Time Travel Debugging IDA plugin, ttddbg, 1.1.0 is out with new tracing feature ! Based on #IDA database, arguments and return value are pretty-printed ! Enjoy ✈️🛰️🚁 github.com/airbus-cert/tt…

"Attacking the Android kernel using the Qualcomm TrustZone" #infosec #redteam #pentest tamirzb.com/attacking-andr…

It's been a while since I've given updates here, especially since I started at Intel one year ago ! I've taken over the maintainership of kAFL 🛠️🚀 kAFL is a HW assisted feedback fuzzer for x86 VMs ✨ github.com/IntelLabs/kAFL ⬇️ (1/x)

Akamai researchers have identified 3 vulnerabilities in MS-RPC runtime, all with a base score of 8.1. In our latest blogpost, see how an integer overflow in a dynamic array can lead to RCE in the RPC runtime. Write-up: akamai.com/blog/security-…

📱Dive into the inner workings of jemalloc new: one of the libc allocators used on modern #Android devices. Enhance your understanding of memory management with nicoski! synacktiv.com/publications/e…

[Tool] Ghidralligator: Emulate and fuzz code running on various CPU architectures (ARM, MIPS, PPC, x86, Apple Silicon M1/M2...) Based on #GHIDRA (libsla C++). #AFLplusplus, snapshot fuzzing, code coverage, ASAN cyber.airbus.com/17300/ github.com/airbus-cyber/g… GuillaumeOrlando

Here is a little analysis of Mastho's CVE-2023-29360, a beautiful LPE he used during last Pwn2own: big5-sec.github.io/posts/CVE-2023…

Did you know that Windows processes fundamental to Operating System security run in Isolated User Mode and can not be debugged ? Well that's true except when it isn't. Here Francisco Falcon provides a step by step guide to do it blog.quarkslab.com/debugging-wind… #Windows #ReverseEngineering

💥BOOM!💥 Another privilege escalation blog, this time showcasing how to convert arbitrary file deletions 🗑️ to SYSTEM command prompt🌈 CVE-2023-27470. Learn about TOCTOU, pseudo-symlinks, MSI rollback exploits, and, of course, how to protect yourselves! mandiant.com/resources/blog…

Reversing Windows Container, episode I: Silo An exploration of the depths of #Windows #container technology by Quarkslab's engineer Lucas di Martino #docker #hyperv #reversing blog.quarkslab.com/reversing-wind…

Akamai researchers discovered a critical vulnerability in Microsoft Windows Server 2022. This vuln can be triggered by an unauthenticated attacker over the internet and potentially lead to DoS. Only servers that use SMB over QUIC are vulnerable. akamai.com/blog/security-…

It’s very common for us to see offensive tooling enable SeDebugPrivilege so that they may bypass certain OS checks. However, what does this mean? Which OS checks are skipped? I dove into this and decided to write a blog on it. Check it out! bit.ly/3trYxdg

I am releasing my kernel fuzzer "SimpleNTSyscallFuzzer" for public use. With the help of this generic fuzzer, i managed to have more than 15 CVEs. Enjoy! github.com/waleedassar/Si…

I did two write-ups about ETW. The first one will cover how to capture an ETW trace and covers a case-study using the WinInet provider to analyze Cobalt Strike. The second one covers how EDR are using the DotNetRuntime ETW. 1. github.com/DebugPrivilege… 2. github.com/DebugPrivilege…

This is an excellent series on virtualization and internals of various solutions (QEMU, Xen and VMWare) Credits @LordNoteworthy Intro: docs.saferwall.com/blog/virtualiz… VMWare: docs.saferwall.com/blog/virtualiz… Xen: docs.saferwall.com/blog/virtualiz… QEMU: docs.saferwall.com/blog/virtualiz… #infosec

Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR by @[email protected] exploits.forsale/24h2-nt-exploi…

Blog Post Alert: Tale of Code Integrity & Driver Loads 🔸Reversing sc.exe and MS-SCMR 🔸Some RPC internals 🔸Debugging PPL process 🔸Tracing functions during a driver load event. sabotagesec.com/tale-of-code-i…

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

If you have not checked it out yet, Windows Downdate tool is live! You can use it to take over Windows Updates to downgrade and expose past vulnerabilities sourced in DLLs, drivers, the NT kernel, the Secure Kernel, the Hypervisor, IUM trustlets and more! github.com/SafeBreach-Lab…

Had a lot of fun digging into COM stuff with bohops recently! We ended up finding a way to laterally move without dropping a file. ibm.com/think/news/fil…