A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.


https://github.com/secfigo/Awesome-Fuzzing

Fuzzer Development 2: Sandboxing Syscalls

https://h0mbre.github.io/Lucid_Context_Switching/#

#part_2

OSED Notes: (Offensive Security Exploit Developer) by Zeyad Azima, 2024

Source
GitHub
Twitter

#pentest #useful #exam #celebrery

" The architecture of SAST tools: An explainer for developers "
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.

+Automate source code scanning.
+Expand vulnerability detection.
+Assist with manual code reviews.
+Software composition analysis (SCA)
+Dynamic application security testing (DAST)
+Interactive application security testing (IAST)

https://github.blog/2024-02-12-the-architecture-of-sast-tools-an-explainer-for-developers/

#devops
———
@islemolecule_source

یه مقاله درجه یک درباره container networking

How Container Networking Works: a Docker Bridge Network From Scratch
https://labs.iximiuz.com/tutorials/container-networking-from-scratch

@gocasts

Tons of trainings out there for implant dev now as of just last year even.

- Pavel has his own

https://training.trainsec.net/malware-analysis-and-development-workshop

- there’s Maldev Academy which is great
- there’s ODT from a Microsoft dude

https://courses.ask-academy.live/courses/offensive-development-and-tradecraft

- SANS has an implant dev course

https://www.sans.org/cyber-security-courses/red-team-operations-developing-custom-tools-windows/

- CodeMachine had some but I don’t think they are public offerings anymore
- Paranoid Ninja BRC4 author had some



#malware_dev

DLL Proxying using forwards with absolute paths
https://github.com/mrexodia/perfect-dll-proxy

Password: hide01.ir

Average windows fan

#Malware_analysis
"Exploring Infostealer Malware Techniques on Automotive Head Units", 2024.

" Security is a process, not a product. Nor a language "
Rust can help make software secure – but it's no cure-all

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.
So while coding with Rust can help reduce memory safety vulnerabilities, it won't fix everything.

https://www.theregister.com/2024/02/08/rust_software_memory_safety/

Urgent Security Alert! Hackers Hijacked Notepad++ Plugin
https://gbhackers.com/hackers-hijacked-notepad-plugin-to-execute-malicious-code/

“Intel® 64 and IA-32 Architectures
Software Developer’s Manual
Combined Volumes:
1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4”


Intel manual

Solutions of xchg rax,rax

Telegram RCE


🆘🆘🆘ATTENTION 🆘🆘🆘

URGENTLY DISABLE AUTOLOADING MEDIA ON ALL DEVICES WHERE THE TELEGRAM DESKTOP IS INSTALLED

🆘🆘NOT A TRAINING ALARM 🆘🆘

Settings - Advanced settings - In personal chats, groups, channels, DISABLE ALL CHECKS IN ALL AUTOLOAD MEDIA ITEMS

Found rce is played through the video player in Telegram. Therefore, the safest solution is to disable auto-downloading of files.

Information about the exploit itself is currently known only in narrow circles


https://vimeo.com/932147196


@Bl4nk_Room

ASSESSING AND EXPLOITING CONTROL SYSTEM AND IIOT (2020)

Blackhat USA 2020


https://www.blackhat.com/us-20/training/schedule/listing.html#assessing-and-exploiting-control-system-and-iiot-19234