CVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!

TL;DR The TP-Link M7350 V3 is affected by a pre-authentication CVE-2019-12103, and a few post-authentication CVE-2019-12104 command injection vulnerabilities. These injections can be exploited remotely, if the attacker is on the same LAN or otherwise able to get access to the router web interface...

CVE-2017-8227

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...

CVE-2017-8404

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

Fuji Electric SX Expansion Module Detection

Binary data 757597.prm...

The vulnerability of the elflint.c library, a utility for modifying and analyzing binary ELF files, related to insufficient input validation, allows attackers to cause service interruptions.

The vulnerability of the elflint.c library tool for modifying and analyzing binary ELF files is related to insufficient checks on the number of partitions and segments. Exploiting this vulnerability allows a malicious actor to cause a service failure for a specially created ELF file...

The vulnerability of the elf_cvt_note() function in the ELF file modification and analysis utility Elfutils allows a attacker to cause a service failure.

The vulnerability of the elfcvtnote function in the Elfutils tool for modifying and analyzing binary ELF files is related to an attempt to copy negative data volumes. Exploiting this vulnerability could allow a perpetrator to cause service failures...

Angr - A Powerful And User-Friendly Binary Analysis Platform

angr is a platform-agnostic binary analysis framework. It is brought to you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their associated CTF team, Shellphish, the open source community, and @rhelmot. What? angr is a suite of Python 3 libraries that let yo...

Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!

Ponce pronounced 'poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

Triton - Dynamic Binary Analysis (DBA) Framework

Triton is a dynamic binary analysis DBA framework. It provides internal components like a Dynamic Symbolic Execution DSE engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least...

Miasm - Reverse Engineering Framework In Python

Miasm is a free and open source GPLv2 reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: Opening / modifying / generating PE / ELF 32 / 64 LE / BE using Elfesteem Assembling / Disassembling X86 / ARM / MIPS / SH4 /...

Fileless malware: part deux

In part one of this series, we focused on an introduction to the concepts fileless malware, providing examples of the problems that we in the security industry face when dealing with these types of attacks. In part two, I will be walking through a few demonstrations of fileless malware attacks th...

[SECURITY] Fedora 29 Update: capstone-3.0.5-1.fc29

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community...

[SECURITY] Fedora 27 Update: capstone-3.0.5-1.fc27

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community...

Dynamic Binary Analysis Tool: Manticore

Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation. Manticore comes with an easy-to-use command line tool that quickly generates new program “test cases” or sample inputs with symbolic execution. Each test...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is reported vulnerable due to obfuscation/packing that hinders binary analysis of its capabilities. The description states the product uses a compression technique to obscure certain libraries, relies on a TLS callback and an extra executable to enable these libraries an...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

On "Advanced" Network Security Monitoring

My TaoSecurity News page says I taught 41 classes lasting a day or more, from 2002 to 2014. All of these involved some aspect of network security monitoring NSM. Many times students would ask me when I would create the "advanced" version of the class, usually in the course feedback. I could never...

Pharos - Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...