Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


u0m3 last won the day on October 4 2019

u0m3 had the most liked content!

Community Reputation

413 Excellent


About u0m3

  • Rank
    Registered user
  • Birthday 12/14/1987

Profile Information

  • Gender
  • Location
  • Interests


  • Location

Recent Profile Visitors

5870 profile views
  1. Abstract: Browsers are complicated enough to have attack surface beyond memory safety issues. This talk will look into injection flaws in the user interface of Mozilla Firefox, which is implemented in JS, HTML, and an XML-dialect called XUL. With an Cross-Site Scripting (XSS) in the user interface attackers can execute arbitrary code in the context of the main browser application process. This allows for cross-platform exploits of high reliability. The talk discusses past vulnerabilities and will also suggest mitigations that benefit Single Page Applications and other platforms that may suffer from DOM-based XSS, like Electron. Link: https://frederik-braun.com/firefox-ui-xss-leading-to-rce.html
  2. Link: https://github.com/EdOverflow/can-i-take-over-xyz Este un repository pe GitHub ce contine discutii/lista cu CDN-uri sau alte servicii de web hosting, susceptibile la sub-domain take-over.
  3. Synopsis: Blog series about Alex Matrosov and Alexandre Gazet joint Black Hat research "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" presented last week in Vegas. Link: https://medium.com/@matrosov/breaking-through-another-side-bypassing-firmware-security-boundaries-85807d3fe604 Via:
  4. Series Overview This series is intended for readers who are interested in reverse engineering, but have only opened a debugger a handful of times. If you have trouble with certain concepts of reverse engineering, tooling, disassembly or debugging then you’ve come to the right place. Starting from the ground up we’ll work our way to advanced topics that aid in automating the reversal process such as heuristic analysis using a disassembly engine, and return oriented programming. If you’re new it’s recommended you start from the first article and work your way through the series, as it’s meant to guide you through the intricacies of the architecture and operating system structures. This series does expect the reader to have prerequisite knowledge of a native programming language such as C, C++, Rust, etc. Native meaning compiled to a native machine language, as opposed to interpreted. I do not cover reverse engineering Java Byte Code. If you don’t have a background in a compiled programming language this series may be confusing and esoteric. Otherwise, you’re in good hands! This series is written for reverse engineering on a 64-bit Windows OS. Windows 10 will be the OS that the author is working in, and all examples will be relevant to Windows 10 and the Intel64/AMD64 architecture. You’ll certainly be able to take what you learn from this series and apply it to other architectures and operating systems, however, you’ll have to adapt to any changes present on those platforms. Also worth noting that I will address 64-bit Assembly in detail with a small subsection regarding 16-bit and 32-bit assembly to help solidify the readers understanding of x64 Assembly. All that being said, if you’re familiar with reverse engineering and interested in a specific topic then feel free to skip around, and visit the sections you find most interesting! It’s by no means linear, but if you’re starting out going in order will be much less confusing. Note: The documentation referenced will be the Intel and AMD SDM, among other books, articles, and blogs. I’ve decided for this series that, in order to reduce the length of my articles, I’m going to cover topics in their own separate post. They will be linked here so they’re easy to find from the main navigation bar on the left side of the site. Link: https://revers.engineering/applied-reverse-engineering-series/ Via:
  5. Description: Link: https://github.com/dowjones/hammer
  6. Oamenii acestia nu au "gandit in afara cutiei", ci "in afara sistemului solar"...
  7. Synopsis: A simple misconfiguration can lead to Stored XSS. Link: https://medium.com/@nahoragg/chaining-cache-poisoning-to-stored-xss-b910076bda4f
  8. Synopsis: In external and red team engagements, we often come across different forms of IP based blocking. This prevents things like password brute forcing, password spraying, API rate limiting, and other forms of IP blocking like web application firewalls (WAFs). IP blocking has always been a simple and common way of blocking potentially malicious traffic to a website. The general method of IP based blocking is to monitor for a certain type of request or behavior, and when it is found, disable access for the IP that the request or behavior came from. In this post, we walk through the need for and creation of a Burp Suite extension that we built in order to easily circumvent IP blocking. Source: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
  9. Ce propune domnul @kadytgv este deja pus in aplicare de anumiti indivizi (nu stiu cu ce grad de succes). Website: https://www.tracelabs.org/ Promo:
  10. Ca sa va distrati putin si sa va gadilati paranoia https://iknowwhatyoudownload.com/en/peer/ (nu functioneaza decat cu IPv4). Parerea mea (total neavizata si lipsita de orice urma de importanta), daca vrei neaparat sa nu ai probleme, inchiriezi un server intr-un datancenter ce este intr-o tara cu legislatie mai laxa din acest punct de vedere (ideal ar fi si sediul acelei firme sa fie tot intr-o astfel de tara), si tii acolo clientul de torrents. Iar de acolo le iei prin ssh (scp/sftp). Daca ceea ce am prezentat mai sus suna prea complicat, o alta sugestie ar fi sa: dezactivezi din clientul de torrent orice metoda de a descoperi peers/seeds in afara tracker-ului activezi doar conexiuni securizate/criptate (desi nu sunt sigur ce impact ar avea asupra disponibilitatii seeds/peers) DISCLAIMER: Sunt Roman. Desi (probabil) nu stiu stiu despre ce e vorba, eu am o opinie puternica, si sunt sigur ca opinia mea e adevarul absolut, iar telul meu in viata, dat de la Ceruri, este sa conving restul lumii de adevarul meu.
  11. Synopsis: Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more. Link: https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 Stiu ca e destul de "fumat" subiectul, dar mi s-a parut interesant articolul.
  12. Link: https://github.com/Kevin-Robertson/InveighZero Source:
  13. Title: Analysing RPC With Ghidra and Neo4j Synopsis: Hunting for new lateral movement techniques or interesting ways to execute code can be a nice way to sink some free time. With Windows spawning numerous RPC services on boot, finding unusual execution techniques is sometimes as simple as scratching just below the surface. And often the payoff far outweighs the time to discovery, with SOC or EDR vendors focusing on the more common published techniques, identifying a new way to introduce code execution on a host can throw a spanner in the works of the investigating team. In previous posts I've tried to look at different ways to mix up common attack signatures. Since working on posts exploring Mimikatz and lsass internals, I've had a few requests for information on how the demonstrated lsass DLL loading techniques were found, and how it may be possible to identify others. So in this post I wanted to present a workflow which I have found to be a useful when looking at Windows RPC method internals, and walk through some of the techniques I've used to minimise the grinding required to hunt for interesting vectors. Source: https://blog.xpnsec.com/analysing-rpc-with-ghidra-neo4j/ Via:
  14. u0m3

    Fun stuff

    Asta e o postare in stilul Times New Roman, nu? Ca daca e realitatea... e vai de noi.
  • Create New...