Stack Frames Advanced
ضروریترین بخش برای Exploit + ROP
هدف:
کامپایلر دقیقا چه چیزهایی رو داخل استک ذخیره میکنه
متغیر های محلی چجوری روی استک قرار میگیرن؟
کد C:
کامپایل با -O0:
نکته مهم برای اکسپلویت:
لوکالها همیشه از آدرسهای:
شروع میشن
این دقیقا جاییه که بافر اورفلو اتفاق میوفته
Stack Frames Advanced
The most essential part for Exploit + ROP
Objective:
What exactly does the compiler store on the stack
How are local variables placed on the stack?
C code:
Compile with -O0:
Important note for exploit:
Locals always start at:
This is exactly where the buffer overflow occurs
@reverseengine
ضروریترین بخش برای Exploit + ROP
هدف:
کامپایلر دقیقا چه چیزهایی رو داخل استک ذخیره میکنه
Saved RBP
Return Address
Local Variables
Padding / Alignment
Call-preserved registers
متغیر های محلی چجوری روی استک قرار میگیرن؟
کد C:
int func(int x) {
int a = 5;
int b = x + 3;
return a + b;
}
کامپایل با -O0:
push rbp
mov rbp, rsp
sub rsp, 16 ; allocate space for a, b
mov DWORD PTR [rbp-4], 5
mov eax, DWORD PTR [rbp+16] ; x
add eax, 3
mov DWORD PTR [rbp-8], eax
mov eax, DWORD PTR [rbp-4]
add eax, DWORD PTR [rbp-8]
leave
ret
نکته مهم برای اکسپلویت:
لوکالها همیشه از آدرسهای:
rbp - 4
rbp - 8
rbp - 0x10
شروع میشن
این دقیقا جاییه که بافر اورفلو اتفاق میوفته
Stack Frames Advanced
The most essential part for Exploit + ROP
Objective:
What exactly does the compiler store on the stack
Saved RBP
Return Address
Local Variables
Padding / Alignment
Call-preserved registers
How are local variables placed on the stack?
C code:
int func(int x) {
int a = 5;
int b = x + 3;
return a + b;
}
Compile with -O0:
push rbp
mov rbp, rsp
sub rsp, 16 ; allocate space for a, b
mov DWORD PTR [rbp-4], 5
mov eax, DWORD PTR [rbp+16] ; x
add eax, 3
mov DWORD PTR [rbp-8], eax
mov eax, DWORD PTR [rbp-4]
add eax, DWORD PTR [rbp-8]
leave
ret
Important note for exploit:
Locals always start at:
rbp - 4
rbp - 8
rbp - 0x10
This is exactly where the buffer overflow occurs
@reverseengine
The FLARE team's open-source tool to identify capabilities in executable files
https://github.com/fireeye/capa
@reverseengine
https://github.com/fireeye/capa
@reverseengine
GitHub
GitHub - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa
Tools to process ARM's Machine Readable Architecture Specification
https://github.com/alastairreid/mra_tools
@reverseengine
https://github.com/alastairreid/mra_tools
@reverseengine
GitHub
GitHub - alastairreid/mra_tools: Tools to process ARM's Machine Readable Architecture Specification
Tools to process ARM's Machine Readable Architecture Specification - alastairreid/mra_tools
Forwarded from GO-TO CVE
CVE-2025-55184-week-81.pdf
1.1 MB
🎯 Week 81 — CVE‑2025‑55184 / CVE‑2025‑67779 — React Server Components — Denial of Service
🔹 Week: 81
🔹 CVE: CVE‑2025‑55184 & CVE‑2025‑67779
🔹 Type: Denial of Service (Infinite Loop during deserialization of malicious HTTP requests)
🔹 Impact: Server hang and 100% CPU consumption via a single malicious request to any Server Function endpoint, leading to complete service denial.
🔹 Fixed in: React v19.0.3, v19.1.4, v19.2.3 (and corresponding react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack packages)
🔹 Action: Upgrade affected packages immediately. Note: Only applications using React Server Components are vulnerable.
#week_81
🔹 Week: 81
🔹 CVE: CVE‑2025‑55184 & CVE‑2025‑67779
🔹 Type: Denial of Service (Infinite Loop during deserialization of malicious HTTP requests)
🔹 Impact: Server hang and 100% CPU consumption via a single malicious request to any Server Function endpoint, leading to complete service denial.
🔹 Fixed in: React v19.0.3, v19.1.4, v19.2.3 (and corresponding react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack packages)
🔹 Action: Upgrade affected packages immediately. Note: Only applications using React Server Components are vulnerable.
#week_81
❤1🔥1🤡1
This media is not supported in your browser
VIEW IN TELEGRAM
این یک شوخیه، ناراحت نشید، رفقا 😂🩶
This is a joke, don't be upset, buddies 😂🤍
This is a joke, don't be upset, buddies 😂🤍
😁14🤡1
Reverse Engineering and Patching IoT with Ghidra
Part 1:
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Part 2:
https://www.coalfire.com/The-Coalfire-Blog/April-2020/Reverse-Engineering-and-Patching-with-Ghidra
@reverseengine
Part 1:
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Part 2:
https://www.coalfire.com/The-Coalfire-Blog/April-2020/Reverse-Engineering-and-Patching-with-Ghidra
@reverseengine
Coalfire
Coalfire Blog
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.
Intezer Analyze Ghidra Plugin
https://github.com/intezer/analyze-community-ghidra-plugin
@reverseengine
https://github.com/intezer/analyze-community-ghidra-plugin
@reverseengine
GitHub
GitHub - intezer/analyze-community-ghidra-plugin: Ghidra plugin for https://analyze.intezer.com
Ghidra plugin for https://analyze.intezer.com. Contribute to intezer/analyze-community-ghidra-plugin development by creating an account on GitHub.
Attacking the IPsec Standards in Encryption-only Configurations
https://eprint.iacr.org/2007/125.pdf
@reverseengine
https://eprint.iacr.org/2007/125.pdf
@reverseengine
OPAQUE.pdf
2.2 MB
OPAQUE PREDICATE: ATTACK AND DEFENSE IN OBFUSCATED BINARY CODE
github.com/x86byte/RE-MA-Roadmap
@reverseengine
github.com/x86byte/RE-MA-Roadmap
@reverseengine
Malicious PixelCode Delivery Technique
https://github.com/S3N4T0R-0X0/Malicious-PixelCode
@reverseengine
https://github.com/S3N4T0R-0X0/Malicious-PixelCode
@reverseengine
UEFI scanner brings Microsoft Defender ATP protection to a new level
https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level
@reverseengine
https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level
@reverseengine
Microsoft News
UEFI scanner brings Microsoft Defender ATP protection to a new level
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.
OSX.EvilQuest Uncovered analyzing a new piece of mac ransomware and more!
https://objective-see.com/blog/blog_0x59.html
@reverseengine
https://objective-see.com/blog/blog_0x59.html
@reverseengine
objective-see.org
OSX.EvilQuest Uncovered
part i: infection, persistence, and more!
How to unc0ver a 0-day in 4 hours or less
https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html
@reverseengine
https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html
@reverseengine
projectzero.google
How to unc0ver a 0-day in 4 hours or less - Project Zero
By Brandon Azad, Project ZeroAt 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) ...