Inspired by Midas’s series on Linux kernel exploit development, this series follows the same pattern of exploit mitigations using pwn.college’s kernel and includes all of my code and examples here. Linux kernel exploit development
The key to creating great art is conflict and tension.
Friendly reminder that LastPass are a bunch of clowns and your passwords would be safer if you send them to me. Which I highly recommend.
Vultriever - utility that allows to convert to Excel and JSON formats the results of using the Nmap scanner in conjunction with the built-in Vulners snap-in. It was created to automate the process of inventory of open ports and running network services on the server and scoring of existing vulnerabilities determined based on the versions of the software used. Implemented the use of Vultriever from the terminal and as an imported module in native Python scripts. Vultriever - Vulnerability scoring with Nmap
flatpress has a feature to upload file “uploader” and display from “media manager”. By uploading PHP files, the users can perform Php Remote file Inclusion attack and gain RCE. Copy the following code and save as
test.Php(note the uppercase).Successful exploitation of PHP file inclusion may result in information disclosure or compromise of the vulnerable system. A remote attacker can read and write files or execute arbitrary code on the target system with privileges of the web server. In this case we can do all of this things. Php Remote file Inclusion and RCE in flatpressblog/flatpress
Philosophy the Movie
Starring Winona Ryder as Philosophy, Johnny Depp as Immanuel Kant, Bret Michaels as David Hume, Matt Damon as all the platonic philosophers fused into the one person of Plato, and Arnold Schwarzenegger as Hegel.
Modern literature is over-commercialised and has very little of value left. We’re in the down-swing of creative endeavour and honestly, I’m okay with it. Our society doesn’t deserve great works of art, we have cheeseburgers and an extra lane on the road.
Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple’s XNU source. CVE-2022-46689 - root on macOS 13.0.1
Sandworm intercepts all potentially harmful Node & browser APIs, like arbitrary code execution (child_process.exec) or network calls (fetch). It knows what packages are responsible for each call.
Simple obfuscation techniques can confuse static analysis tools, but Sandworm’s dynamic analysis will always intercept risky calls at run time. Easy auditing & sandboxing for your JavaScript dependencies
These resources are intended to guide a SIEM team to…
- Develop a workflow for content creation (and retirement) in the SIEM and other security tools.
- Illustrate detection coverage provided and highlight coverage gaps as goals to fill.
- Eliminate or add additional layers of coverage based on organizational needs.
- Ensure proper logs are generated and recorded for sufficient detection, investigation, and compliance.
apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget injection process. It also supports app bundles/split APKs. apk.sh - reverse-engineer Android apps
A bartender is the cheapest form of therapy.
Reading about medieval mystics and feeling jealous of the simplicity of their lives. Those motherfuckers never had to write a cover letter. Like you just go off and fight in a war and after settle down into a monastic order where you just drink beer all day. And then eventually die to dysentery.
One can only dream.
Fibratus is a tool for exploration and tracing of the Windows kernel. It lets you trap system-wide events such as process life-cycle, file system I/O, registry modifications or network requests among many other observability signals. In a nutshell, Fibratus allows for gaining deep operational visibility into the Windows kernel but also processes running on top of it. It requires no drivers nor third-party software.
Events can be shipped to a wide array of output sinks or dumped to capture files for local inspection and forensics analysis. The powerful filtering engine permits drilling into the event flux entrails and the rules engine is capable of detecting stealthy adversary attacks and sophisticated threats. Windows kernel exploration and observability with a focus on security
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Coercer
Towards the end of May 2021 Starlink launched in Belgium so we were finally able to get our hands on a Dishy McFlatface. In this blog post we will cover some initial exploration of the hardware and we will explain how we dumped and extracted the firmware.
Note that this blog post does not discuss any specific vulnerabilities, we merely document techniques that can be used by others to research the Starlink User Terminal (UT). Towards the end of this blog post we will include some interesting findings from the firmware. Dumping and extracting the SpaceX Starlink User Terminal firmware
Accounts for mobile applications are often bound to phone numbers and working with multiple people on a project may make it necessary at some point to share mobile phone numbers for receiving SMS. Also, when testing mobile applications protected by a SMS-based second-factor authentication, sharing phone numbers among the testing team is sometimes necessary and also acceptable regarding security, when the scope is only a test system. At Pentagrid, we therefore operate a small SMS Gateway, which we hereby publish as open source. An open source SMS gateway for pentest projects
