Bypassing Microchip Atmel SAM E70/S70/V70/V71 Security (CVE-2024-4760)
https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security
]-> Code
// The vulnerability is on the silicon level of the Atmel SAM E70/S70/V70/V71 family, therefore, it is almost imposable to patch it without hardware redesign
See also:
]-> Analysis of the ATMEL SAM Cortex-M7 microcontroller ROM, reverse engineering, emulation and fuzzing
]-> SAME70Emulator
https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security
]-> Code
// The vulnerability is on the silicon level of the Atmel SAM E70/S70/V70/V71 family, therefore, it is almost imposable to patch it without hardware redesign
See also:
]-> Analysis of the ATMEL SAM Cortex-M7 microcontroller ROM, reverse engineering, emulation and fuzzing
]-> SAME70Emulator
GitHub
GitHub - Waleedmz10/Bypassing-Microchip-Atmel-SAM-E70-S70-V70-V71
Contribute to Waleedmz10/Bypassing-Microchip-Atmel-SAM-E70-S70-V70-V71 development by creating an account on GitHub.
❤4
Forwarded from Sec Note
How to kill AV/EDR (of different kinds) with a couple of clicks
Requirements:
- Admin rights on the machine;
- Ability to deliver procmon.
And then everything is more than straightforward.
1. Enable the "EnableBootLogging" feature;
2. Create a symbolic link:
mklink C:\Windows\Procmon.pmb "<Full path to the file that needs to be overwritten>"
3. Reboot the machine.
Magic happens.
More details:
https://www.zerosalarium.com/2025/09/Break-Protective-Shell-Windows-Defender-Folder-Redirect-Technique-Symlink.html
Requirements:
- Admin rights on the machine;
- Ability to deliver procmon.
And then everything is more than straightforward.
1. Enable the "EnableBootLogging" feature;
2. Create a symbolic link:
mklink C:\Windows\Procmon.pmb "<Full path to the file that needs to be overwritten>"
3. Reboot the machine.
Magic happens.
More details:
https://www.zerosalarium.com/2025/09/Break-Protective-Shell-Windows-Defender-Folder-Redirect-Technique-Symlink.html
❤4
Wannacry Documentary
واناکرای (WannaCry) یک باجافزار مخرب بود که در می ۲۰۱۷ جهان را تکان داد. این بدافزار از آسیبپذیری EternalBlue در ویندوز (MS17-010) سوءاستفاده کرد که توسط NSA توسعه یافته و توسط Shadow Brokers فاش شده بود. واناکرای فایلها را با رمزنگاری AES-128 و RSA قفل میکرد و برای بازگردانی دادهها، باج (۳۰۰ تا ۶۰۰ دلار) به صورت بیتکوین طلب میکرد. این حمله بیش از ۲۰۰,۰۰۰ سیستم در ۱۵۰ کشور را آلوده کرد و خسارتهای میلیونی به سازمانها (مثل NHS بریتانیا) وارد آورد. یک kill switch کشفشده توسط Marcus Hutchins گسترش آن را متوقف کرد. واناکرای به گروه لازاروس (مرتبط با کره شمالی) نسبت داده شده است.
Wannacry Documentary
WannaCry was a ransomware attack that shook the world in May 2017. The malware exploited the EternalBlue vulnerability in Windows (MS17-010), which was developed by the NSA and disclosed by the Shadow Brokers. WannaCry locked files with AES-128 and RSA encryption and demanded a ransom ($300-$600) in Bitcoin to restore the data. The attack infected over 200,000 systems in 150 countries, causing millions in damage to organizations (such as the UK's NHS). A kill switch discovered by Marcus Hutchins stopped its spread. WannaCry has been attributed to the Lazarus Group (linked to North Korea).
