Java Deserialization — From Discovery to Reverse Shell on Limited Environments

( Original text by By Ahmed Sherif & Francesco Soncina ) n this article, we are going to show you our journey of exploiting the Insecure Deserialization vulnerability and we will take WebGoat 8 deserialization challenge (deployed on Docker) as an example. The challenge can be solved by just executing sleepfor 5 seconds. However, we are going to move further for fun and try to […]

Read More

Undetectable C# & C++ Reverse Shells

Index Attacks list: Open a simple reverse shell on a target machine using C# code and bypassing AV solutions. Open a reverse shell with a little bit of persistence on a target machine using C++ code and bypassing AV solutions. Open C# Reverse Shell via Internet using Proxy Credentials. Open Reverse Shell via C# on-the-fly compiling […]

Read More

Analyzing the iOS 12 kernelcache’s tagged pointers

by Brandon Azad June 20, 2018 Not long after the iOS 12 developer beta was released, I started analyzing the new kernelcaches in IDA to look for interesting changes. I immediately noticed that ida_kernelcache, my kernelcache analysis toolkit, was failing on the iPhone 6 Plus kernelcache: it appeared that certain segments, notably the prelink segments like __PRELINK_TEXT, were empty. […]

Read More