Android 7 Code Dump
contains the source code for U-Boot, a boot loader for
Embedded boards based on PowerPC, ARM, MIPS and several other
this and muuuuch more Android 7 Code Dump you find at:
ππΌ Confidential and Proprietary:
https://github.com/exconfidential
π‘ @NoGoolag
#android #code #dump #ROM #dev
contains the source code for U-Boot, a boot loader for
Embedded boards based on PowerPC, ARM, MIPS and several other
this and muuuuch more Android 7 Code Dump you find at:
ππΌ Confidential and Proprietary:
https://github.com/exconfidential
π‘ @NoGoolag
#android #code #dump #ROM #dev
Forwarded from BlackBox (Security) Archiv
F5 Big-IP RCE writeup + full exploit
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. The advisory states that the vulnerability impacts a variety of capabilities when exploited, including the ability to execute arbitrary Java code, which stood out to us.
π ππΌ https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
π ππΌ https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
#f5 #ip #remote #code #execution #exploit #teamares #poc #writeup
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. The advisory states that the vulnerability impacts a variety of capabilities when exploited, including the ability to execute arbitrary Java code, which stood out to us.
π ππΌ https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
π ππΌ https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
#f5 #ip #remote #code #execution #exploit #teamares #poc #writeup
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Allow arbitrary URLs, expect arbitrary code execution
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, β¦) hosted on an internet accessible file share (nfs, webdav, smb, β¦) is opened, or an additional vulnerability in the opened applicationβs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, β¦) hosted on an internet accessible file share (nfs, webdav, smb, β¦) is opened, or an additional vulnerability in the opened applicationβs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Media is too big
VIEW IN TELEGRAM
Where's the native code? (In Android) - Laurie Wired
In this video we look at what is native code in terms of Android and the Android OS. How can we recognize it in an APK if it's being used?
Timestamps:
0:00 Intro
0:44 What is Native Code?
1:15 Processor Architectures
1:46 Opening Sample
2:14 Where do we look?
3:05 Shared Objects
4:15 Searching for Native Code Refs
5:40 Where does it get called?
7:30 Cross Refs
8:39 Recap
---
Software Links Mentioned in Video:
JADX: https://github.com/skylot/jadx
#Android #Code #APK
In this video we look at what is native code in terms of Android and the Android OS. How can we recognize it in an APK if it's being used?
Timestamps:
0:00 Intro
0:44 What is Native Code?
1:15 Processor Architectures
1:46 Opening Sample
2:14 Where do we look?
3:05 Shared Objects
4:15 Searching for Native Code Refs
5:40 Where does it get called?
7:30 Cross Refs
8:39 Recap
---
Software Links Mentioned in Video:
JADX: https://github.com/skylot/jadx
#Android #Code #APK