Reposted by biazo
The worst bugs are the ones where the code mostly works. Low-level AI coding is so complex that I (an the AI that I write code with), produce an annoying number of them.
May 10, 2025 at 12:32 AM
The worst bugs are the ones where the code mostly works. Low-level AI coding is so complex that I (an the AI that I write code with), produce an annoying number of them.
Reposted by biazo
You asked, we delivered: Binary Ninja 5.0 brings major iOS reversing upgrades! DYLD Shared Cache is now a first-class feature, with up to 18x faster performance and way smarter analysis across the board. binary.ninja/2025/04/23/5...
April 24, 2025 at 7:44 PM
You asked, we delivered: Binary Ninja 5.0 brings major iOS reversing upgrades! DYLD Shared Cache is now a first-class feature, with up to 18x faster performance and way smarter analysis across the board. binary.ninja/2025/04/23/5...
Reposted by biazo
Reposted by biazo
Reposted by biazo
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
Fileless lateral movement with trapped COM objects | IBM
New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.
ibm.com
March 25, 2025 at 9:21 PM
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
Reposted by biazo
Wrapping up our COM hijacking series! 🎉
In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻
Don't miss it! neodyme.io/en/blog/com_...
In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻
Don't miss it! neodyme.io/en/blog/com_...
The Key to COMpromise - Writing to the Registry (again), Part 4
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...
neodyme.io
February 26, 2025 at 3:38 PM
Wrapping up our COM hijacking series! 🎉
In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻
Don't miss it! neodyme.io/en/blog/com_...
In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻
Don't miss it! neodyme.io/en/blog/com_...
Reposted by biazo
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...
February 19, 2025 at 9:13 AM
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...
Reposted by biazo
Cicada from HackTheBox is a really nice easy introduction to Windows / Active Directory exploitation.
HTB: Cicada
Cicada is a pure easy Windows Active Directory box. I’ll start enumerating SMB shares to find a new hire welcome note with a default password. I’ll RID-cycle to get a list of usernames, and spray that password to find a user still using it. With a valid user I can query LDAP to find another user with their password stored in their description. That user has access to a share with a dev script used for backup, and more creds. Those creds work to get a shell, and the user is in the Backup Operators group, so I can exfil the registry hives and dump the machine hashes.
0xdf.gitlab.io
February 15, 2025 at 3:00 PM
Cicada from HackTheBox is a really nice easy introduction to Windows / Active Directory exploitation.
Reposted by biazo
Learn how hyperlight can create virtualization-based sandboxes for WASM applications:
Hyperlight: Achieving 0.0009-second micro-VM execution time - Microsoft Open Source Blog
In this post, we’ll take the demo application and show how it demonstrates one way you can use Hyperlight in your applications. Learn more.
opensource.microsoft.com
February 12, 2025 at 5:17 PM
Learn how hyperlight can create virtualization-based sandboxes for WASM applications:
Reposted by biazo
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
Introducing HyperHook: A harnessing framework for Nyx
In this post, we introduce HyperHook, a harnessing framework for snapshot-based fuzzing for user-space applications using Nyx. HyperHook simplifies guest-to-host communication and automates repetitive...
neodyme.io
February 5, 2025 at 3:18 PM
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
Reposted by biazo
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
February 4, 2025 at 7:34 PM
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Reposted by biazo
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
hshrzd.wordpress.com
January 26, 2025 at 11:55 PM
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Reposted by biazo
Profile Explorer is a tool for viewing CPU profiling traces collected through the Event Tracing for Windows (ETW) infrastructure on machines with x64 and ARM64 CPUs
github.com/microsoft/pr...
github.com/microsoft/pr...
January 24, 2025 at 9:05 PM
Profile Explorer is a tool for viewing CPU profiling traces collected through the Event Tracing for Windows (ETW) infrastructure on machines with x64 and ARM64 CPUs
github.com/microsoft/pr...
github.com/microsoft/pr...
Reposted by biazo
Lots of questions about the new admin protection feature in Windows so the MORSE team decided to do a writeup. Working on part 2 now, should be done in a day or two. techcommunity.microsoft.com/blog/microso...
January 23, 2025 at 11:09 PM
Lots of questions about the new admin protection feature in Windows so the MORSE team decided to do a writeup. Working on part 2 now, should be done in a day or two. techcommunity.microsoft.com/blog/microso...
Reposted by biazo
the chinese netizens have put america in the ground
January 14, 2025 at 7:20 PM
the chinese netizens have put america in the ground
Reposted by biazo
Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click
project-zero.issues.chromium.org/issues/36869...
project-zero.issues.chromium.org/issues/36869...
