Browsing CategorySecurity Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Security Research

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Security Research

Hacking Smart Devices for Fun and Profit

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

Security Research

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Security Research

Living Off Windows Land – A New Native File “downldr”

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Security Research

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

❗ "Zero day" are two of the most frightening words for any IT leader. Understand how these attacks bypass tradition… https://t.co/m76WOWkcP753 minutes ago
Your legacy Intel software may appear to run just fine on Apple silicon thanks to Rosetta 2, but what are the per… https://t.co/yCP5Fx1u8Yabout 1 hour ago
️ IoT Devices That Are Susceptible to Hacking. Let’s start by identifying the devices that pose the greatest risk… https://t.co/AoURhNXRUd3 hours ago
FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through m… https://t.co/rPGqxvZBUN4 hours ago

0 / 125

Browsing CategorySecurity Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Misusing msvsmon and the Windows Remote Debugger

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Hacking Smart Devices for Fun and Profit

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Living Off Windows Land – A New Native File “downldr”

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

Adventures From UEFI Land: the Hunt For the S3 Boot Script

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor