Clik here to view.
Rooting the Samsung Infuse 4G
I received a Samsung Infuse 4G this year for Christmas, and one of the first questions I had was how to let this bad boy run free. Doing a little searching around, it looked like the device was...
View ArticleClik here to view.
Anatomy of a SCADA Exploit: Part 1 – From Overflow to EIP
Introduction On November 29, 2011, Luigi Auriemma published a security advisory containing multiple vulnerabilities in the 3S CoDeSys Automation Suite. Like much of the other software Auriemma has...
View ArticleClik here to view.
DEF CON 20 Presentation
By the way, I will be presenting “Owning the Network: Adventures in Router Rootkits” this Sunday, 12 noon at DEF CON 20. If you enjoy ownage, networks, adventures, routers, and rootkits, this talk is...
View ArticleClik here to view.
Anatomy of a SCADA Exploit: Part 2 – From EIP to Shell
Last post, we identified a stack-based overflow in 3S CoDeSys CmpWebServer and traced the steps necessary to obtain control over EIP. In order to do so, we needed to first circumvent stack cookies,...
View ArticleClik here to view.
MIT/LL CTF Writeup (Ticket Server)
This past weekend, I led team ” ” in the 2012 MIT Lincoln Lab CTF where we captured the flag for being the most offensive team, specifically, performing the most unique compromises of team + service....
View ArticleClik here to view.
Suterusu Rootkit: Inline Kernel Function Hooking on x86 and ARM
Table of Contents Introduction Function Hooking in Suterusu Function Hooking on x86 Write Protection Function Hooking on ARM Instruction Caching Pros and Cons of Inline Hooking Hiding Processes, Files,...
View ArticleClik here to view.
Summercon 2013: Hacking the Withings WS-30
This past weekend I presented Weighing in on Issues with “Cloud Scale” at Summercon 2013 (the title is totally a joke, btw). In the presentation, I talked about my experience reverse engineering and...
View ArticleClik here to view.
CSAW CTF 2013 Kernel Exploitation Challenge
Table of Contents Introduction Understanding the Code Tracing the Vulnerable Code Path Leveraging the Vulnerability Circumventing Additional Obstacles Achieving Local Privilege Escalation Exploit Proof...
View ArticleClik here to view.
Reverse Engineering a Furby
Table of Contents Introduction About the Device Inter-Device Communication Reversing the Android App Reversing the Hardware Dumping the EEPROM Decapping Proprietary Chips SEM Imaging of Decapped Chips...
View Article
