A DNS view of Lockdown https://www.potaroo.net/ispcol/2020-06/nwfh.html
Password hashing with MD5-crypt in relation to MD5 https://www.vidarholen.net/contents/blog/?p=32
Reversing “V-Alert COVID-19” Android/BankBot https://medium.com/@cryptax/reversing-v-alert-covid-19-android-bankbot-8809c7389f13
Twitter
Axelle Ap. (@cryptax) | Twitter
The latest Tweets from Axelle Ap. (@cryptax). Mainly about security, OS, mobile phones.
The postings on this page are solely my own opinion and do not represent my employer. Sophia Antipolis
The postings on this page are solely my own opinion and do not represent my employer. Sophia Antipolis
Engineering antivirus evasion
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards https://thehackernews.com/2020/06/google-analytics-hacking.html
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group https://blog.fox-it.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/
Fox-IT International blog
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox) Michael Sandee and in close collaboration with NCC’s RIFT. About the Research and Intelligence Fusion Team (RIFT):RIFT leverages our st…
CVE-2020-10665 Docker Desktop Local Privilege Escalation https://github.com/spaceraccoon/CVE-2020-10665
GitHub
GitHub - spaceraccoon/CVE-2020-10665: POC for CVE-2020-10665 Docker Desktop Local Privilege Escalation
POC for CVE-2020-10665 Docker Desktop Local Privilege Escalation - spaceraccoon/CVE-2020-10665
Yesterday we published a new blog entry, regarding the verification of Authenticode signatures with OpenSSL https://reversea.me/index.php/authenticode-ii-verifying-authenticode-with-openssl/
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
itm4n’s blog
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
Here is my writeup about CVE-2020-1170, an elevation of privilege bug in Windows Defender. Finding a vulnerability in a security-oriented product is quite satisfying. Though, there was nothing groundbreaking. It’s quite the opposite actually and I’m surprised…
Chain of Java vulnerabilities that were used in ZDI's Pwn2Own Miami 2020 competition in January 2020 https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Miami_2020/rce_me_v2/rce_me_v2.md
GitHub
PoC/rce_me_v2.md at master · pedrib/PoC
Advisories, proof of concept files and exploits that have been made public by @pedrib. - PoC/rce_me_v2.md at master · pedrib/PoC
Let's Reverse Engineer an Android App! https://yasoob.me/posts/reverse-engineering-android-apps-apktool/
yasoob.me
Let's Reverse Engineer an Android App! - Yasoob Khalid
I had always wanted to learn how to reverse engineer Android apps. There were people out there who knew how to navigate and modify the internals of an APK file and I wasn’t one of them. This had to be changed but it took a long time for that to happen. In…
APC Series: KiUserApcDispatcher and Wow64 https://repnz.github.io/posts/apc/wow64-user-apc/
Learning miasm: Part 2: Analyzing instructions http://www.williballenthin.com/post/2020-01-12-miasm-part-2/
TALOS-2020-1088
Mozilla Firefox URL mPath Information Disclosure Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1088
Mozilla Firefox URL mPath Information Disclosure Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1088
Pushing yourself through hard hunting days: A bug hunter perspective https://medium.com/bugbountywriteup/pushing-yourself-through-hard-hunting-days-a-bug-hunter-perspective-d03b4c16b04
Medium
Pushing yourself through hard hunting days: A bug hunter’s perspective
Today I am going to talk about the period when you don’t find bugs for several days, weeks or even months. This talk is going to be…
Zero-day in Sign in with Apple https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
Reverse Engineering Snapchat (Part I): Obfuscation Techniques https://hot3eed.github.io/snap_part1_obfuscations.html