fidgeting bits

@FidgetingBits

keyboard cowboy @ NCC

Vrijeme pridruživanja: studeni 2014.
2 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @FidgetingBits

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @FidgetingBits

  1. proslijedio/la je Tweet
    29. sij

    Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again?

    “To overcome these limitations, we drew inspiration from the Morris worm... which exploited the DEBUG vulnerability in Sendmail by executing the body of a mail as a shell script” oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247)
    Prikaži ovu nit
    23 proslijeđena tweeta 67 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    21. sij

    Any tips for dealing with inlined functions in ghidra? E.g., I’d like to say “this group of blocks is definitely its own function. Please treat that as scope for variable names, etc.”

    3 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Poništi
  3. 17. sij

    Anyone know of a way to suppress Windbg Preview spitting out the function name when it is run via 'dx @$scriptContents.method()'. The only suggestion I found here doesn't work

    1 proslijeđeni tweet
    Poništi
  4. proslijedio/la je Tweet
    19. pro 2019.

    Any interest for a new Windows kernel exploitation training on Windows 10 focusing on methodology and hands on exploitation? Analyzing one bug step-by-step from patch diffing up to exploitation, with a focus on generically targeting a previously unknown kernel component.

    11 replies 15 proslijeđenih tweetova 107 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    20. stu 2019.

    From the Captain himself.. some clarity about the Ghidra Version Tracking design goals

    RE: VT So the original impetus for Version Tracking was to find as much as possible that was *the same*, so that metadata (comments, labels, etc.) could be transferred from a previously reversed version.
    Prikaži ovu nit
    7 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    15. stu 2019.

    Used lib2to3 to migrate my IDA Python code away from the older IDC APIs. It's really gross and has issues, but maybe it'll help others too:

    12 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Poništi
  7. 14. stu 2019.

    The more in depth blog series is currently undergoing technical review, so we hope to start posting it relatively soon, but still not sure exactly when.

    3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 14. stu 2019.

    Here are my slides from about exploiting CVE-2018-8611: Super fun bug to exploit imo. Most common question was if the inc primitive is really practical. The answer is yes. Use a series of 8 single byte increments at different addr alignments.

    78 proslijeđenih tweetova 149 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    12. stu 2019.
    Odgovor korisniku/ci

    1903 use the delta compression API, maybe 1809 also moved to that. msdelta.dll is your friend for applying it (remove the first fourth bytes it is a CRC )

    1 reply 2 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    12. stu 2019.

    Hey followers, are MSUs for Windows 10 1809 not containing the actual patched PE files anymore? Seem they contain .exe, etc. files but they are small like 90kb and don't contain the MZ header, etc. Or am I doing it wrong?

    1 reply 1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Poništi
  11. 11. stu 2019.

    I had a great time at POC2019. Thanks for letting me present. You do a great job running the con. Seoul is a beautiful city and I will definitely return!

    1 reply 1 proslijeđeni tweet 17 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    8. stu 2019.

    Released to go with my talk, a project which contains a C# client for almost every ALPC RPC server on Windows 7 through Windows 10 1909. Could be useful for EoP research, fuzzing etc.

    5 replies 220 proslijeđenih tweetova 395 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    28. lis 2019.

    Microsoft symbol server is experiencing an outage. No ETA to a fix yet.

    8 replies 21 proslijeđeni tweet 40 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    20. lis 2019.

    I am writing a new method for to be able to write scripts for the diffing process. The idea is that, sometimes, there are some rules that can be used to match functions when diffing that, however, aren't generic and don't make sense to add as generic heuristics.

    3 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    10. lis 2019.

    Version Tracking Correlator for Patch Diffing Blog: Github (pre-alpha prototype!): Unlike the included binary-only Correlators, the Similarity Score of this ranges from 0 to 1. So you see how much a function changed.

    So what comes after Patch Tuesday? Right! Patch Diff Wednesday! Easy part (importing pre- and post-patch files) is done. Now trying to get to be useful for patch diffing. That is implement a non-binary corrector for function similarity.
    13 proslijeđenih tweetova 34 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    9. lis 2019.

    What would you use to debug a native library loaded by a closed-source Android APK? It seems gdb segfaults after setting a bp. Any thought?

    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    7. lis 2019.

    Someone are maintaining a version of VirtualKD (called VirtualKD-Redux) that supports (among other things) VMware Workstation 15.5.0.

    After upgrading vmware workstation pro 15.5.0 I cannot use VirtualKD, but VirtualKD seems no longer maintained......
    18 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    14. ruj 2019.

    Is there any open source grammar based fuzzer for Windows kernel APIs (similar to what domato is for browser)? Please RT

    6 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    13. ruj 2019.
    Odgovor korisniku/ci

    For structures, the technique of recompiling the PDB works great:

    Done reversing every undocumented structure of ? You can update any PDB (really ANY!) to use them in : 1. (Opt.) Backup the original PDB file 2. Compile the C file with the symbols to add 3. Move the new PDB in your sympath Src:
    1 reply 1 proslijeđeni tweet 18 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    13. ruj 2019.

    Does anyone know an IDA Pro plugin to create .pdb files based on function names and other symbols in the .idb? I've only found but nothing beyond that.

    7 replies 21 proslijeđeni tweet 78 korisnika označava da im se sviđa
    Poništi

@FidgetingBits još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·