#Ransomware #wannacry
@GoSecurity
واناکرای (WannaCry) یک باجافزار مخرب بود که در می ۲۰۱۷ جهان را تکان داد. این بدافزار از آسیبپذیری EternalBlue در ویندوز (MS17-010) سوءاستفاده کرد که توسط NSA توسعه یافته و توسط Shadow Brokers فاش شده بود. واناکرای فایلها را با رمزنگاری AES-128 و RSA قفل میکرد و برای بازگردانی دادهها، باج (۳۰۰ تا ۶۰۰ دلار) به صورت بیتکوین طلب میکرد. این حمله بیش از ۲۰۰,۰۰۰ سیستم در ۱۵۰ کشور را آلوده کرد و خسارتهای میلیونی به سازمانها (مثل NHS بریتانیا) وارد آورد. یک kill switch کشفشده توسط Marcus Hutchins گسترش آن را متوقف کرد. واناکرای به گروه لازاروس (مرتبط با کره شمالی) نسبت داده شده است.
Wannacry Documentary
WannaCry was a ransomware attack that shook the world in May 2017. The malware exploited the EternalBlue vulnerability in Windows (MS17-010), which was developed by the NSA and disclosed by the Shadow Brokers. WannaCry locked files with AES-128 and RSA encryption and demanded a ransom ($300-$600) in Bitcoin to restore the data. The attack infected over 200,000 systems in 150 countries, causing millions in damage to organizations (such as the UK's NHS). A kill switch discovered by Marcus Hutchins stopped its spread. WannaCry has been attributed to the Lazarus Group (linked to North Korea).
#Ransomware #wannacry
@GoSecurity
❤4
Reverse engineering undocumented Windows Kernel features to work with the EDR
https://fluxsec.red/reverse-engineering-windows-11-kernel
https://fluxsec.red/reverse-engineering-windows-11-kernel
fluxsec.red
Reversing Undocumented Windows Kernel Features for EDR Integration
Discover how to reverse engineer Windows 11 kernel internals, identify undocumented features, and enable hidden telemetry for enhanced EDR visibility.
❤4
Intro to Syscalls & Windows internals for malware development:
https://medium.com/%40amitmoshel70/intro-to-syscalls-windows-
internals-for-malware-development-pt-1-b5bb0cd90c52
https://medium.com/@amitmoshel70/intro-to-syscalls-windows-internals-for-malware-development-pt-2-b8d88bb10eb9
https://medium.com/%40amitmoshel70/intro-to-syscalls-windows-
internals-for-malware-development-pt-1-b5bb0cd90c52
https://medium.com/@amitmoshel70/intro-to-syscalls-windows-internals-for-malware-development-pt-2-b8d88bb10eb9
Medium
Intro to Syscalls & Windows internals for malware development Pt.2
Hello everyone, this article is the continuation of part 1 and will mainly focus on the practical aspect of what we’ve been talking about…
❤6
پیدا کردن گجت های jmp برای call stack spoofing
Finding jmp gadgets for call stack spoofing
https://github.com/rasta-mouse/GadgetHunter
@PfkSecurity
Finding jmp gadgets for call stack spoofing
https://github.com/rasta-mouse/GadgetHunter
@PfkSecurity
GitHub
GitHub - rasta-mouse/GadgetHunter: Find jmp gadgets for call stack spoofing.
Find jmp gadgets for call stack spoofing. Contribute to rasta-mouse/GadgetHunter development by creating an account on GitHub.
