Quick Summary Hey guys Today SecNotes retired. SecNotes was a very nice box and I really liked that it mixed between windows and linux , and that’s because it was a windows box and it had windows subsystem for linux (WSL) installed.It was relatively easy.…

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis…

At Real World Crypto 2019, Mihir Bellare won the Levchin Prize (along with Eric Rescorla) and gave a short and inspiring speech. You can watch it here. In it, he briefly mentioned what I'll call the speed issue:

when I started it was a question of being…

For my vulnserver TRUN exploit, I decided to use a three byte overwrite to jump to EAX. Three Byte Overwrite (Vulnserver TRUN) - Introduction As I mentioned in my earlier post, I am going through vulnserver for OSCE/binary exploitation practice. … Continue…

Hackers are using more sophisticated methods to target journalists, including those who use two-step authentication (2FA)....

IDAPython tool for creating automatic C++ virtual tables in IDA Pro - 0xgalz/Virtuailor

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555 - fs0c131y/CVE-2018-20555

Quick Summary Hey guys this is my write-up about Dummy from Wizard Labs. If you don’t know them , They are a new penetration testing lab, They have 16 boxes so far and Dummy is their first box to retire. This lab is nice I definitely recommend checking it…

Extract IOCs from text, including "escaped" ones. Contribute to assafmo/xioc development by creating an account on GitHub.

In Inteno’s IOPSYS devices, and very possibly other devices running firewall3 (which is included by default on most OpenWRT-based firmwares), it is possible ...

So today I wanted to do a blog post on Black Energy. The sample I will be working with was sourced from hybrid analysis here: This particular piece of malware was used to target the networks used t…

2 votes and 0 comments so far on Reddit

Today I wanted to do a real quick post on a PowerShell downloader linked to Emotet. Here is a little background on what Emotet is according to Malwarebytes: Emotet is a Trojan that is primarily spr…

Apache use after free bug infos / ASAN stack traces - hannob/apache-uaf

When I was a kid I played a lot of a game called Runescape. For those of you unaware, this is a Massive Multiplayer Online Roleplaying…

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail…

1 vote and 0 comments so far on Reddit

A Short Micropatching Trilogy by Mitja Kolsek, the 0patch Team While we're busy ironing out the wrinkles before 0patch finally exits i...