Corey Gardnercoreyscorner.hashnode.dev·Apr 25, 2024Safeguarding the Stack: Ornithology of Stack CanariesDuring the industrial era canaries were given the unforgiving job of determining if working conditions were "safe" for coal miners. Within coal mines toxic fumes can build up, and oxygen can become scarce. The life of the canary was a litmus test for...DiscussStack Overflow
Reza RashidiforRedTeamReciperedteamrecipe.com·Apr 25, 2024ASLR Exploitation TechniquesAddress Space Layout Randomization (ASLR) is a security technique used in operating systems to protect against certain types of cyber attacks, particularly buffer overflow attacks. Here’s an overview of ASLR: What is ASLR? ASLR is a feature implement...Discuss·217 readsaslr
Sukrit Duasukritdua.com·Mar 8, 2024Android Hacking - Part 5Activities What is an Activity? Activities are simply the screens we see when we open an application. Let's say we are greeted with the following Screens (Activities) Login page (LoginActivity.java) Profile page (ProfileActivity.java) Settings pag...DiscussMobile Security Android
Thomas Staceythomas.stacey.se·Mar 5, 2024Outpost24 Blog - Cross-site scripting attacks in action and how to protect against themWrite-up In this blog post, my colleagues at Outpost24 and I walkthrough some of the wilder Cross-Site Scripting attacks we've managed to conceive recently, and highlight the importance of considering context when crafting an impactful exploit.DiscussOutpost24
Greg BulmashforGitGuardiangitguardian.hashnode.dev·Jan 29, 2024Five Ways Your CI/CD Tools Can Be ExploitedWe've talked about how Continuous Integration and Continuous Delivery (CI/CD) tools can be a source of secrets sprawl. While it's not as insecure as leaving them laying around in a publicly accessible file, CI/CD pipelines can be exploited in a numbe...DiscussSecurity
Thomas Staceythomas.stacey.se·Dec 11, 2023Making Web Cache Deception Critical in 30 MinutesWeb Cache Deception, first discovered (I think...) here, is a rare attack class that enables an attacker to trick users into storing sensitive information in a server-side cache for later retrieval. Unfortunately, throughout all my adventures so far,...Discuss·181 readsWeb Cache Deception
d0razid0razi.hashnode.dev·Nov 19, 2023Stack pivotingStack pivoting이란? ROP를 해야하는데 ret까지 밖에 bof가 가능할 때 사용 가능한 기법입니다. 특정 영역에 Write 권한이 있을때 영역에 가젯들을 세팅해놓고 sfp를 조작하고 ret에 leave; ret 가젯을 넣어서 원하는 주소를 실행시킬 수 있습니다. leave; ret 가젯 leave와 ret 명령어는 각각 아래와 같은 동작을 합니다. leave mov esp, ebp pop ebp ret pop eip jmp...DiscussPwnable
The CyberShield Chroniclescyberinsights.hashnode.dev·Oct 27, 2023Unveiling the iLeakage Threat in Apple SafariExecutive Summary On October 26, 2023, a group of academic researchers hailing from Georgia Tech, the University of Michigan, and Ruhr University Bochum made waves by unveiling a proof-of-concept (POC) for a speculative side-channel attack they dubbe...Discuss·45 readsApple
The CyberShield Chroniclescyberinsights.hashnode.dev·Sep 23, 2023Apple Issues Updates Addressing Three Newly Discovered Zero-Day VulnerabilitiesThreat Analysis On September 21, 2023, Apple took swift action by issuing critical security updates to address three previously undisclosed zero-day vulnerabilities that had been exploited in targeted attacks against users of iPhone and Mac devices. ...DiscussApple
rootforKnowledge Baseiq.thc.org·Sep 14, 2023How does Linux start a processIn this article, you will learn what happens inside the Linux Kernel when a process calls execve(), how the Kernel prepares the stack and how control is then passed to the userland process for execution. I had to learn this for the development of Zap...Discuss·10 likes·42.9K readshacking