ExiaHan

We spotted an attack in the wild that uses CVE-2019-2215, a #vulnerability in Android. Find out how this attack works, and how you can defend against it: http://bit.ly/2QFpt3f pic.twitter.com/2Pi7DRnorC

Version 3.5 is out with the Ghidra decompiler integrated in Carbon (no Ghidra or Java installation necessary). The decompiler features navigation, comments and renaming of functions, labels and variables. Happy hacking!pic.twitter.com/gmELfGWvgp

Analyzing Kony Mobile Applications #MobileSecurity @fridadotre by Terry Chia https://www.ayrx.me/analyzing-kony-mobile-applications …pic.twitter.com/sm6rH9aJnj

Close to releasing the first version of Carbon with the Ghidra decompiler. Just built on Linux and seems to work nicely! Few days and it should be good to go... ;)pic.twitter.com/tCjA9viYP8

It's time to change your password, friends Crazy world. https[:]//xposedornot.com/xposedpic.twitter.com/CmwqAEOMlo

Citrix Netscaler AMIs on @awscloud default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. CVE-2019-19781 from nobody to ssh as root in seconds.pic.twitter.com/an2jZ7qtcM

Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html … Part 2: a Remote ASLR Bypass https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-2.html … Part 3: Gaining Code Execution https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html … #MobileSecurity #iOSsecurity by @5aelo and @ProjectZeroBugspic.twitter.com/VxdXHuDxb1

I'm releasing ghidra scripts that I made for pwn and reversing tasks, starting with this set of scripts to replace linux/libc magic numbers with readable names for aarch64, amd64/i386, arm/thumb, hppa, m68k, mips, ppc, ppc64, sh, sh4, sparc and sparc64. https://github.com/0xb0bb/pwndra pic.twitter.com/o1JPjyjgga