SeanP

joined 2 years ago
sorted by: new top controversial old
1
AWS IoT Core: A Compromised Device Perspective (seanpesce.blogspot.com)
 

I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this blog post, as well as a command-line tool to help with enumeration and data harvesting during security assessments of products that interact with AWS IoT Core.

1
Finding Gadgets for CPU Side-Channels with Static Analysis Tools (github.com)
 

Google researchers Jordy Zomer & Alexandra Sandulescu explain how they used CodeQL to discover Spectre-v1 gadgets in the Linux kernel.

1
Android SELinux Internals (8ksec.io)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
 

"This is part 1 of a 2-part series on Android SELinux Internals where we will do a deep dive into the world of SELinux on Android and understand its inner workings, along with its functionalities and benefits. We'll discuss how SELinux provides security on Android devices and ways to bypass it."

1
LibreOffice Arbitrary File Write (CVE-2023-1883) (secfault-security.com)
 

Write up by Secfault Security

2
CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & DoS PoC (jfrog.com)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
2
Day[0] Podcast (DayZeroSec) - a deeply technical podcast that covers infosec news, vulnerabilities/exploits, and per-episode "Spot the Vuln" challenges (youtube.com)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
1 comments fedilink
 

In my opinion, this is far-and-away the best infosec audio/video content out there (and no, I'm not affiliated in any way).

https://dayzerosec.com/
https://twitch.tv/dayzerosec
https://youtube.com/c/dayzerosec
https://twitter.com/dayzerosec

2
One-click Open-redirect to own Samsung S22 at Pwn2Own 2022 (starlabs.sg)
 

"In this article, we will dive into the details of an open-redirect vulnerability discovered during the Pwn2Own 2022 event and how we exploited it on a Samsung S22 device. By breaking down the technical aspects and using code snippets, we aim to provide a comprehensive overview of this critical security flaw."

1
Discovering vulnerabilities in Android permissions using a solver approach (blog.thalium.re)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
 

"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."

1
An Introduction to the Art of Fuzzing (bushido-sec.com)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
 

Bushido Security | "This fuzzing introduction covers all the essentials one should know about the art of fuzzing. It explains major concepts and illustrates them with hands-on exercises the reader can follow."

2
Exploiting null Dereferences in the Linux Kernel | Project Zero (googleprojectzero.blogspot.com)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
1
Check out /m/NetSec! (kbin.social)
 

Like Reddit's /r/netsec, I'd like to make /m/NetSec the primary Magazine for highly-technical and curated infosec content (e.g., in-depth vulnerability and exploitation write-ups).

This Magazine (/m/Cybersecurity) and /m/InfoSec can be for more general infosec news and meta-discussions.

Also, don't forget to check out /m/ReverseEngineering if you're interested in reversing!

2
0DayFans - an aggregator for vulnerabilities and other infosec news (0dayfans.com)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
 

Made by the creators of the DayZeroSec podcast

view more: next ›