❤2
Windows local privilege escalation through the bitpixie vulnerability
https://blog.syss.com/posts/bitpixie/
https://blog.syss.com/posts/bitpixie/
SySS Tech Blog
Windows Local Privilege Escalation through the bitpixie Vulnerability
This blog post demonstrates how attackers can circumvent BitLocker drive encryption, how to protect against such attacks, and why acting now might pay off in the near future. The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE…
❤2
❤3
تکنیکهای ساده مهندسی معکوس
توی این مرحله یاد میگیریم چطور برنامههای سادهای رو که یه محافظ ابتدایی یا قفل ساده دارن آنالیز کنیم و رفتار پشتشون رو بفهمیم
قدم به قدم:
باز کردن فایل با ابزار استاتیک و دیباگر
همون طور که قبلا یاد گرفتیم اول با IDA Ghidra ساختار برنامه رو ببینید و بعد با x64dbg بذارید روی Entry Point وایسته این پایه همه کاراست
پیدا کردن قسمت چک لایسنس یا شرط ها
تو برنامه های ساده معمولا یه شرط if هست که میگه اگه لایسنس درست بود برو جلو اگه نه پیام خطا بده این بخش معمولا کنار توابعی مثل strcmp یا strncmp یا توابع ورودی رشتهای قرار داره
ردیابی با Breakpoint
روی تابعی که شک دارید بررسی لایسنسه Breakpoint بذارید برنامه رو اجرا کنید و ببینید کی و کجا متوقف میشه از اونجا میتونید مسیر منطقی برنامه رو بفهمید
بررسی دستورهای شرطی
معمولا یه دستور JE، JNE، JZ یا JNZ هست که تصمیم میگیره ادامه برنامه چی بشه اگه اینو پیدا کنید دقیقا اونجاست که برنامه تصمیم میگیره لایسنس درسته یا نه
دستکاری ساده برای فهم منطق
به جای عوض کردن فایل میتونید تو دیباگر دستور پرش رو موقتا عوض کنید مثلا JNE رو به JE تغییر بدید تا ببینید اگه شرط برعکس بشه چی میشه این تمرین کمک میکنه منطق چک رو کامل درک کنید
تمرین:
یه برنامه ساده بسازید که یه رمز مشخص داره مثلا "1234" و اگه درست وارد شد پیام موفقیت بده
بعد با IDA و x64dbg بررسیش کنید:
تابع مقایسه رمز رو پیدا کنید
نقطه پرش تصمیم گیرنده رو شناسایی کنید
با تغییر پرش ببینید برنامه چطور رفتار میکنه
Simple Reverse Engineering Techniques
In this step we will learn how to analyze simple programs that have a basic guard or a simple lock and understand the behavior behind them
Step by step :
Open the file with static tools and debugger
As we learned before, first see the structure of the program with IDA Ghidra and then place it on the Entry Point with x64dbg and that's it
Find the license check section or conditions
In simple programs there is usually an if condition that says if the license is correct go ahead if not give an error message This section is usually next to functions like strcmp or strncmp or string input functions
Tracing with Breakpoint
Run the program and see when and where it stops From there you can understand the logical path of the program
Examining conditional statements
Usually there is a JE, JNE, JZ or JNZ statement that decides whether to continue the program What if you find this? This is exactly where the program decides whether the license is valid or not
A simple manipulation to understand the logic
Instead of changing the file you can temporarily change the jump instruction in the debugger, for example, change JNE to JE to see what happens if the condition is reversed This exercise will help you fully understand the logic of the check
Exercise :
Create a simple program that has a specific password for example "1234", and if it is entered correctly it will give a success message
Then check it with IDA and x64dbg :
Find the password comparison function
Identify the decision-making jump point
See how the program behaves by changing the jump
توی این مرحله یاد میگیریم چطور برنامههای سادهای رو که یه محافظ ابتدایی یا قفل ساده دارن آنالیز کنیم و رفتار پشتشون رو بفهمیم
قدم به قدم:
باز کردن فایل با ابزار استاتیک و دیباگر
همون طور که قبلا یاد گرفتیم اول با IDA Ghidra ساختار برنامه رو ببینید و بعد با x64dbg بذارید روی Entry Point وایسته این پایه همه کاراست
پیدا کردن قسمت چک لایسنس یا شرط ها
تو برنامه های ساده معمولا یه شرط if هست که میگه اگه لایسنس درست بود برو جلو اگه نه پیام خطا بده این بخش معمولا کنار توابعی مثل strcmp یا strncmp یا توابع ورودی رشتهای قرار داره
ردیابی با Breakpoint
روی تابعی که شک دارید بررسی لایسنسه Breakpoint بذارید برنامه رو اجرا کنید و ببینید کی و کجا متوقف میشه از اونجا میتونید مسیر منطقی برنامه رو بفهمید
