Lucene search
K

40 matches found

Kitploit
Kitploit
added 2020/05/12 12:30 p.m.104 views

Threadtear - Multifunctional Java Deobfuscation Tool Suite

Threadtear is a multifunctional deobfuscation tool for java. Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. It also contains older deobfuscation tools from my github account, but it can also be...

7.3AI score
Exploits0References5
0day.today
0day.today
added 2020/04/15 12:0 a.m.83 views

Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys Vulnerability

Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction. Title: Cellebrite Hardcoded ADB Authentication Keys Publicatio...

5.5CVSS0.5AI score0.00447EPSS
Exploits3
KoreLogic Security
KoreLogic Security
added 2020/04/13 12:0 a.m.71 views

Cellebrite Hardcoded ADB Authentication Keys

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.29 Platform: Embedded Windows CWE Classification: CWE-321: Use of hardcoded cryptographic keys CVE ID: CVE-2020-11723 2. Vulnerability Description Cellebrite UFED uses four hardcoded RSA private...

5.5CVSS5.5AI score0.00447EPSS
Exploits3Affected Software1
Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.147 views

Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys

KL-001-2020-001 : Cellebrite Hardcoded ADB Authentication Keys Title: Cellebrite Hardcoded ADB Authentication Keys Advisory ID: KL-001-2020-001 Publication Date: 2020.04.13 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2020-001.txt 1. Vulnerability Details Affected Vendor...

0.1AI score0.00447EPSS
Exploits3
Kitploit
Kitploit
added 2020/02/26 8:30 p.m.79 views

ABD - Course Materials For Advanced Binary Deobfuscation

Advanced Binary Deobfuscation This repository contains the course materials of Advanced Binary Deobfuscation at the Global Cybersecurity Camp GCC Tokyo in 2020. Course Abstract Reverse engineering is not easy, especially if a binary code is obfuscated. Once obfuscation performed, the binary would...

7.5AI score
Exploits0References2
Carbon Black Blog
Carbon Black Blog
added 2019/02/25 3:56 p.m.108 views

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

7AI score
Exploits0
Kitploit
Kitploit
added 2019/01/29 12:48 p.m.102 views

CIRTKit - Tools For The Computer Incident Response Team

One DFIR console to rule them all. Built on top of theViper Framework Documentation Please see the wiki for more information about CIRTKit and documentation Roadmap Future integrations Bit9 Palo Alto Networks EnCase/FTK Future modules Packet Analysis possibly Dshell Javascript...

6.7AI score
Exploits0References3
FireEye
FireEye
added 2018/12/12 12:30 p.m.15 views

FLARE Script Series: Automating Objective-C Code Analysis with Emulation

This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing a new IDAPython library – flare-emu – powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x8664, ARM, and...

6.1AI score
Exploits0
ThreatPost
ThreatPost
added 2018/10/02 7:23 p.m.11 views

NOKKI Malware Sports Mysterious Link to Reaper APT Group

The Reaper APT group, suspected of being affiliated with North Korea, turns out to have a link to the recently uncovered NOKKI malware family. Palo Alto’s Unit 42 recently observed NOKKI-laden attacks targeted Russian- and Cambodian-speaking individuals with political lures. NOKKI is a backdoor,...

7.4AI score
Exploits0References4
Talos Blog
Talos Blog
added 2017/12/06 8:2 a.m.1291 views

Recam Redux - DeConfusing ConfuserEx

This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2017/10/12 1:14 p.m.26 views

FLOSS - FireEye Labs Obfuscated String Solver (Automatically extract obfuscated strings from malware)

Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key...

7.2AI score
Exploits0References6
Kitploit
Kitploit
added 2017/01/26 1:24 p.m.15 views

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

8.5AI score
Exploits0References1
FireEye
FireEye
added 2016/05/03 8:30 a.m.279 views

Deobfuscating Python Bytecode

Introduction During an investigation, the FLARE team came across an interesting Python malware sample MD5: 61a9f80612d3f7566db5bdf37bbf22cf that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2014/05/27 3:0 p.m.47 views

CVE-2013-5036

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...

7.5AI score0.46182EPSS
Exploits5References5
Prion
Prion
added 2014/05/27 2:55 p.m.9 views

Deserialization of untrusted data

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...

7.5CVSS8.2AI score0.46182EPSS
Exploits5References5
0day.today
0day.today
added 2013/08/09 12:0 a.m.35 views

Squash YAML Code Execution Vulnerability

This Metasploit module exploits a remote code execution vulnerability in the YAML request processor of the Squash application. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on...

7.5CVSS7.4AI score0.46182EPSS
Exploits5
Kitploit
Kitploit
added 2013/03/18 2:58 a.m.13 views

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them. This is a list of changes made to this version: + Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful + Added Filter...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2013/02/20 3:39 p.m.38 views

Java Applet JMX Remote Code Execution

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning t...

5.3CVSS10AI score0.89987EPSS
Exploits8
0day.today
0day.today
added 2013/01/30 12:0 a.m.33 views

D-Link DCS Cameras Authentication Bypass / Command Execution

D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration. Unauthenticated remote access to D-Link DCS cameras =================================================== ADVISORY INFORMATION Title:...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2010/07/09 2:23 p.m.17 views

New Linux OS REMnux Designed For Reverse Engineering Malware

A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools the comprise a very powerful environment for taking apart...

7.2AI score
Exploits0References5
Rows per page
Query Builder