¿Queres aprender sobre hardware hacking? ¿Tu empresa o productos utiliza hardware de terceros y no sabes cómo auditarlos? ¿Tenes dispositivos IoT en tu red y queres hacer un pentest? Anótate en mi training de la @ekoparty y aprende de forma práctica.
https://t.co/UgVb6aAJeM
Este año voy a estar dando un training sobre cómo auditar sistemas embebidos. Podes aprender a auditar desde un wireless router a un aire acondicionado smart de manera práctica.
We are super excited about releasing this advisory! Hope you enjoy it! ⚔️
Overwolf 1-Click Remote Code Execution (CVE-2021-33501)
Thanks @TheOverwolf for your great work fixing the issue!
https://t.co/584x8XL5ey
Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn't mention any of the vulnerabilities, here are 12 PoCs in 1 gist:
https://t.co/h31QO5rmde
Apple Lightning (cont.) - serial number reading
Explains what happens inside of Serial Number Reader app, why some old SNRs randomly stopped working as actual SNRs and what we can try to do about it
As always, read on your own risk!
https://t.co/53rrNUBOQk
Today we publish the details of a fault injection vulnerability affecting the MediaTek BootROM. We achieved code execution in the context of the Preloader, fully circumventing secure boot. Unpatchable. There’s a hole in your SoC: https://t.co/15HKWRKo5T
MAJOR UPGRADE!
Finally Demigod, a kernel module(.sys .ko .kext)emulator merged into Qiling.
Qiling now able to emulate both kernel module and binary with advanced instrumentation
https://t.co/6N3hq0JiGh
Tips: dev branch
Special thanks: @unicorn_engine@tuanit96@quangnh89
Enabling Flash Encryption on the ESP32 makes exploiting a Secure Boot bypass more complex.
We leveraged a design weakness in order to inject an arbitrary value in the encrypted data (CVE-2020-15048).
This value is then loaded into PC using an EM glitch!
https://t.co/zLWNfGmAdH
So yes, Zerologon (CVE-2020-1472) is quite easy to exploit. Unauthenticated user to Domain Admin. This is really scary. Run exploit, DCSync with DC account and empty NT hash: you have Domain Admin and a broken DC.
Awesome find by Tom Tervoort 🙂. Patch patch patch!
Lucid is a new and interactive IDA plugin that makes it effortless to study the Hex-Rays microcode as it flows through the decompilation pipeline:
BLOG: https://t.co/SQt42SNlmY
CODE: https://t.co/sNZHWqEMl6
🥁🥁🥁 We're ready to announce... #Ekoparty 2020 SPEAKERS!! 🔥
⚡️ https://t.co/qEBhSrnFKE ⚡️
From Russia to Mexico, from France to Argentina, head to our website for the full expert lineup! We're thrilled to have you all at #eko2020 🤩
Full timetable coming soon!
#pwndemic
New blog entry: An Exhaustively-Analyzed IDB for ComRAT V4. This is one of the most thorough analyses I've ever done; certainly the largest. https://t.co/aNGznvKMm8