I stumbled upon an interesting file on Any.run. The file in question is bff1fc0a497f275c6caf0d87eb680dc807639c9e. It has the name 7z2409-x64.exe. If we dig a bit through the file, we can easily see that it’s actually a Nullsoft installer: A quick search…
In this blog post we’ll look into how we can do a quick analysis of a golang binary. You can download the sample from here (thanks to Any.Run). I’ll only use two tools today (Far Manager and Hiew), but you…
Wih so many sources, it’s challenging to stay up to date with everything that’s going on in the cybersecurity world. So here is a tool that collects, summarizes (using Google’s Gemini AI), and delivers the latest cybersecurity news directly to…
First, install Frida on your local system. Now, we need to download frida-server, and copy it on the Android phone. We’ll assume it’s this one: frida-server-16.3.3-linux-arm64.xz. If you want to run a specific app, execute frida-ps -U -ai and copy…
dumpsys is a great tool if you’re interested in finding out more about the system services running on your Android device. For example, you can get data about the accounts on the device, network configurations, memory, sensors, etc. First, use…
In this post we’ll set up a reverse shell on the Lineage OS Android distribution, but same can be achieved on other distros as well. First, let’s see how to install Lineage OS on your device. Feel free to skip…
Affected Product: TP-Link TL-WA855RE Version: tested on TL-WA855RE(EU)_V5_200415 (possible earlier versions too) Description: TP-Link TL-WA855RE V5 20200415-rel37464 Devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker…
If you’re interested in removing some of the memory protections (especially around RWX) in the Linux kernel version 5+, here are some pointers: In the arch folder, edit the Kconfig file, and look for config STRICT_KERNEL_RWX and config STRICT_MODULE_RWX. You…
If you ever want to disable the WriteProtect (WP) bit you’ll need to read/write access to the CR0 register. The problem is that the write_cr0 function provided by the linux kernel has been tweaked to prevent this exact thing. Here…
Here is a really small Go reverse shell (30-ish lines of code that includes comments). Environment setup: Download/install Go from here. If you use Windows, you may want to download/install the TDM-GCC compiler from here as well. Code: First, we…