بررسی دستورهای شرطی
معمولا یه دستور JE، JNE، JZ یا JNZ هست که تصمیم میگیره ادامه برنامه چی بشه اگه اینو پیدا کنید دقیقا اونجاست که برنامه تصمیم میگیره لایسنس درسته یا نه
دستکاری ساده برای فهم منطق
به جای عوض کردن فایل میتونید تو دیباگر دستور پرش رو موقتا عوض کنید مثلا JNE رو به JE تغییر بدید تا ببینید اگه شرط برعکس بشه چی میشه این تمرین کمک میکنه منطق چک رو کامل درک کنید
تمرین:
یه برنامه ساده بسازید که یه رمز مشخص داره مثلا "1234" و اگه درست وارد شد پیام موفقیت بده
بعد با IDA و x64dbg بررسیش کنید:
تابع مقایسه رمز رو پیدا کنید
نقطه پرش تصمیم گیرنده رو شناسایی کنید
با تغییر پرش ببینید برنامه چطور رفتار میکنه
Simple Reverse Engineering Techniques
In this step we will learn how to analyze simple programs that have a basic guard or a simple lock and understand the behavior behind them
Step by step :
Open the file with static tools and debugger
As we learned before, first see the structure of the program with IDA Ghidra and then place it on the Entry Point with x64dbg and that's it
Find the license check section or conditions
In simple programs there is usually an if condition that says if the license is correct go ahead if not give an error message This section is usually next to functions like strcmp or strncmp or string input functions
Tracing with Breakpoint
Run the program and see when and where it stops From there you can understand the logical path of the program
Examining conditional statements
Usually there is a JE, JNE, JZ or JNZ statement that decides whether to continue the program What if you find this? This is exactly where the program decides whether the license is valid or not
A simple manipulation to understand the logic
Instead of changing the file you can temporarily change the jump instruction in the debugger, for example, change JNE to JE to see what happens if the condition is reversed This exercise will help you fully understand the logic of the check
Exercise :
Create a simple program that has a specific password for example "1234", and if it is entered correctly it will give a success message
Then check it with IDA and x64dbg :
Find the password comparison function
Identify the decision-making jump point
See how the program behaves by changing the jump
❤2👏1
The Evolution of macOS Security
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
❤2
Post-Quantum Now: from AES & RSA to ML-KEM Hybrids
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
Read the full post: https://netlas.io/blog/post_quantum_cryptography/
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
Read the full post: https://netlas.io/blog/post_quantum_cryptography/
netlas.io
Post-Quantum Now: From AES & RSA to ML-KEM Hybrids - Netlas Blog
A Practical Guide to Post-Quantum Cryptography: Algorithms, Migration Roadmap, Risks, and Metrics
❤2
This repository contains slides and hands-on materials for Emproof's workshop on firmware reverse engineering, presented at ScapyCon Automotive 2025. The workshop targets a technical audience with minimal security experience and teaches the fundamentals through practical, self-contained tasks.
https://github.com/emproof-com/workshop_firmware_reverse_engineering
https://github.com/emproof-com/workshop_firmware_reverse_engineering
GitHub
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
❤2
How Does the iOS Kernel Copy Memory?
(Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
(Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
YouTube
How Does the Kernel Copy Memory so Quickly?
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
❤2
Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
@FUZZ0x
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
@FUZZ0x
YLabs
Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs
Premise As Yarix’s Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing…
❤1
A Deep Dive into Reverse Engineering and Exploitation of Drones
https://cfp.recon.cx/media/2023/submissions/HLHH89/resources/REcon_online_slides_mLUVm2u.pdf
https://cfp.recon.cx/media/2023/submissions/HLHH89/resources/REcon_online_slides_mLUVm2u.pdf
❤1