"r0 Crew (Channel)" — @R0_Crew Telegram-kanali

r0 Crew (Channel)

1 Jan, 03:01

Happy New Year! May every binary reveal its secrets, every challenge find its solution, and the Year of the Snake bring you stability, inspiration, and success!

1.4k 0 3 2 40

r0 Crew (Channel)

15 Nov 2024, 16:37

Complete list of LPE exploits for Windows (starting from 2023)

https://github.com/MzHmO/Exploit-Street

#windows #expdev #lpe

GitHub - MzHmO/Exploit-Street: Complete list of LPE exploits for Windows (starting from 2023)

Complete list of LPE exploits for Windows (starting from 2023) - MzHmO/Exploit-Street

5.4k 0 102 2 17

r0 Crew (Channel)

27 Sep 2024, 10:37

Attacking UNIX Systems via CUPS, Part I

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned around these CUPS issues.

CVSS 9.9

This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.

htt ps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

A s

eries of bugs in the CUPS printers discovery mechanism (cups-browsed) and in other components of the CUPS system, can be chained together to allow a remote attacker to automatically install a malicious printer (or hijack an existing one via mDNS) to execute arbitrary code on the target host as the lp user when a print job is sent to

it.

https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1

#linux #rce #printer

7.1k 0 58 4 26

r0 Crew (Channel)

26 Sep 2024, 10:37

0-Click exploit in MediaTek Wi-Fi chipsets affects routers and smartphones / Exploiting (CVE-2024-20017) 4 different ways

https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

#expdev #poc

4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

6k 0 66 12

r0 Crew (Channel)

3 Sep 2024, 13:58

Native function and Assembly Code Invocation

https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/

#reverse #idapro

Native function and Assembly Code Invocation - Check Point Research

Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases it is just possible to understand the function logic and reimplement it in a higher-level language, this is not always feasible, a...

9.7k 1 90 15

r0 Crew (Channel)

27 Aug 2024, 23:33

Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)

https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html

#expdev #poc

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6 – MalwareTech

Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser

6.1k 0 76 12

r0 Crew (Channel)

26 Aug 2024, 18:13

POC for trigerring CVE-2024-38063 (RCE in tcpip.sys)

https://github.com/ynwarcs/CVE-2024-38063

#expdev #poc

GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys)

poc for CVE-2024-38063 (RCE in tcpip.sys). Contribute to ynwarcs/CVE-2024-38063 development by creating an account on GitHub.

6.5k 1 94 12

r0 Crew (Channel)

23 Aug 2024, 16:59

C++ Unwind Exception Metadata: a Hidden Reverse Engineering Bonanza

https://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1

#reverse #cpp #type #reconstruction #hints

C++ Unwind Exception Metadata: A Hidden Reverse Engineering Bonanza — Möbius Strip Reverse Engineering

The worst part of reverse engineering C++ programs -- or really, any program that uses custom structure types with no definitions provided -- is that information about structures is often incomplete, sporadic, and isolated. Consider the following function:

5.3k 0 42 2 3

r0 Crew (Channel)

23 Aug 2024, 16:31

V8 Sandbox escape/bypass/violation and VR collection

https://github.com/xv0nfers/V8-sbx-bypass-collection

#v8 #sandbox #escape

GitHub - xv0nfers/V8-sbx-bypass-collection

Contribute to xv0nfers/V8-sbx-bypass-collection development by creating an account on GitHub.

4.4k 0 40 5

r0 Crew (Channel)

23 Aug 2024, 16:01

How to Bypass Golang SSL Verification

https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification

#golang #ssl #bypass #reverse #web #pentest

How to Bypass Golang SSL Verification

Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...

3.8k 0 32 6

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.

https://github.com/EgeBalci/sgn

#redteam #golang

GitHub - EgeBalci/sgn: Shikata ga nai (仕方がない) encoder ported into go with several improvements

Shikata ga nai (仕方がない) encoder ported into go with several improvements - EgeBalci/sgn

3.9k 0 60 5

r0 Crew (Channel)

21 Aug 2024, 14:35

Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically.

https://github.com/frkngksl/Shoggoth

#redteam

GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor

Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.

