Category Security

Search app memory with Frida

First, install Frida on your local system. Now, we need to download frida-server, and copy it on the Android phone. We’ll assume it’s this one: frida-server-16.3.3-linux-arm64.xz. If you want to run a specific app, execute frida-ps -U -ai and copy…

CVE-2020-24363 TL-WA855RE V5 advisory

Affected Product: TP-Link TL-WA855RE Version: tested on TL-WA855RE(EU)_V5_200415 (possible earlier versions too) Description: TP-Link TL-WA855RE V5 20200415-rel37464 Devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker…

Tiny Go reverse shell

Here is a really small Go reverse shell (30-ish lines of code that includes comments). Environment setup: Download/install Go from here. If you use Windows, you may want to download/install the TDM-GCC compiler from here as well. Code: First, we…

Basic API hooking using detours

Below is a basic example on how to use the detours library to hook APIs. #include <stdio.h> #include <windows.h> #include <detours.h> // API that we want to hook DWORD (WINAPI * Real_SleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; // This function…

bytefuzz v1.3 and the domato fuzzer

I’ve made some changes to bytefuzz to support files generated by other fuzzers. I’ve used the domato fuzzer to generate 1000 html files and then through bytefuzz, I’ve sent those files to a browser that I use when I do…