Follow me on twitter Follow @RedPacketSec and join the Telegram channel Its been about 2-weeks since we released Empire 3.4, and hopefully, everyone has had a chance to check out all the new features. Our team has put quite a few hours into development and we wanted to give an […]
Tutorials
51 posts
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Empire 3.4.0 is our next major release and is packed with one of the most advanced features to-date, Malleable C2. The Malleable C2 Listener gives control to operators to customize their beacons to match specific threats. It does this […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel While giving our talk at the DEF CON Red Team Village a couple of weeks ago, I previewed a PowerShell ScriptBlock logging obfuscation technique. I have been working on it (and a few other techniques) for a while and […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Over the weekend, we were setting up a virtual range for our upcoming class this weekend and was testing a mail server. I was connecting via telnet to the mail server when I realized it has been a while since I’ve had time to play […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Last month we taught our DEF CON 27 workshop, Introduction to Sandbox Evasion and AMSI Bypasses, as a webinar. It went really well, but the primary focus of the course was on delivering a primary agent to the target […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Anthony Rose | Jake Krasnov As part of the update to Empire that we pushed out today, the OneDrive listener has been fixed. This listener is really useful because it runs in Microsoft’s infrastructure, which makes it very difficult […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Vincent Rose | Jacob Krasnov | Anthony Rose Today we are excited to announce the release of Starkiller! Our multi-user GUI application for interfacing with the Empire C2 server from any computer. Starkiller represents a huge step forward for […]
Follow me on twitter Follow @RedPacketSec and join the Telegram channel Jacob Krasnov | Anthony Rose This blog is going to be the first entry in a series that goes over some of the fundamental concepts of Offensive Security. There are a lot of blog posts out there about all […]
Join the Telegram channel Introduction Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java representation of the application’s code. An attacker is basically able to read through a human-readable version of the code in order to quickly extract the intellectual […]
Join the Telegram channel Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse-engineering and vulnerability research Part 3: Vulnerability exploitation to reach code execution in EL3 on a Samsung device Introduction This article details different vulnerabilities affecting Secure World components in Samsung’s TrustZone and how […]
Join the Telegram channel As you may have read in our previous blog post, the release of Triton v0.8 came with a lot of features and improvements. Support for the ARMv7 architecture is amongst the main contributions of this new version. This blog post provides some extra details about how […]
Want to stay up to date? Join the Telegram channel here Introduction Fuchsia is a new operating system developed by Google, targeting the AArch64 and x86_64 architectures. While little is known about the purpose of this OS and where it will be used, it seems plausible that it aims at […]
Introduction Ansible [1] is an open-source software that automates configuration management and software deployment. If you’re not familiar with Ansible, we encourage you to read this introduction first [15]. Ansible works by connecting to the infrastructure machines (which can be a Windows or Linux OS) and uploading small pieces of […]
Context Quarkslab is one of the 10 ITSEF (Information Technology Security Evaluation Facility, CESTI in French) licensed by the ANSSI’s Centre de Certification National (CCN, French for National Certification Body) for performing CSPN (Certification de Sécurité de Premier Niveau, French for First Level Security Certification) evaluations in the software domain. […]
Introduction Embedded devices are a huge and wide world of options for CPU architectures, operating systems and file systems. You can find the combination you can think of. In this case, I’ll present a study about the TP-Link TL-WR543G. This old router I had at home came equipped with a […]
We are pleased to announce that we released Triton v0.8 under the terms of the Apache License 2.0 (same license as before). This new version provides bug fixes, features and improvements: the detailed list can be found on this Github page (there are about 297 changed files with 43,115 additions […]
How many times have you needed to use John The Ripper to do some password cracking but just not had whatever you needed, or for whatever reason wanted to use an online GPU? Well, now you can do this all thanks to Google Collab. Google Colab is a free cloud service […]
Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices [1]. This vulnerability had been known by MediaTek since April 2019 (10 months before being fixed), and allows a local attacker without privileges to read and write system memory, leading to privilege escalation. There is even […]
Introduction Welcome to the final chapter of the Trimedia series. In the first part of the series, I introduced this research project, showing the different steps I took in order to analyze the firmware and the hardware of the camera. Then, in the second part, I presented the Philips TriMedia […]
Introduction After detailing Samsung’s TrustZone implementation in the first part of this series, this blog post introduces the tools that we have developed to reverse engineer the system and find vulnerabilities more easily. Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse engineering and vulnerability […]
Motivations After a general introduction on the ARM TrustZone and a focus on Qualcomm’s implementation, this new series of articles will discuss and detail the implementation developed by Samsung and Trustonic. These blog posts are a follow up to the conference Breaking Samsung’s ARM TrustZone that was given at BlackHat […]