3.9k 0 69 12

r0 Crew (Channel)

20 Aug 2024, 13:48

LayeredSyscall – Abusing VEH to Bypass EDRs

https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs

#redteam #edr #hook #bypass

LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

4.4k 0 60 11

r0 Crew (Channel)

17 Aug 2024, 14:07

DJI - The ART of obfuscation

https://blog.quarkslab.com/dji-the-art-of-obfuscation.html

#reverse #mobile #android #obfuscation

DJI - The ART of obfuscation

Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.

5.8k 0 84 2 17

r0 Crew (Channel)

11 Aug 2024, 11:30

The installation package for IDA Pro 9.0 Beta 2 available without password.
https://out5.hex-rays.com/beta90_6ba923/

Forum for discussion:
https://forum.reverse4you.org/t/ida-pro-9-0-beta/20459

Chat for discussion:
https://t.me/r0_chat/1

#tools #reverse #idapro #windows #linux #macos

7.2k 0 138 8 32

r0 Crew (Channel)

25 Jul 2024, 22:41

Thread-Name Calling - A new process injection technique using Thread Name.

The code to be injected is passed as a thread description to the target.

https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/

#redteam #inject

Thread Name-Calling - using Thread Name for offense - Check Point Research

Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can ca...

7.1k 0 48 3 12

r0 Crew (Channel)

27 Jun 2024, 14:29

Keystone / Capstone Replacement

Nyxstone is a powerful assembly and disassembly library based on LLVM. It doesn’t require patches to the LLVM source tree and links against standard LLVM libraries available in most Linux distributions. Implemented as a C++ library, Nyxstone also offers Rust and Python bindings. It supports all official LLVM architectures and allows to configure architecture-specific target settings.

GitHub: https://github.com/emproof-com/nyxstone

Blog: https://www.emproof.com/introducing-nyxstone-an-llvm-based-disassembly-framework/

GitHub - emproof-com/nyxstone: Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com - emproof-com/nyxstone

7.7k 0 51 3 20

r0 Crew (Channel)

10 Jun 2024, 21:12

xVMP is an LLVM IR-based code virtualization tool, which fulfilled a scalable and virtualized instruction-hardened obfuscation. It supports multiple programming languages, and architectures. It is also compatible with existing LLVM IR-based obfuscation schemes (such as Obfuscator-LLVM).

xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.

https://github.com/GANGE666/xVMP

#virtualization #obfuscation #alekum

GitHub - GANGE666/xVMP

Contribute to GANGE666/xVMP development by creating an account on GitHub.

7.2k 0 76 3 13

r0 Crew (Channel)

17 Mar 2024, 16:08

Mergen converts Assembly code into LLVM IR, a process known as lifting. It leverages the LLVM optimization pipeline for code optimization and constructs control flow through pseudo-emulation of instructions. Unlike typical emulation, Mergen can handle unknown values, easing the detection of opaque branches and theoretically enabling exploration of multiple code branches.

These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.

https://github.com/NaC-L/Mergen

#llvm #lifting #vmprotect #tnaci

GitHub - NaC-L/Mergen: Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

Deobfuscation via optimization with usage of LLVM IR and parsing assembly. - NaC-L/Mergen

8.9k 0 67 6 38

r0 Crew (Channel)

8 Dec 2023, 00:58

Titan is a VMProtect devirtualizer

https://github.com/archercreat/titan

#tools #reverse #devirt #devirtualizer #vmp #protector

GitHub - archercreat/titan: Titan is a VMProtect devirtualizer

Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.

11.3k 0 115 1 37

Telegram Analytics

TGStat Bot

TGAlertsBot

SearcheeBot

r0 Crew (Channel)

Kanal geosi va tili

Toifa

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

9 163

Kanalda mashhur

Sayt tili

Telegram Analytics

TGStat Bot

TGAlertsBot

SearcheeBot

r0 Crew (Channel)

Kanal geosi va tili

Toifa

9 163

Kanalda mashhur