Security Note

Contribute to wangtielei/POCs development by creating an account on GitHub.

We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write any app’s data, make use of per-app secrets and login tokens, change most system configuration, unenroll or bypass Mobile Device Management, and more. Our exploit involves no memory corruption, meaning it works unmodified on virtually any device running Android 9 or later, and persists across reboots.

First in our series of redteam tales where we show exploitation of an error-based XXE within a SOAP web service during a client engagement.

A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.

Official Lonami's website

Estimating the effort needed to re-implement the Wi-Fi driver

DEVCORE 研究組在 Pwn2Own Toronto 2022 白帽駭客競賽期間，在 MikroTik 的路由器產品中，發現了存在九年之久的 WAN 端弱點，透過串連 Canon printer 的弱點，DEVCORE 成為史上第一個在 Pwn2Own 賽事中成功挑戰 SOHO Smashup 項目的隊伍；最終 DEVCORE 在 Pwn2Own Toronto 2022 奪下冠軍，並獲頒破解大師（Master of Pwn）的稱號。

Final project for the MIT 6.8301 Computer Vision class

Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.