Disassembling a binary: linear sweep and recursive traversal #DisassemblingBinary #PEFileFormat #ReverseEngineering #InstructionSetArchitecture #InsPEctor https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/
nicolo.dev
Disassembling a binary: linear sweep and recursive traversal
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented…
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code #PrivilegeEscalation #ActiveDirectory #CVE2025 #PoCCode #MicrosoftPatch https://securityonline.info/privilege-escalation-in-active-directory-domain-services-cve-2025-21293-exploit-revealed-with-poc-code/
Daily CyberSecurity
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code
Discover the details of CVE-2025-21293, an elevation of privilege vulnerability in Active Directory that allows attackers to escalate privileges to SYSTEM.
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities #WindowsKernel #WriteWhatWhere #Exploitation #Vulnerability #ArbitraryWrite https://wetw0rk.github.io/posts/0x04-writing-what-where-in-the-kernel/
Blowfish
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities
First off, if you’re following the series from the start, great job getting past the Use After Free in the Windows Kernel!
🤯1
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities #WindowsKernelVulnerabilities #TypeConfusion #Exploitation #MemoryCorruption #CodeExecution https://wetw0rk.github.io/posts/0x05-introduction-to-windows-kernel-type-confusion-vulnerabilities/
wetw0rk.github.io
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities
ArgFuscator: a website to obfuscate commands #ArgFuscator #Obfuscation #Commands #Options #GitHub https://argfuscator.net
ArgFuscator
Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.
🤔1
How to prove false statements? (Part 2) #CryptographicEngineering #VerifiableComputation #FalseStatementProofs #FiatShamir #RandomOracle https://blog.cryptographyengineering.com/2025/02/06/how-to-prove-false-statements-part-2/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 2)
This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…
0x06 - Approaching Modern Windows Kernel Type Confusions #WindowsKernel #TypeConfusions #Exploitation #VirtualMemory #PagedMemory https://wetw0rk.github.io/posts/0x06-approaching-modern-windows-kernel-type-confusions/
Blowfish
0x06 - Approaching Modern Windows Kernel Type Confusions
In the last tutorial we exploited a Type Confusion within the Windows 7 (x86) Kernel.
Advisory: CVE-2024-55957 #CVE202455957 #ThermoScientific #PrivilegeEscalation #SecurityPatch #TierZeroSecurity https://tierzerosecurity.co.nz/2025/02/07/cve-2024-55957.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1 #WindowsTelephonyServices #CVE2025 #TelephonyIntegration #PatchAnalysis #TAPIarchitecture https://blog.securelayer7.net/windows-telephony-services-2025-patch-diffing-and-analysis-pt-1/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1
Introduction At the start of 2025, on January 14th, Microsoft released over 20+ CVEs addressing Remote Code Execution (RCE) vulnerabilities in Microsoft Telephony Services,...
Almost famous: behind the scenes of a feature that didn’t make the cut #ThinkstThoughts #FeatureCut #GhostServer #Canary #DeceptionTechnique https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html
Thinkst Thoughts
Almost famous: behind the scenes of a feature that didn’t make the cut
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for …
Systems Correctness Practices at AWS: Leveraging Formal and Semi-formal Methods #AWS #SystemsCorrectness #FormalMethods #TestingPractices #AWSInvestment https://dl.acm.org/doi/10.1145/3712057
Queue
Systems Correctness Practices at AWS: Leveraging Formal and Semi-formal Methods: Queue: Vol 22, No 6
Building reliable and secure software requires a range of approaches to reason about
systems correctness. Alongside industry-standard testing methods (such as unit and
integration testing), AWS has adopted model checking, fuzzing, property-based testing,…
systems correctness. Alongside industry-standard testing methods (such as unit and
integration testing), AWS has adopted model checking, fuzzing, property-based testing,…
LLM4Decompile: Reverse Engineering: Decompiling Binary Code with Large Language Models #ReverseEngineering #Decompiling #LargeLanguageModels #GitHub #OpenSource https://github.com/albertan017/LLM4Decompile
GitHub
GitHub - albertan017/LLM4Decompile: Reverse Engineering: Decompiling Binary Code with Large Language Models
Reverse Engineering: Decompiling Binary Code with Large Language Models - albertan017/LLM4Decompile
MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file #MalDoc #PDF #DetectionBypass #JPCERT #CyberSecurity https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
JPCERT/CC Eyes
MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file – - JPCERT/CC Eyes
JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This blog article calls the technique “MalDoc in PDF” hereafter and...
AArch64 memory and paging #AArch64 #MemoryPaging #DeviceMemory #Shareability #CachingMode https://krinkinmu.github.io/2024/01/14/aarch64-virtual-memory.html
Welcome to the Mike’s homepage!
AArch64 memory and paging
In this post I will return to my exploration of 64 bit ARM architecture and will touch on the exciting topic of virtual memory and AArch64 memory model. Hopefully, by the end of this post I will have an example of how to configure paging in AArch64 and will…
UK Is Ordering Apple to Break Its Own Encryption #UKencryptiondemand #breaktheencryption #userdataprivacy #governmentpower #cloudcomputing https://www.schneier.com/blog/archives/2025/02/uk-is-ordering-apple-to-break-its-own-encryption.html
Schneier on Security
UK Is Ordering Apple to Break Its Own Encryption - Schneier on Security
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.…
NanoCore RAT Malware Analysis #MalwareAnalysis #Phishing #EmailScams #NanoCoreRAT #CybersecurityBlog https://malwr-analysis.com/2025/02/10/nanocore-rat-malware-analysis/
Malware Analysis, Phishing, and Email Scams
NanoCore RAT Malware Analysis
NanoCore is a well-known Remote Access Trojan (RAT) used by threat actors for espionage, data theft, and system control. In this post, I will analyze a NanoCore RAT sample with the hash 18B476D3724…
Jooki - Taking Control of a Forgotten Device #Jooki #Firmware #ReverseEngineering #RCE #OpenSource https://nv1t.github.io/blog/reviving-jooki/
Blog
Jooki - Taking Control of a Forgotten Device
Jooki was a dream come true for parents—an intuitive, screen-free audio player that let kids enjoy music and stories with the tap of a token. But that dream turned into frustration when the company behind Jooki went bankrupt, leaving countless devices bricked…