GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response https://github.com/meirwah/awesome-incident-response
🗣akaclandestine


🎖@malwr

📺 Tips for learning RE

How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS

https://youtu.be/JzhpTLe8Vg4
🗣herrcore


🎖@malwr

Android Root Detection Bypass using Frida (Part 1 – OWASP Uncrackable 1)
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
🗣androidmalware2


🎖@malwr

This repo of useful WinDbg scripts from @yarden_shafir is absolute gold! https://github.com/yardenshafir/WinDbg_Scripts/
🗣msuiche


🎖@malwr

I forgot to upload my #EuskalHack slides about #Diaphora 3.0. Here you have a link to the online version:

https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
🗣matalaz


🎖@malwr

Flutter Hackers
Understand and reverse engineer Flutter APK Release Mode with #Frida

Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
🗣androidmalware2


🎖@malwr

Hacking Auto-GPT and escaping its docker container
🗣albinowax

> The docker-compose.yml file present in the repo mounts itself into the docker

I mean this is just fucking stupid so...
👤1esproc

This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
👤UnacceptableUse


🎖@malwr

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
🗣thewatcher_

Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
👤SirensToGo


🎖@malwr

AI Red Team: An Introduction
🗣digicat

Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
👤Sloky


🎖@malwr

New Malware Analysis/RE plugin is now available!🚨
IAT-Tracer is an offline automation plugin for the Tiny-Tracer framework (by @hasherezade) to trace and watch functions directly out of the executable's import table.
https://github.com/YoavLevi/IAT-Tracer

ℹ️ Thanks Levi, for such a nice tool.

🎖@malwr

[CVE-2022-43684 - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances](https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/)
🗣Rezk0n_


🎖@malwr

HexWalk 1.4.0 , Hex Analyzer new release for Windows/Mac/Linux, new release with Byte Patterns (header color tags + YAML format)
🗣gcarmix1

Can I compare two or more files so it would highlight same patterns even if they're shifted?
👤1mrpeter

Does HexWalk do everything that 010 editor does?
👤WindyDaysAreWindy


🎖@malwr

Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers
🗣digicat

A) this will result in another new unnecessary government agency
B) the list of companies voluntarily committing to the program are all massive orgs, smaller agile and innovative orgs won't be able to compete
C) do the basics better, there's no need for this
👤crawdad101

I think this is a great idea but who's going to be in charge of this?

The Gov doesn't have enough people to independently review every single smart device that comes to market. So is it left on companies to self certify that they meet the requirements?

If it's self certification then what happens if a company fraudulently claims they meet the requirements when they don't? Are there penalties?
👤AnApexBread


🎖@malwr