OSINT for Avionics

One of the biggest challenges with avionics research is simply getting hold of equipment to work on. Current equipment is frighteningly expensive – think $100,000 and up for some components, reflecting the relatively short production run, high reliability requirement and significant certification...

IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software

Introduction This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing something quite unusual. It is not a tool or a virtual machine distribution, nor is it a plugin or script for a popular reverse engineering tool or...

CVE-2019-11898

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition APE 3.8...

Open Sourcing StringSifter

Malware analysts routinely use the Strings program during static analysis in order to inspect a binary's printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke...

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...

CVE-2018-18056

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

CVE-2018-18056

The CVE-2018-18056 entry concerns TI TM4C, MSP432E and MSP432P microcontroller series. The issue stems from the eXecute-Only-Memory (XOM) implementation, which prevents code reads on protected memory by using bus faults, yet allows single-step/breakpoint use in XOM-protected flash. This enables a...

DEF CON 2019: MacOS Gets a Malware Beatdown in Attack Demo

LAS VEGAS – On Friday, Mac security researcher Patrick Wardle showed how an attacker can repurpose someone else’s Mac malware, create false attribution flags and sidestep Mac anti-malware defenses with ease. The attack scenarios were his own and meant to serve as cautionary examples and reasons w...

Reverse Engineering 4G Hotspots for fun, bugs and net financial loss

a.k.a. 4G hotspots and their Discontents You might be here because you saw our talk at Defcon 27. You might want to watch that for the full rundown! TL;DR We found multiple vulnerabilities in several well known vendors Mi-Fi devices, including pre- and post-auth command injection and code executi...

Black Hat 2019: WhatsApp Users Still Open to Message Manipulation

LAS VEGAS – Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Facebook-owned WhatsApp is a popular end-to-end encrypted messaging platform with at least 1.5 billion users. Researchers with Check Point...

Announcing the Sixth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering FLARE team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring...

[SECURITY] Fedora 30 Update: radare2-3.6.0-1.fc30

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 30 Update: cutter-re-1.8.3-1.fc30

Cutter is a Qt and C++ GUI for radare2. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)

/ description ; Title : X64 NOT +SHIFT-N+ XOR-N encoded /bin/sh - shellcode ; Author : Pedro Cabral ; Twitter : @CabrallPedro ; LinkedIn : https://www.linkedin.com/in/pedro-cabral1992 ; SLAE ID : SLAE64 - 1603 ; Purpose : spawn /bin/sh shell ; Tested On : Ubuntu 16.04.6 LTS ; Arch : x64 ; Size :...

[SECURITY] Fedora 29 Update: radare2-3.6.0-1.fc29

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida

A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. Checkout the website for features, api and examples CHANGELOG...

Hardcoded credentials

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

AndroidSecNotes

It is an offensive tool for Android. The repository contains learning notes about Android Security, specifically about the Android Runtime ART and its debugging tools. The notes cover the format of Dex files, the ART runtime, and the Hook framework. The notes mention the use of the "oatdump" tool...

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)

;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh 104 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 104 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444"...

Learning to Rank Strings Output for Speedier Malware Analysis

Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detectio...