Project Zero
project-zero.issues.chromium.org
January 10, 2025 at 12:08 AM
Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click
project-zero.issues.chromium.org/issues/36869...
project-zero.issues.chromium.org/issues/36869...
Reposted by biazo
Kids these days don't even know how much opportunity they have to learn hacking from actual pros.
I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.
Anyway, watch this 👇
I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.
Anyway, watch this 👇
My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. 🎉🥳
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
Flare-On 2024 Solutions and Commentary
YouTube video by BasteG0d69
www.youtube.com
December 31, 2024 at 10:10 AM
Kids these days don't even know how much opportunity they have to learn hacking from actual pros.
I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.
Anyway, watch this 👇
I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.
Anyway, watch this 👇
Reposted by biazo
Binary diff'ing is hard. But it's super powerful to apply markup from previous reverse engineering efforts to a new binary.
Binary Ninja is switching up how they match function signatures with WARP.
www.seandeaton.com/binary-ninja...
#binaryninja #reverseengineering #ghidra #ida #decompiler
Binary Ninja is switching up how they match function signatures with WARP.
www.seandeaton.com/binary-ninja...
#binaryninja #reverseengineering #ghidra #ida #decompiler
Trying Out Binary Ninja's new WARP Signatures with IPSW Diff'ing
Binary diff'ing is pretty complex, but being able to apply markup from one binary to another is quite powerful. Binary Ninja's new WARP extends previous efforts, using SigKit, to quickly identify libr...
www.seandeaton.com
December 27, 2024 at 1:07 PM
Binary diff'ing is hard. But it's super powerful to apply markup from previous reverse engineering efforts to a new binary.
Binary Ninja is switching up how they match function signatures with WARP.
www.seandeaton.com/binary-ninja...
#binaryninja #reverseengineering #ghidra #ida #decompiler
Binary Ninja is switching up how they match function signatures with WARP.
www.seandeaton.com/binary-ninja...
#binaryninja #reverseengineering #ghidra #ida #decompiler
Reposted by biazo
Stability in AFL++/LibAFL is quantified by the percentage of edges in the target that are considered “stable”. If repeatedly sending identical inputs results in the data traversing the same path through the target each time, then the stability is determined to be 100%.
December 24, 2024 at 9:18 PM
Stability in AFL++/LibAFL is quantified by the percentage of edges in the target that are considered “stable”. If repeatedly sending identical inputs results in the data traversing the same path through the target each time, then the stability is determined to be 100%.
Reposted by biazo
Can you find an ITW 0-day from crash logs? Project Zero finds out
googleprojectzero.blogspot.com/2024/12/qual...
googleprojectzero.blogspot.com/2024/12/qual...
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project Zero This blog post provides a technical analysis of exploit artifacts provided to us by Google's Thr...
googleprojectzero.blogspot.com
December 16, 2024 at 6:16 AM
Can you find an ITW 0-day from crash logs? Project Zero finds out
googleprojectzero.blogspot.com/2024/12/qual...
googleprojectzero.blogspot.com/2024/12/qual...
Reposted by biazo
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
BlueHat 2024: S09: Pointer Problems – Why We’re Refactoring the Windows Kernel
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
December 16, 2024 at 4:29 AM
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
Reposted by biazo
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
GitHub - microsoft/markitdown: Python tool for converting files and office documents to Markdown.
Python tool for converting files and office documents to Markdown. - microsoft/markitdown
github.com
December 13, 2024 at 8:25 PM
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Reposted by biazo
The cover for my book on how debuggers work is here!
Preorders are still 25% off: nostarch.com/building-a-d...
Preorders are still 25% off: nostarch.com/building-a-d...
December 14, 2024 at 12:05 AM
The cover for my book on how debuggers work is here!
Preorders are still 25% off: nostarch.com/building-a-d...
Preorders are still 25% off: nostarch.com/building-a-d...
Reposted by biazo
This is my annual reminder to y'all wonderful folks in infosec: please take care & you're important. Your physical & mental health are important aspects of your life. The work we do & the environments we work in can significantly impact these. There is no shame in taking care of yourself first.💜
December 12, 2024 at 1:00 AM
This is my annual reminder to y'all wonderful folks in infosec: please take care & you're important. Your physical & mental health are important aspects of your life. The work we do & the environments we work in can significantly impact these. There is no shame in taking care of yourself first.💜