RME-DisCo @ UNIZAR [www.reversea.me]
@reverseame
3.39K
subscribers
1
photo
5.55K
links
Telegram channel of RME, part of the DisCo Research Group of the University of Zaragoza (Spain) focused on cybersecurity aspects. "It’s not that I have something to hide. I have nothing I want you to see"
Link to the channel:
https://t.me/reverseame
Download Telegram
Join
RME-DisCo @ UNIZAR [www.reversea.me]
3.39K subscribers
RME-DisCo @ UNIZAR [www.reversea.me]
https://support.microsoft.com/nl-nl/help/4557055/faqs-vba-solutions-impacted-april-2020-office-security-updates
Microsoft
FAQ for VBA solutions affected by April 2020 Office security updates
This article describes FAQs to tell users or IT Admins what to do if their existing VBA solution breaks.
RME-DisCo @ UNIZAR [www.reversea.me]
https://twitter.com/maddiestone/status/1250117268794535941?s=19
Twitter
Maddie Stone
Four 0-days that were detected as exploited in the wild are patched in today's Microsoft Patch Tuesday. CVE-2020-1027 - Win EoP CVE-2020-0938 - Adobe Font Manager CVE-2020-1020 - Adobe Font Manager CVE-2020-0968 - Scripting Engine
RME-DisCo @ UNIZAR [www.reversea.me]
https://twitter.com/GHSecurityLab/status/1250068796028735489?s=19
Twitter
GitHub Security Lab
Learn all about how to fuzz network services in this practical case study by @nosoynadiemas in which he fuzzes 3 of the most popular Open Source FTP servers! https://t.co/KVUigUV1l9
RME-DisCo @ UNIZAR [www.reversea.me]
https://lwn.net/Articles/816085/
RME-DisCo @ UNIZAR [www.reversea.me]
https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f
Gist
PoC for CVE-2020-11713. Timing side-channel on wc_ecc_mulmod which allows to recover private key used to sign messages.
PoC for CVE-2020-11713. Timing side-channel on wc_ecc_mulmod which allows to recover private key used to sign messages. - wolfssl_4.3.0_ecc_mulmod_poc.c
RME-DisCo @ UNIZAR [www.reversea.me]
https://www.d00rt.eus/2020/04/ebfuscation-abusing-system-errors-for.html
www.d00rt.eus
Ebfuscation: Abusing system errors for binary obfuscation
Introduction In this post I'm going to try to explain a new obfuscation technique I've come up with (at least I have not seen it before, pl...
RME-DisCo @ UNIZAR [www.reversea.me]
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-xca/a8b7cb0a-92a6-4187-a23b-5e14273b96f8
Docs
[MS-XCA]: Xpress Compression Algorithm
Specifies the three variants of the Xpress Compression Algorithm: LZ77+Huffman, Plain LZ77, LZNT1, and their respective decompression algorithms.
RME-DisCo @ UNIZAR [www.reversea.me]
https://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.html
FireEye
Think Fast: Time Between Disclosure, Patch Release and Vulnerability
Exploitation — Intelligence for Vulnerability Management,…
The majority of exploitation in the wild occurs before patch issuance or within a few days of a patch becoming available.
RME-DisCo @ UNIZAR [www.reversea.me]
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83?gi=b800ebc3c52c
Medium
Methodology for Static Reverse Engineering of Windows Kernel Drivers
Introduction
RME-DisCo @ UNIZAR [www.reversea.me]
https://blog.vastart.dev/2020/04/calling-arbitrary-functions-in-exes.html
blog.vastart.dev
Calling Arbitrary Functions In EXEs: Performing Calls to EXE Functions Like DLL Exports
convert EXE to DLL walk through and example. How to convert a .exe file to a .dll to be able to call arbitrary functions with controlled data. Useful for fuzzing and reverse engineering.
RME-DisCo @ UNIZAR [www.reversea.me]
https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
blog.vastart.dev
Stack Overflow CVE-2019-17424 Vulnerability Write-Up and RCE Exploit Walk Through
CVE-2019-17424 Stack Overflow Vulnerability detailed write-up and exploit walk through for beginner and intermediate learners with ASLR and DEP bypass.
RME-DisCo @ UNIZAR [www.reversea.me]
https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982?hs_amp=true&__twitter_impression=true
Forallsecure
Uncovering OpenWRT remote code execution (CVE-2020-7982)
In this technical guide, ForAllSecure Researcher, Guido Vranken walks readers through his workflow for uncovering for OpenWRT remote code execution vulnerability.
RME-DisCo @ UNIZAR [www.reversea.me]
https://nickbloor.co.uk/2020/03/29/patching-android-split-apks/
NickstaDB
Patching Android Split APKs
I recently came up against my first split APK during an Android app security assessment. My usual toolkit doesn’t support split APKs, so I hacked together a solution to allow me to instrument…
RME-DisCo @ UNIZAR [www.reversea.me]
https://twitter.com/_CPResearch_/status/1252174102133116928?s=19
Twitter
Check Point Research
[CPR-Zero] CVE-2020-0791 (Windows 10 Kernel): Out-Of-Bounds Read\Write in the StrechBlt function in win32kfull.sys https://t.co/PGg9X2bNHE
RME-DisCo @ UNIZAR [www.reversea.me]
https://twitter.com/_fel1x/status/1252502296661016576?s=09
Twitter
Felix Wilhelm
My writeup for the haproxy http2 bug (CVE-2020-11100) is now public: https://t.co/rWgz4bfnCZ. Includes a PoC exploit to demonstrate RCE against Ubuntu 19.10.
RME-DisCo @ UNIZAR [www.reversea.me]
https://insinuator.net/2019/07/emotet-at-heise-emotet-there-emotet-everywhere-dissection-of-an-incident/
Insinuator.net
Emotet at Heise, Emotet there, Emotet everywhere – Dissection of an Incident
After the Emotet Incident at Heise, where ERNW has been consulted for Incident Response, we decided to start a blogpost series, in which we want to regularly report on current attacks that we observe. In particular we want to provide details about the utilized…
RME-DisCo @ UNIZAR [www.reversea.me]
https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
ElcomSoft blog
iOS acquisition methods compared: logical, full file system and iCloud
The iPhone is one of the most popular smartphone devices. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more…
RME-DisCo @ UNIZAR [www.reversea.me]
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
Blogspot
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
Posted by hugeh0ge, Ricerca Security NOTE: We have decided to make our PoC exclusively available to our customers to avoid abuse by scr...
RME-DisCo @ UNIZAR [www.reversea.me]
https://twitter.com/doegox/status/1252667831302455296?s=09
Twitter
Philippe Teuwen
"If succesfuly exploited, an attacker within NFC range could obtain remote code execution on android device's NFC daemon." https://t.co/T24r3qWNnF
RME-DisCo @ UNIZAR [www.reversea.me]
https://github.com/james0x40/CVE-2020-0624
GitHub
GitHub - james0x40/CVE-2020-0624: win32k use-after-free poc
win32k use-after-free poc. Contribute to james0x40/CVE-2020-0624 development by creating an account on GitHub.
RME-DisCo @ UNIZAR [www.reversea.me]
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/