Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices [1]. This vulnerability had been known by MediaTek since April 2019 (10 months before being fixed), and allows a local attacker without privileges to read and write system memory, leading to privilege escalation. There is even […]
Tutorials
34 posts
Introduction Welcome to the final chapter of the Trimedia series. In the first part of the series, I introduced this research project, showing the different steps I took in order to analyze the firmware and the hardware of the camera. Then, in the second part, I presented the Philips TriMedia […]
Introduction After detailing Samsung’s TrustZone implementation in the first part of this series, this blog post introduces the tools that we have developed to reverse engineer the system and find vulnerabilities more easily. Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse engineering and vulnerability […]
Motivations After a general introduction on the ARM TrustZone and a focus on Qualcomm’s implementation, this new series of articles will discuss and detail the implementation developed by Samsung and Trustonic. These blog posts are a follow up to the conference Breaking Samsung’s ARM TrustZone that was given at BlackHat […]
Introduction This blog post deals with the Legu packer, an Android protector developed by Tencent that is currently one of the state-of-the-art solutions to protect APK DEX files. The packer is updated frequently and this blog post focuses on versions 4.1.0.15 and 4.1.0.18. Overview An application protected with Legu is […]
Introduction Irma is our file security analysis software, originally developed as an open source project with the sponsorship of 5 major European organizations, it is now also one of Quarkslab’s commercial software products. Since our last post from February 2016, Irma evolved significantly. This post summarizes the major changes, the […]
Cobalt Strike is software for Adversary Simulations and Red Team Operations. What this means is, if you wanted to test your SOC capabilities or IR functions and see how well they do against someone mimicking an APT, this tools allows you to do that. With that said let’s move on. Load […]
TLDR: Canary tokens are not new but can help give you some Intel into your attackers, be it insider or external . If you’re not familiar with the idea of a canary as an early warning system, its origins lie in coal mining. Miners would carry a small bird […]
Increasing the TXpower above what is allowed in your country can be illegal. If you decide to make these changes to your system and use the wireless above the allowed legal limit, that is down to you and I will not be held responsible. This document is for educational research […]
I have a number of Kodi Media Centre running in different rooms around the house. Some are hooked up to surround sound and some are not. One of my media centres is hooked up to a projector with a rubbish tinny speaker. In the same room i have a google […]
So the OSCP journey is hard work, needs commitment, understanding from your wife and a try harder attitude (you will hate the words try harder and love them at the same time). To be able to pass the exam and earn the OSCP cert you will need to get enough points […]
Ok, so you have upgraded your Wi-Fi to a new shiney circular Ubiquiti device….and you are using PfSense too? Welcome to the club. Lets get started. There are multiple parts to get this all working so lets step through them. Few things to note:- I have setup the GUEST network […]
If like me you want to customise your Squid Proxy error page then , you have come to the correct place. Before we start, i have already setup transparent proxy on port 80 and WPAD to cover the HTTPS stuff. Go do that then come back, ( i can’t be […]
HatCloud is built in Ruby. It allows you to discover the real IP address of a host that is being hidden by CloudFlare. This can be useful if you need test your server and website. obviously it can also be used for malicious purposes, but hey so can a car! […]