malwrforensics

malwrforensics

threatintelrss

Wih so many sources, it’s challenging to stay up to date with everything that’s going on in the cybersecurity world. So here is a tool that collects, summarizes (using Google’s Gemini AI), and delivers the latest cybersecurity news directly to…

Search app memory with Frida

First, install Frida on your local system. Now, we need to download frida-server, and copy it on the Android phone. We’ll assume it’s this one: frida-server-16.3.3-linux-arm64.xz. If you want to run a specific app, execute frida-ps -U -ai and copy…

CVE-2020-24363 TL-WA855RE V5 advisory

Affected Product: TP-Link TL-WA855RE Version: tested on TL-WA855RE(EU)_V5_200415 (possible earlier versions too) Description: TP-Link TL-WA855RE V5 20200415-rel37464 Devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker…

Enable CR0 write in Linux kernel 5+

If you ever want to disable the WriteProtect (WP) bit you’ll need to read/write access to the CR0 register. The problem is that the write_cr0 function provided by the linux kernel has been tweaked to prevent this exact thing. Here…

Tiny Go reverse shell

Here is a really small Go reverse shell (30-ish lines of code that includes comments). Environment setup: Download/install Go from here. If you use Windows, you may want to download/install the TDM-GCC compiler from here as well. Code: First, we…

Basic API hooking using detours

Below is a basic example on how to use the detours library to hook APIs. #include <stdio.h> #include <windows.h> #include <detours.h> // API that we want to hook DWORD (WINAPI * Real_SleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; // This function…