789 matches found
Code injection
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy BLE, leading to sniffing, reverse engineering, and replay attacks...
CVE-2017-18642
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy BLE, leading to sniffing, reverse engineering, and replay attacks...
CVE-2017-18642
CVE-2017-18642 affects Syska Smart Bulb devices up to 2017-08-06, where RGB parameters are transmitted over cleartext Bluetooth Low Energy (BLE). The underlying issue is unencrypted BLE traffic, enabling sniffing, reverse engineering, and replay attacks. Connected sources corroborate the BLE clea...
Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D
DLL Abuse Techniques Overview Dynamic-link library DLL side-loading occurs when Windows Side-by-Side WinSxS manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious...
KsDumper - Dumping Processes Using The Power Of Kernel Space
I always had an interest in reverse engineering. A few days ago I wanted to look at some game internals for fun, but it was packed & protected by EAC EasyAntiCheat. This means its handle were stripped and I was unable to dump the process from Ring3. I decided to try to make a custom driver that...
AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I'm realeasing all the code I developed during my research. The main idea is to help...
Fedora Update for radare2 FEDORA-2019-e931422a81
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Sony Playstation 4 (PS4) 6.72 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 6.72 - WebKit Code Execution PoC / badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmwar...
Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
An Obfuscation-Neglect Android Malware Scoring System Concepts Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way. W...
Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps
Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...
Ngrev - Tool For Reverse Engineering Of Angular Applications
Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...
Hacking Hardware Password Managers: Royal Vault Password Keeper
TL;DR: Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The royal password vault boards looked to be reused from a previous hardware device with...
HAL - The Hardware Analyzer
HAL /hel/ is a comprehensive reverse engineering and manipulation framework for gate-level netlists focusing on efficiency, extendability and portability. HAL comes with a fully-fledged plugin system, allowing to introduce arbitrary functionalities to the core. Apart from multiple research...
Fedora Update for radare2 FEDORA-2019-65c33bdc2a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: radare2-3.9.0-3.fc29.1
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
[SECURITY] Fedora 30 Update: radare2-3.9.0-1.fc30.1
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
Fedora Update for radare2 FEDORA-2019-b3de19c346
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: cutter-re-1.9.0-1.fc31
Cutter is a Qt and C++ GUI for radare2. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...
[SECURITY] Fedora 31 Update: radare2-3.9.0-1.fc31.1
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
The story of Adobe Reader symbols
Posted by Mateusz Jurczyk, Project Zero Modern day security analysis of client applications is often hindered by the inaccessibility of their source code and other aids such as debug symbols. As a result, it is necessary to perform completely black-box reverse engineering of the software, in orde...