Fuzzing FastCGI With AFL-Fuzz
π£MoneyWaveSal
>FastCGI is written in C/C++.
FastCGI is a protocol. It isn't written in anything but maybe BNF or similar syntax description languages.
π€Taladar
Can someone explain to me why a fuzzer was used instead of manually reverse engineering it? The protocol seems small and simple.
Wouldn't reverse engineering be better for this?
And a fuzzer better for big programs?
π€SombraSec
A bit of a tease at the end with found 31 items and not even mentioning if they were
1. Possible to do remotely - some parameters are not accessible by an attacker
2. We (or looked) exploitable
Looking forward to a follow up article
π€rathaus
π@malwr
π£MoneyWaveSal
>FastCGI is written in C/C++.
FastCGI is a protocol. It isn't written in anything but maybe BNF or similar syntax description languages.
π€Taladar
Can someone explain to me why a fuzzer was used instead of manually reverse engineering it? The protocol seems small and simple.
Wouldn't reverse engineering be better for this?
And a fuzzer better for big programs?
π€SombraSec
A bit of a tease at the end with found 31 items and not even mentioning if they were
1. Possible to do remotely - some parameters are not accessible by an attacker
2. We (or looked) exploitable
Looking forward to a follow up article
π€rathaus
π@malwr
Medium
Fuzzing FastCGI With AFL-Fuzz
This is the very long tale of my adventures in fuzzing FastCGI with AFL-Fuzz. If youβre interested in fuzzing a FastCGI binary, look noβ¦
Generating Advanced hunting queries with PowerShell
https://www.verboon.info/2020/07/generating-advanced-hunting-queries-with-powershell/
π@malwr
https://www.verboon.info/2020/07/generating-advanced-hunting-queries-with-powershell/
π@malwr
Anything about IT
Generating Advanced hunting queries with PowerShell
I was recently writing some advanced hunting queries for Microsoft Defender ATP to search for the execution of specific PowerShell commands. If you are just looking for one specific command, you caβ¦
A Common Missight in Most Hypervisors
π£mrexodia
This took multiple reads to understand because it's just so dense but it is definitely pretty cool!
π€SirensToGo
π@malwr
π£mrexodia
This took multiple reads to understand because it's just so dense but it is definitely pretty cool!
π€SirensToGo
π@malwr
Blogspot
A Common Missight in Most Hypervisors
Generally, when a hypervisor encounters a VM exit, it is because it needs to emulate the effects of an instruction, be it CPUID, RDMSR, or E...
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
π£digicat
π@malwr
π£digicat
π@malwr
AdvIntel
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
Key Takeaways: Just about one year ago, the makers of the infamous GandCrab ransomware announced their retirement, having reportedly earned an astonishing $2 billion since their entry into the ransomware market in January 2018. The vacuum was quickly filledβ¦
Emulating Windows system calls in Linux [LWN.net](https://lwn.net/Articles/824380/)
π£mfilion
Previous discussion: https://old.reddit.com/r/linux/comments/hhyh81
π€the_gnarts
π@malwr
π£mfilion
Previous discussion: https://old.reddit.com/r/linux/comments/hhyh81
π€the_gnarts
π@malwr
LWN.net
Emulating Windows system calls in Linux
The idea of handling system calls differently depending on the origin of each call in the proce [...]
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine - SentinelLabs
π£digicat
π@malwr
π£digicat
π@malwr
SentinelOne
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine - SentinelLabs
A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.
The Domain Generation Algorithm of BazarBackdoor - A DGA based on the Emercoin TLD .bazar
π£digicat
π@malwr
π£digicat
π@malwr
Johannes Bader's Blog
The Domain Generation Algorithm of BazarLoader - A DGA based on the Emercoin TLD .bazar
BazarBackdoor is a module of the dreaded TrickBot Trojan. It is mostly used to gain a foothold in compromised enterprise networks.