Forwarded from 0% Privacy
Forwarded from 0% Privacy
SpiMitm.zip
44.6 KB
💥PoC: SpiMitm - SPI flash read MitM attack PoC for anti-firmware forensics
#security #forensics #fw #bootkit #MitM #SMMrootkit
#security #forensics #fw #bootkit #MitM #SMMrootkit
Forwarded from Violent_Maid
SMM & SMI
https://opensecuritytraining.info/IntroBIOS_files/Day1_07_Advanced%20x86%20-%20BIOS%20and%20SMM%20Internals%20-%20SMM.pdf
https://hackmd.io/@0xff07/SkMXAxUX9
https://www.synacktiv.com/ressources/lt-2019-02-12-bruno-pujos-bypassing-smm_ep.pdf
https://web.cecs.pdx.edu/~karavan/research/SMM_IISWC_preprint.pdf
https://www.ssi.gouv.fr/uploads/IMG/pdf/IT_Defense_2010_final.pdf
http://www.c7zero.info/stuff/ANewClassOfVulnInSMIHandlers_csw2015.pdf
https://habr.com/ru/company/dsec/blog/481692/
Fuck edk2:
https://edk2-docs.gitbook.io/edk-ii-secure-coding-guide/secure_coding_guidelines_intel_platforms/smm
https://opensecuritytraining.info/IntroBIOS_files/Day1_07_Advanced%20x86%20-%20BIOS%20and%20SMM%20Internals%20-%20SMM.pdf
https://hackmd.io/@0xff07/SkMXAxUX9
https://www.synacktiv.com/ressources/lt-2019-02-12-bruno-pujos-bypassing-smm_ep.pdf
https://web.cecs.pdx.edu/~karavan/research/SMM_IISWC_preprint.pdf
https://www.ssi.gouv.fr/uploads/IMG/pdf/IT_Defense_2010_final.pdf
http://www.c7zero.info/stuff/ANewClassOfVulnInSMIHandlers_csw2015.pdf
https://habr.com/ru/company/dsec/blog/481692/
Fuck edk2:
https://edk2-docs.gitbook.io/edk-ii-secure-coding-guide/secure_coding_guidelines_intel_platforms/smm
Forwarded from Trickery Hub
YouTube
Денис Юричев. SAT и SMT решатели, по своей книге "SAT/SMT by example", часть 2/3
Part 2
В рамках пре-школы "Лялмбда - 2021" - Материал из уст автора Дениса Юричева, известного своими работами https://beginners.re/ и https://sat-smt.codes
PDF-ка тут: https://sat-smt.codes/
0:52 Сортировочные сети
2:44 Branchless abs()
4:47 Есть ли в…
В рамках пре-школы "Лялмбда - 2021" - Материал из уст автора Дениса Юричева, известного своими работами https://beginners.re/ и https://sat-smt.codes
PDF-ка тут: https://sat-smt.codes/
0:52 Сортировочные сети
2:44 Branchless abs()
4:47 Есть ли в…
❤🔥1
Forwarded from Violent_Maid
При дебаге выдрал из ядра какой-то интересный
MiComputeDriverProtection, оно вычисляет протект-маску для образа драйвера. Дизасма не будет, так как есть сорц. К DSE оно, судя по всему, не относится.История powershell'а пользака
C:\Users\USER\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
❤2
Forwarded from CyberSecurityTechnologies (-CST-)
Bypassing_Buffer_Overflow.pdf
3.5 MB
#Research
#Threat_Research
"An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques", 2022.
#Threat_Research
"An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques", 2022.
Windows Exploitation Links
https://github.com/r3p3r/nixawk-awesome-windows-exploitation
https://github.com/connormcgarr/Exploit-Development
https://github.com/connormcgarr/Kernel-Exploits
https://github.com/ElliotAlderson51/Exploit-Writeups
https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows
https://github.com/wtsxDev/Exploit-Development
https://www.corelan.be
https://malwareunicorn.org/#/workshops
https://p.ost2.fyi
http://www.securitytube.net
https://ctf101.org/binary-exploitation/overview
Windows Stack Protection I: Assembly Code
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm
Windows Stack Protection II: Exploit Without ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm
Windows Stack Protection III: Limitations of ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm
Exploit Development
Ch 6: The Wild World of Windows
https://samsclass.info/127/lec/EDch6.pdf
SEH-Based Stack Overflow Exploit
https://samsclass.info/127/proj/ED319.htm
Exploiting Easy RM to MP3 Converter on Windows with ASLR
https://samsclass.info/127/proj/ED318.htm
Bypassing Browser Memory Protections
https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf
The Basics of Exploit Development 1: Win32 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development
The Basics of Exploit Development 2: SEH Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows
The Basics of Exploit Development 3: Egg Hunters
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters
The Basics of Exploit Development 4: Unicode Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl
The Basics of Exploit Development 5: x86-64 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer
https://github.com/r3p3r/nixawk-awesome-windows-exploitation
https://github.com/connormcgarr/Exploit-Development
https://github.com/connormcgarr/Kernel-Exploits
https://github.com/ElliotAlderson51/Exploit-Writeups
https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows
https://github.com/wtsxDev/Exploit-Development
https://www.corelan.be
https://malwareunicorn.org/#/workshops
https://p.ost2.fyi
http://www.securitytube.net
https://ctf101.org/binary-exploitation/overview
Windows Stack Protection I: Assembly Code
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm
Windows Stack Protection II: Exploit Without ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm
Windows Stack Protection III: Limitations of ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm
Exploit Development
Ch 6: The Wild World of Windows
https://samsclass.info/127/lec/EDch6.pdf
SEH-Based Stack Overflow Exploit
https://samsclass.info/127/proj/ED319.htm
Exploiting Easy RM to MP3 Converter on Windows with ASLR
https://samsclass.info/127/proj/ED318.htm
Bypassing Browser Memory Protections
https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf
The Basics of Exploit Development 1: Win32 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development
The Basics of Exploit Development 2: SEH Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows
The Basics of Exploit Development 3: Egg Hunters
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters
The Basics of Exploit Development 4: Unicode Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl
The Basics of Exploit Development 5: x86-64 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer
🐳3
Reverse Dungeon
Windows Exploitation Links https://github.com/r3p3r/nixawk-awesome-windows-exploitation https://github.com/connormcgarr/Exploit-Development https://github.com/connormcgarr/Kernel-Exploits https://github.com/ElliotAlderson51/Exploit-Writeups https://…
https://github.com/sathwikch/windows-exploitation
https://github.com/FULLSHADE/WindowsExploitationResources
https://samsclass.info/127/127_F19.shtml
https://web.archive.org/web/20200506122824/https://fullpwnops.com/windows-exploitation-pathway.html
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/FULLSHADE/WindowsExploitationResources
https://samsclass.info/127/127_F19.shtml
https://web.archive.org/web/20200506122824/https://fullpwnops.com/windows-exploitation-pathway.html
https://github.com/SecWiki/windows-kernel-exploits
GitHub
GitHub - sathwikch/windows-exploitation
Contribute to sathwikch/windows-exploitation development by creating an account on GitHub.