Nuclei-Templates-Labs : A Hands-On Security Testing Playground
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to practice vulnerability detection and exploitation in a controlled environment. Developed by ProjectDiscovery, this resource combines containerized vulnerable setups with prebuilt Nuclei templates to provide a safe and practical platform for exploring real-world vulnerabilities. Key Features Controlled Testing EnvironmentsLabs are containerized using Docker, ensuring isolation and safety...
SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to escalate privileges and move laterally across networks. These tools exemplify the evolving sophistication of credential theft techniques in cybersecurity. SSH-Stealer: Smart Keylogging For SSH Credentials SSH-Stealer focuses on capturing SSH login details, including passwords and private keys, through smart keylogging. Unlike traditional keyloggers, it employs advanced...
ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable logic into complex state-driven structures. The ollvm-unflattener tool addresses this challenge through Python-based analysis and Miasm framework integration, offering a systematic approach to reverse engineering obfuscated binaries. This tool specializes in reconstructing original control flow graphs (CFGs) by: Symbolic execution of flattened functions using Miasm's engine State...
Cybersecurity – Tools And Their Function
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious threats. These tools are designed to address specific security challenges, ranging from monitoring network activity to identifying vulnerabilities. Below is an overview of key cybersecurity tools and their functions: 1. Network Security Monitoring Tools These tools provide real-time insights into network activity, helping organizations detect and...
MODeflattener – Miasm’s OLLVM Deflattener
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static analysis techniques. Developed using Miasm's intermediate representation capabilities, it systematically reconstructs the original program logic from obfuscated binaries by analyzing and patching key structural components. Core Functionality Control Flow DeobfuscationThe tool identifies two critical components in flattened functions: Pre-dispatcher: Located by analyzing block predecessors (the block with...
My Awesome List : Tools And Their Functions
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains such as cybersecurity, programming, reverse engineering, and more. Below is an overview of some notable tools and their functions: Networking Tools Wireshark: A powerful network protocol analyzer used for troubleshooting, analysis, and development of communication protocols. tcpdump: A command-line packet analyzer for capturing and inspecting network traffic. Nmap:...
Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary code by exploiting improper side-effect modeling in TurboFan’s JSCreateObject operation. This analysis highlights the tools and methodologies used to exploit this vulnerability. 1. Environment Setup And Debugging Tools V8’s d8 Shell: The exploit relied on Chrome’s d8 debug shell to test JavaScript snippets, inspect object memory...
Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides foundational insights into browser internals and tools critical for analyzing JavaScript engine behavior. Below is a detailed overview of key tools and their functions in V8 research: 1. Debugging Tools (d8 and %DebugPrint) The d8 developer shell is V8’s debugging interface, enabling researchers to execute JavaScript...
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on a suite of specialized tools to analyze and weaponize the flaw. This vulnerability stemmed from improper side-effect modeling in TurboFan’s JSCreateObject operation, allowing attackers to corrupt memory via redundancy elimination during JIT compilation. Below are key tools and techniques used in its exploitation: 1. d8...
Full Spectrum Event Tracing For Windows Detection In The kernel Against Rootkits
Sanctum EDR demonstrates a multi-layered approach to detecting and preventing Event Tracing for Windows (ETW) tampering by rootkits, combining kernel-mode monitoring with user-space protections. This toolkit focuses on neutralizing advanced techniques used by malware like Remcos RAT and Lazarus Group's FudModule rootkit to blind security solutions. Key Functions Kernel Dispatch Table MonitoringSanctum's driver periodically validates the integrity of the ETW Kernel...
