecurityAgency/ghidra
Direct link: https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip

P.S. Don't forget about checking backdoors ;)

#reverse #dukeBarman

#GHIDRA (NSA Reverse Engineering Suite)

https://github.com/alexander-hanel/hansel #ida #reverse #dukeBarman

SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks (new meltdown?) https://arxiv.org/pdf/1903.00446.pdf #hardware #dukeBarman

https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/ #exploit #dukeBarman

Details of Microsoft Windows WDS tftp Server Use-after-free Vulnerability by Check Point Research (CVE-2018-8476)
https://research.checkpoint.com/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/ #expdev #re #darw1n

Fuzzing Adobe Reader for exploitable vulns using AFL
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html #fuzzing #afl #adobe #expdev #re #darw1n

https://twitter.com/GHIDRA_RE #ghidra #reverse #dukeBarman

Дорогие женщины! Поздравляем вас с Международным женским днём 8 Марта!

Благодарим вас за то, что вдохновляете и поддерживаете мужчин, верите в них и побуждаете двигаться к новым целям и вершинам!

Желаем вам солнечного настроения, необъятной любви и большой удачи! И чтобы ваши мужчины всегда окружали вас своей заботой и вниманием. ⁠ С праздником Вас!⁠ #darw1n

Updated Analysis of PatchGuard on Microsoft Windows 10 RS4 https://blog.tetrane.com/downloads/Tetrane_PatchGuard_Analysis_RS4_v1.00.pdf #re #patchguard #expdev #rootkit #darw1n

A great post on setting up fuzzing for a WebRTC server.

https://webrtchacks.com/fuzzing-janus/

#re #fuzzing #expdev #darw1n

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://github.com/secfigo/Awesome-Fuzzing

#re #fuzzing #expdev #darw1n

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

https://github.com/Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit

#re #expdev #webkit #browser #ps4 #darw1n