Pwn2Own Automotive: Popping the CHARX SEC-3100 Our previous post explored some of the bugs we discovered in the CHARX SEC-3100 ControllerAgent... 2024-7-24 18:0:0 | 阅读: 5 | 收藏 | RET2 Systems Blog - blog.ret2.io aslr 2nd destructor vtable bss

Pwn2Own Automotive: CHARX Vulnerability Discovery The first Pwn2Own Automotive introduced an interesting category of targets: electric vehicle ch... 2024-7-17 18:0:0 | 阅读: 8 | 收藏 | RET2 Systems Blog - blog.ret2.io amlen outer charx homeplug amdata

JTAG ‘Hacking’ the Original Xbox in 2023 Released in November 2001, the original Xbox was Microsoft’s first venture into the game consol... 2023-8-9 18:24:44 | 阅读: 7 | 收藏 | RET2 Systems Blog - blog.ret2.io jtag interposer hardware debugger pentium

The LDT, a Perfect Home for All Your Kernel Payloads With the broad adoption of Kernel Address Space Layout Randomization (KASLR) by modern systems,... 2022-8-17 18:0:0 | 阅读: 9 | 收藏 | blog.ret2.io ldt dblmap acc descriptors userspace

Exploiting Intel Graphics Kernel Extensions on macOS To escape the Safari sandbox for our Pwn2Own 2021 submission, we exploited a vulnerability in t... 2022-6-29 18:0:0 | 阅读: 11 | 收藏 | blog.ret2.io memory userspace msgh ikm descriptors

Exploiting an Unbounded memcpy in Parallels Desktop This post details the development of a guest-to-host virtualization escape for Parallels Deskto... 2022-5-19 17:30:0 | 阅读: 15 | 收藏 | blog.ret2.io toolgate prl qtcore qbytearray buffers

What’s New in Tenet v0.2 Tenet is an IDA Pro plugin which enables reverse engineers to explore execution traces of nativ... 2021-09-14 20:15:00 | 阅读: 17 | 收藏 | blog.ret2.io tenet breakpoints traces memory regions

Snapcraft Packages Come With Extra Baggage Several months ago I found an issue (now CVE-2020-27348) with Ubuntu’s new package management... 2021-08-04 20:14:00 | 阅读: 25 | 收藏 | blog.ret2.io snap library snapcraft 796 openat

All Your Base Are [Still] Belong To Us Axel ‘0vercl0k’ Souchet recently open-sourced a promising new snapshot-based fuzzer. In his own... 2021-07-21 19:44:00 | 阅读: 108 | 收藏 | blog.ret2.io fuzzer bdump testcase tenet memory

The Oddest Place You Will Ever Find PAC The latest efforts to harden software against exploitable memory corruption vulnerabilities com... 2021-06-16 20:15:00 | 阅读: 80 | 收藏 | blog.ret2.io payload lr readuntil winner

32 bits, 32 gigs, 1 click… In this post we will examine a vulnerability in the WebAssembly subsystem of JavaScriptCore, th... 2021-06-02 19:00:00 | 阅读: 53 | 收藏 | blog.ret2.io llint i64 ws1 unreachable i32

Tenet: A Trace Explorer for Reverse Engineers Debugging is traditionally a tedious, monotonous endeavor. While some people love the archaeolo... 2021-04-20 19:44:00 | 阅读: 122 | 收藏 | blog.ret2.io tenet memory software traces breakpoints

Lucid: An Interactive Hex-Rays Microcode Explorer Recently, we blogged about the Hex-Rays microcode that powers the IDA Pro decompiler. We showed... 2020-09-11 20:15:00 | 阅读: 74 | 收藏 | blog.ret2.io microcode lucid rays decompiler development

7 Days to Lift: A Mission in Microcode Recently I came across a special binary that was compiled to run on a fixed, well-defined set o... 2020-07-22 20:30:00 | 阅读: 54 | 收藏 | blog.ret2.io microcode rays avx vxorps decompiler

What’s New in Lighthouse v0.9 Lighthouse is a powerful code coverage plugin for IDA Pro and Binary Ninja. As an extension of... 2020-04-29 20:30:00 | 阅读: 81 | 收藏 | blog.ret2.io lighthouse python bugfix database

A Cryptocurrency Heist, Starring Your Web Browser Beneath the surface, the modern web is made possible only through a growing labryinth of techno... 2019-08-28 20:45:00 | 阅读: 72 | 收藏 | blog.ret2.io attacker sia sop malicious siacoin

In Transactional Memory, No One Can Hear You Scream Over the past several years, we have watched the Capture The Flag circuit mature in both comple... 2019-06-26 20:45:00 | 阅读: 62 | 收藏 | blog.ret2.io memory shellcode abort tsx

What’s New in Lighthouse v0.8 Lighthouse is an open source code coverage explorer designed for security professionals. This p... 2018-10-10 20:15:00 | 阅读: 66 | 收藏 | blog.ret2.io lighthouse tweaks database security

Scaling up Binary Exploitation Education The shortage of proficient cyber operators in a world now dependent on connectivity and informa... 2018-09-11 20:30:00 | 阅读: 61 | 收藏 | blog.ret2.io security software subjects wargames

Exploiting the macOS WindowServer for root As the sixth and final post of our Pwn2Own 2018 series, we document the long and twisted road o... 2018-08-28 20:30:00 | 阅读: 69 | 收藏 | blog.ret2.io hotkey dangling corruption