home.social

#binaryexploitation — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #binaryexploitation, aggregated by home.social.

  1. sekurak News @[email protected] ·

    Trywialna podatność w FortiWeb Fabric Connector pozwalająca na obejście uwierzytelniania – FortMajeure

    W tym tygodniu, na sekuraku, ogłaszamy tydzień fortinetowy. Przybliżamy już drugą podatność w oprogramowaniu tego producenta. Tym razem chodzi o FortMajeure (w wolnym tłumaczeniu: siła wyższa), która otrzymała identyfikator CVE-2025-52970. Wyceniona na 7.7 w skali CVSS, FortMajeure pozwala na obejście procesu uwierzytelniania. Atakujący jest w stanie uzyskać dostęp do panelu...

    #WBiegu #BinaryExploitation #FabricConnector #Fortinet #Podatność #Websec

    sekurak.pl/trywialna-podatnosc

    #wbiegu #binaryexploitation #fabricconnector #fortinet #podatnosc #websec
  2. Gildásio Júnior @gildasio ·

    I wrote this post almost 2 months ago but forgot to turn it public. 😅

    Now here is it. I appreciate any feedback :)

    Some lessons learned doing [email protected]
    gildasio.gitlab.io/posts/lesso

    #binaryexploitation #exploit #exploiteducation
  3. Gildásio Júnior @gildasio ·

    I did not know we can call functions to execute from gdb. That is pretty interesting :P

    sourceware.org/gdb/current/onl

    #binaryexploitation #pwn #gdb #debugging
  4. Gildásio Júnior @gildasio ·

    Last days I was doing phoenix from exploit.education. After exploiting them I like to read writeups to learn new tips. To my surprise people assumed some are unexploitable due to \n on address they need to write to. Here is a tip to pass.

    Just a side note: I successfully exploited all exercises on both x86 and x64 architectures (except for final-two that seems to be unexploitable at all).

    #binaryexploitation #pwn
  5. Gildásio Júnior @gildasio ·

    Always remember to take into account how the binary was built. I was trying to exploit a simple format string bug using positional parameters but this was not working, until @KampetL
    remember me this. GLIBC doesn´t care about this rule, while MUSL does.

    #binaryexploitation #pwn
  6. jfk @[email protected] ·

    @0xor0ne Very nice to see more and more universities opening up their hands-on #infosec courses.

    Another really nice one for #binaryexploitation and #reverseengineering is pwn.college/. They even send you a yellow/blue belt if you do all their exercises! 🥋

    #reverseengineering #binaryexploitation #infosec
  7. Astra Kernel :verified: @[email protected] ·

    Reverse Engineering For Everyone! @mytechnotalent

    👉 x86, x64, 32 and 64 bit ARM architectures

    👉 You can get the entire tutorial set in PDF or MOBI format

    0xinfection.github.io/reversin

    #infosec #ReverseEngineering #MalwareAnalysis #BinaryExploitation

    #infosec #reverseengineering #malwareanalysis #binaryexploitation
  8. Astra Kernel :verified: @[email protected] ·

    💻 A Noob's Guide To ARM Exploitation

    ad2001.gitbook.io/a-noobs-guid

    👉 ARM Basics
    👉 Buffer overflows
    👉 Integer overflows
    👉 Rop chains
    👉 Heap exploitation
    👉 ARM64 exploitation and much more.

    #infosec #exploitation #binaryexploitation #ExploitDevelopment #reverseengineering

    #infosec #exploitation #binaryexploitation #exploitdevelopment #reverseengineering
  9. Astra Kernel :verified: @[email protected] ·

    Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

    👉 Execute arbitrary code on affected installations

    👉 Authentication not required

    👉 Only systems with ksmbd enabled

    zerodayinitiative.com/advisori

    #infosec #cve #vulnerabilities #linux #kernelexploit #binaryexploitation #exploitation

    #infosec #cve #vulnerabilities #linux #kernelexploit #binaryexploitation
  10. Astra Kernel :verified: @[email protected] ·

    ✨ Avoiding Detection with Shellcode Mutator

    ▶️ Mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious

    Repository:
    github.com/nettitude/Shellcode

    Article:
    labs.nettitude.com/blog/shellc

    #shellcode #redteaming #pentesters #redteamtips #infosec #exploitation #binaryexploitation

    #shellcode #redteaming #pentesters #redteamtips #infosec #exploitation
  11. Astra Kernel :verified: @[email protected] ·

    POC for Linux privilege escalation Vulnerability "CVE-2022-2602": DirtyCred File Exploitation applied on an io_uring UAF

    Poc:
    github.com/kiks7/CVE-2022-2602

    Article:
    blog.hacktivesecurity.com/inde

    #infosec #privesc #linux #linuxexploits #kernelexploitation #binaryexploitation #exploitation

    #infosec #privesc #linux #linuxexploits #kernelexploitation #binaryexploitation
  12. Astra Kernel :verified: @[email protected] ·

    Free Offensive Software Exploitation Course - Binary Exploitation tutorial

    GitHub course link:
    github.com/ashemery/exploitati

    YouTube video version:
    youtube.com/playlist?list=PLCS

    #bufferoverflow #binaryexploitation #infosec #offsec #WindowsExploitation #appsec

    #bufferoverflow #binaryexploitation #infosec #offsec #windowsexploitation #appsec
  13. karmanyaahm @[email protected] ·

    Check out my blog posts about #binaryexploitation #pwning challenges in BCACTF 2022

    karmanyaah.malhotra.cc/puzzles
    karmanyaah.malhotra.cc/puzzles

    #ctf #pwn #hacking

    #hacking #pwn #ctf #pwning #binaryexploitation
  14. karmanyaahm @[email protected] ·

    Check out my blog posts about #binaryexploitation #pwning challenges in BCACTF 2022

    karmanyaah.malhotra.cc/puzzles
    karmanyaah.malhotra.cc/puzzles

    #ctf #pwn #hacking

    #hacking #pwn #ctf #pwning #binaryexploitation