Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


u0m3 last won the day on October 13

u0m3 had the most liked content!

Community Reputation

221 Excellent


About u0m3

  • Rank
    Registered user
  • Birthday 12/14/87

Profile Information

  • Gender
  • Location
  • Interests


  • Location

Recent Profile Visitors

1531 profile views
  1. Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS. Link: https://www.riscure.com/publication/escalating-privileges-linux-using-fault-injection/
  2. Si nu numai Word... Iar pentru cine e interesat de aceasta "functionalitate", aici este un articol care discuta DDEAUTO: https://www.endgame.com/blog/technical-blog/bug-feature-debate-back-yet-again-ddeauto-root-cause-analysis Update Metode de mitigare https://www.peerlyst.com/posts/no-macros-no-problem-how-microsoft-office-dde-attacks-work-and-how-to-block-them-barkly https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b Si inca un vector:
  3. Synopsis: Cameradar hacks its way into RTSP CCTV cameras. An RTSP stream access tool that comes with its library. Link: https://github.com/EtixLabs/cameradar
  4. Synopsis: Noriben is a Python-based script that works in conjunction with SysInternals Procmon to automatically collect, analyze, and report on run-time indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Link: https://github.com/Rurik/noriben
  5. Synopsis: In past blog posts, we shared our approach to hunting for traditional in-memory attacks along with in-depth analysis of many injection techniques. As a follow up to my DerbyCon presentation, this post will investigate an emerging trend of adversaries using .NET-based in-memory techniques to evade detection. I’ll discuss both eventing (real-time) and on-demand based detection strategies of these .NET techniques. At Endgame, we understand that these differing approaches to detection and prevention are complimentary, and together result in the most robust defense against in-memory attacks. Link: https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
  6. Synopsis: Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. Link: https://github.com/redcanaryco/atomic-red-team (via https://twitter.com/redcanaryco/status/918236402814394368)
  7. Synopsis: UEFITool is a cross-platform C++/Qt program for parsing, extracting and modifying UEFI firmware images. It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool's structure mode with some additional features, but the program's engine was proven to be usefull for another projects like UEFIPatch, UBU and OZMTool. Link: https://github.com/LongSoft/UEFITool
  8. Synopsis: PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. Link: https://github.com/ufrisk/pcileech/
  9. Synopsis: A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Sysmon and Windows Events logs. This project will provide specific chains of events exclusively at the host level so that you can take them and develop logic to deploy queries or alerts in your preferred tool or format such as Splunk, ELK, Sigma, GrayLog etc. This repo will follow the structure of the MITRE ATT&CK framework which categorizes post-compromise adversary behavior in tactical groups. In addition, it will provide information about hunting tools/platforms developed by the infosec community for testing and enterprise-wide hunting. Link: https://github.com/Cyb3rWard0g/ThreatHunter-Playbook
  10. Synopsis: From the attacker’s perspective, the more logical way to do things nowadays is to simply move to the next level down into the software stack — after boot code, that is the way to the BIOS. Intel Boot Guard is an excellent example of a complex technology where exist a lot of places where making a small mistake allows an attacker to bypass full technology. Link: https://medium.com/@matrosov/bypass-intel-boot-guard-cc05edfca3a9
  11. Your Computer’s Hard Drive Can Be Used to Listen to What You’re Saying Link: https://blog.hackster.io/your-computers-hard-drive-can-be-used-to-listen-to-what-you-re-saying-808b83f19f80
  12. Disassembler and Runtime Analysis (or how IDA Pro has some difficulties when displaying correctly the assembly of the patched run-time whilst using a Graph view) Link: http://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html
  13. C# chat, Open new Chat window (Like popup) on LAN

    At a first glance at your code, you have some logic issues: the code you removed because it does not behave like you expected attempt to create a new instance of Form1 which is essentially itself (including all the socket stuff) the above mentioned code is supposed to be run on an <ENTER> key press, and display the received message in a new window, but that's not how events work: you need to define an event for when you receive the message and then check if you have a window for that client/person/nick/etc and if you don't, pop up a new one you use Yahoo Messenger as an example, but Yahoo Messenger was using a client (the aforementioned Yahoo Messenger) and a server (the Yahoo servers); your applications seems to be IP to IP UDP so you have to adjust accordingly Also in my opinion, it's a bad idea to have the network stuff in the GUI thread. My first suggestion would be to first define a communication protocol: a way to serialize data so you have an easy way to determine what goes where. This also covers message receiving signaling since you are using UDP. Now depending on what you want to achieve, you could go several ways as far as implementation goes: If you want to keep it as a p2p application, the simplest solution is to open a new application instance for each ip-port tuple (meaning for each client designated by an IP:Port combination you will launch an instance of the application) If you would like to allow for things such as a discussion channel or conference channel or what ever you want to call it: a way for your message to be received by more than one person without sending it to everyone, you could use IP Broadcast or IP Multicast. And for private messages you could either tell the application to disregard the messages if it's not meant for them or have the protocol open a private connection using the individual IP addresses. If you want to replicate the Yahoo Messenger "architecture" you would make two applications: one would be a server and one would be a client If I will have time I will try to make you a small demo.
  14. https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/
  15. Sorry it's an info-sec/hacking forum... you'll need to figure it out for yourself... I'll give you a hint: it's about the text not the actual link (as in the contents of the a tag not the contents of a href attribute)