hexacon2022_AppleAVD.pdf
2.5 MB
🔥🔥🔥Cinema time!
Agenda:
💾Video decoding subsystem overview
💾AppleAVD internals
💾AppleAVD attack surface
💾Fuzzing approach and code analysis
💾Results
💾Previously disclosed vulnerabilities and exploitation
💾Discussion
💾Q&A
Agenda:
💾Video decoding subsystem overview
💾AppleAVD internals
💾AppleAVD attack surface
💾Fuzzing approach and code analysis
💾Results
💾Previously disclosed vulnerabilities and exploitation
💾Discussion
💾Q&A
Forwarded from Hackershop
DSTIKE WiFI Deauther MiNi
Deauther MiNi is still an ESP8266 development board,It comes installed with the latest ESP8266 Deauther software. With this software, you can perform different attacks to test WiFi networks.
Please note that the ESP8266 does only support 2.4GHz.You can also use it to develop your own software. It is simple to use, just like any other ESP8266 development board.
Function:
▫️ Deauther Attack: Disconnect 2.4G WiFi
▫️ Deauther Beacon: Create fake networks
▫️ Deauther Probe:Confuse wifi trackers
▫️ Packet Monitor:Display wifi traffic
Deauther or Jammer: What's the difference?
Buy online:
🛒 https://ali.ski/PItT3
#wifi #dstike #esp8266
Deauther MiNi is still an ESP8266 development board,It comes installed with the latest ESP8266 Deauther software. With this software, you can perform different attacks to test WiFi networks.
Please note that the ESP8266 does only support 2.4GHz.You can also use it to develop your own software. It is simple to use, just like any other ESP8266 development board.
Function:
▫️ Deauther Attack: Disconnect 2.4G WiFi
▫️ Deauther Beacon: Create fake networks
▫️ Deauther Probe:Confuse wifi trackers
▫️ Packet Monitor:Display wifi traffic
Deauther or Jammer: What's the difference?
Buy online:
🛒 https://ali.ski/PItT3
#wifi #dstike #esp8266
Forwarded from 卩ro 爪Cracker
Spice up your persistence: loading PHP extensions from memory
https://ift.tt/EoF3gDj
Submitted December 28, 2022 at 03:25AM by gid0rah
via reddit https://ift.tt/gA8Zb91
https://ift.tt/EoF3gDj
Submitted December 28, 2022 at 03:25AM by gid0rah
via reddit https://ift.tt/gA8Zb91
Spice up your persistence: loading PHP extensions from memory |
Spice up your persistence: loading PHP extensions from memory | AdeptsOf0xCC
Load shared object (PHP extension) from memory
Forwarded from 卩ro 爪Cracker
New AMSI Bypass Using CLR Hooking
https://ift.tt/FyPlmOA
Submitted December 28, 2022 at 04:44AM by pracsec
via reddit https://ift.tt/pcHKbWq
https://ift.tt/FyPlmOA
Submitted December 28, 2022 at 04:44AM by pracsec
via reddit https://ift.tt/pcHKbWq
Practical Security Analytics LLC
New AMSI Bypass Using CLR Hooking
Introduction In this article, I will present a new technique to bypass Microsoft’s Anti-Malware Scan Interface (AMSI) using API Call Hooking of CLR methods. When executed on a Windows system,…
Forwarded from 卩ro 爪Cracker
Certificate Ripper v2 released - tool to extract server certificates
https://ift.tt/1Yr83Px
Submitted December 28, 2022 at 06:24AM by Hakky54
via reddit https://ift.tt/S8YAlmQ
https://ift.tt/1Yr83Px
Submitted December 28, 2022 at 06:24AM by Hakky54
via reddit https://ift.tt/S8YAlmQ
GitHub
GitHub - Hakky54/certificate-ripper: 🔐 A CLI tool to extract server certificates
🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.
Forwarded from 卩ro 爪Cracker
Video game save file Trojan personified
https://ift.tt/xfrDS4s
Submitted December 28, 2022 at 08:36AM by bemodtwz
via reddit https://ift.tt/oljIPvB
https://ift.tt/xfrDS4s
Submitted December 28, 2022 at 08:36AM by bemodtwz
via reddit https://ift.tt/oljIPvB
GitHub
GitHub - swoops/video-game-save-file-trojans: Demonstrates why it's not safe to download random save files from the Internet
Demonstrates why it's not safe to download random save files from the Internet - swoops/video-game-save-file-trojans
#tools
#Blue_Team_Techniques
1. Potential Cloud Account Takeover
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Potential%20Cloud%20Account%20Takeover.md
2. Kernel-mode WinDbg extension for Protected Process investigation
https://github.com/daem0nc0re/TangledWinExec/tree/main/ProtectedProcess#ppeditor
#Blue_Team_Techniques
1. Potential Cloud Account Takeover
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Potential%20Cloud%20Account%20Takeover.md
2. Kernel-mode WinDbg extension for Protected Process investigation
https://github.com/daem0nc0re/TangledWinExec/tree/main/ProtectedProcess#ppeditor
GitHub
Threat-Hunting-and-Detection/Credential Access/Potential Cloud Account Takeover.md at main · Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language). - Cyb3r-Monk/Threat-Hunting-and-Detection
#exploit
KITCTFCTF 2022 V8 Heap Sandbox Escape
https://ju256.de/posts/kitctfctf22-date
]-> PoC: https://github.com/ju256/kitctfctf22-solutions/blob/main/date/expl.js
KITCTFCTF 2022 V8 Heap Sandbox Escape
https://ju256.de/posts/kitctfctf22-date
]-> PoC: https://github.com/ju256/kitctfctf22-solutions/blob/main/date/expl.js
Home | ju256
KITCTFCTF 2022 V8 Heap Sandbox Escape
Two weeks ago we organized our first ever CTF KITCTFCTF 2022. Even though it was a challenging and stressful task, I certainly had a blast preparing challenges and watching the playing teams progress.
One of my challenges called Date was a V8 exploitation…
One of my challenges called Date was a V8 exploitation…
#Red_Team_Tactics
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
1. Divide And Bypass: A new Simple Way to Bypass AMSI
https://x4sh3s.github.io/posts/Divide-and-bypass-amsi
2. Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
x4sh3s
Divide And Bypass: A new Simple Way to Bypass AMSI
This post is about a new simple way to bypass AMSI (Antimalware Scan Interface), that can be applied on small scripts, specially the popular AMSI bypasses.
#Offensive_security
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
#tools
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
#reversing
1. OFRAK (Open Firmware Reverse Analysis Konsole) - binary analysis and modification platform
https://github.com/redballoonsecurity/ofrak
2. A free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures
https://github.com/mytechnotalent/Reverse-Engineering
GitHub
GitHub - redballoonsecurity/ofrak: OFRAK: unpack, modify, and repack binaries.
OFRAK: unpack, modify, and repack binaries. Contribute to redballoonsecurity/ofrak development by creating an account on GitHub.
#exploit
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
1. CVE-2022-26712:
Apple System Integrity Protection (SIP) Bypass
https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable
2. Netcomm NF20MESH/NL1902 - Unauthenticated RCE
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
jhftss.github.io
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far. There are still some reports in the Apple’s processing queue.…