This year @binarly_io has also expanded their sponsorship to the creation of a new Firmware Security Learning Path!
This captures current and future plans for classes involving security in the deep-dark of firmware! But Binarly is starting to give visibility into what's going on there with their binary analysis platform.
Link to full PDF below.
If you find yourself wanting a pdf for a single instruction (Intel || AMD), and not dealing with the entire manual: https://t.co/j8m08uYPAm<instruction>.pdf
You can see the index @ https://t.co/j8m08uYPAm
Just as an alternative to FelixCloutier’s site, it will update every new edition.
📣"Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" is now released!📣
https://t.co/QRXaryNVFe
This class teaches you about the 30+ data types that the Blue2thprinting software can collect and surface for when you're trying to determine what a device is, and whether it has any known vulnerabilities. New in v2.0+ is the BTIDALPOOL crowdsourcing server for researchers to push & pull data about devices they've discovered.
Finalizing a series of lectures updating my Hypervisor Vulnerability Research course on the period 2021-2025
MASSIVE new developments across virtualization hardware technology, hypervisor fuzzing, emergent attacks, and exploit competitions 🔥 @zerodaytraining
So far, I have already written 15 articles (1045 pages), which have been published on my blog:
blog: https://t.co/UpYLkSS6GB
ERS: Exploiting Reversing Series (currently at 439 pages, with continued progress underway):
[+] ERS 05: https://t.co/rdaPMOm4WM
[+] ERS 04: https://t.co/Vf0Fnwf0tc
[+] ERS 03: https://t.co/4lo5Hi0gnd
[+] ERS 02: https://t.co/6SNMK1tBkd
[+] ERS 01: https://t.co/YMTSBl59VC
MAS: Malware Analysis Series (606 pages -- finished):
[+] MAS 10: https://t.co/eS2S5fVqjl
[+] MAS 09: https://t.co/2RTyR4Foqj
[+] MAS 08: https://t.co/yvXoY9uoDH
[+] MAS 07: https://t.co/DIcpSdQRqo
[+] MAS 06: https://t.co/AvjPAaSP1f
[+] MAS 05: https://t.co/4wFVoBFCAr
[+] MAS 04: https://t.co/PE7JeELxvO
[+] MAS 03: https://t.co/QXa2To5rfk
[+] MAS 02: https://t.co/BPt9L7Q7oo
[+] MAS 01: https://t.co/vGnT26NgsP
I'll soon begin writing the next articles in the Exploiting Reversing series, which will focus on vulnerability and exploitation, once I've laid all the necessary groundwork.
Enjoy reading and have a great day.
#windows #iOS #macOS #cybersecurity #infosec #chrome #kernel #malware #reverseengineering #vulnerability #research #hypervisor
🚨 Vuln Research in Video Games
☑️ CVE Analysis, Patch Analysis & Code Review
✅ CVE-2020-14938 = Heap-based Buffer Overflow
☑️ CVE-2020-14939 = Arbitrary Code Execution
⭐️ Can We Bypass Their Patch? Yes we can!
🔗https://t.co/sJce6VpeKJ
Join me this Friday at 11AM PT on the @offby1security stream with the good folks from @dreadnode for a session on offensive/adversarial AI. Details coming soon!
I will be streaming a portion of the SANS SEC660 course I'm teaching today in DC on Introduction to Windows Exploit Development. We will use ROP to get around DEP on Windows 11.
1PM PT
https://t.co/zA5mSlhiC0
If there's interest I was thinking about doing a stream for an hour this Friday while I'm teaching a class on introductory Windows exploit development. Next Friday I'm hoping to continue turning the recent patch diff we did on ole32.dll into a crash condition PoC.
🥳We're happy to say that we've passed 29k registered OST2 students! Keep letting people know about our classes via your RTs and word of mouth, and we'll keep finding new future instructors!🎊
This class dovetails nicely with the "Secure Development / Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities" class (https://t.co/m4qca6WZsu), which introduces fuzzing as a necessary tool in both the developer and vuln hunter's toolbox, but which left more detailed examination for future classes like this.
The "Fuzzing 1001: Introductory white-box fuzzing with AFL++" class by Francesco Pollicino has been finalized, and will be publicly released in 2 weeks (June 30th).
A great day for a VR and RE newsletter 🗞️
New remote Android attack surfaces from @natashenka
Results of the RP2350 challenge
WebKit RCE from @qriousec
Some linux bugs
+ Jobs and MORE 👇
https://t.co/EflmUB3oje
Time For Another Weekly VR/RE Round Up 📰 EC #54
@Doyensec fuzzes ksmbd
AMFI RE and a TCC Bypass From @patch1t
Windows Exploit Dev Resource Round-Up @7etsuo
Stream Deck RE
+ Jobs and MORE 👇
https://t.co/gzjeNyw3XB