🎉Exploit Drop! 🎉

FOISted: a MikroTik remote jailbreak

Harrison Green exploits the two post-authentication vulnerabilities in MikroTik's RouterOS discussed in our REcon presentation. Works against 6.34 (2016) through 6.49.6 (latest v6 release). github.com/MarginResearch…

Clang isn't a toolsmith's compiler. PASTA tries to fix this by providing safe-to-use C++ and Python wrappers to the Clang AST. PASTA also answers questions that Clang can't, like how parsed tokens relate back to macro expansions and files. Learn more: blog.trailofbits.com/2023/07/28/the…

#Cartographer : A #Ghidra plugin for mapping out code coverage data. Aka #Lighthouse for Ghidra.

research.nccgroup.com/2023/07/20/too…

Get ready for #BHUSA with @Binarly_io! This year, we're taking the stage at Startup Village (Booth SC603) to unveil exciting product updates. Join us to discuss the threats lurking below the operating system. See you there!

📢 #LABScon23 keynote-day speaker announcement!

- Binarly's Alex Matrosov (Alex Matrosov) to present research into the potential use of speculative attacks against the System Management Mode (SMM) on AMD-based devices and the methodologies used in the investigation.…

The speculative execution bugs like #Zenbleed are not rare and break confidential computing by design. We have been working with device vendors for over a year to fix #FirmwareBleed /CVE-2022-38087.

Stay tuned for new AMD-specific REsearch at #LABScon23 !

binarly.io/advisories/BRL…

🎯You definitely should visit BINARLY🔬 at Startup Village (Booth SC603).

🚀We are releasing a new version of our Transparency Platform with some cool features to improve data insights and explainability to shortcut time to remediation of firmware-specific vulnerabilities.

I just posted an article called 'The Legacy of Stagefright' which explores the impact that the Stagefright vulnerabilities had on Android platform security: blog.isosceles.com/the-legacy-of-…

First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! lock.cmpxchg8b.com/zenbleed.html

My research on the thing I cannot talk about for another two weeks is nominated for the Pwnie Award 'Most Innovative Research'.

Dark Reading Pwnie Awards - Noms are closed!

darkreading.com/edge/meet-the-…

Edited maskray.me/blog/2021-03-1… 'Alignment directives' to describe the RVC state problem.

Another one confirmed to be a real issue too (arbitrary kernel-mode code exec under HVCI) :)

We released the Recon 2023 Video of Daniel Wegemer - Enabling Security Research On Qualcomm Wifi Chips youtube.com/watch?v=y1puT_…

⛓️Leaked MSI source code with Intel OEM keys: How does this affect industry-wide software supply chain?

🔬Our REsearch team deeply analyzed the recent Intel and MSI source code leaks to model the potential impact on the entire ecosystem.

💥New REsearch: binarly.io/posts/leaked_m…

Sharing another V8 Sandbox design document more widely: docs.google.com/document/d/1CP…
This one discusses how to protect code pointers - probably the most performance sensitive part touched by the sandbox - with (almost) no performance overhead.

UEFI signing and revocation challenges - hopefully forces us to improve UEFI SecureBoot. Each and every time a bootloader is introduced to a new environment, more checks than signing are likely necessary.

Go becomes the first language with native vulnerability management support, check out the GA launch for Govulncheck here - go.dev/blog/govulnche…

💥Visit Binarly at the #BHUSA Startup Village (Booth SC603) and score the entire collection of firmware implants for your devices!

Vulnerable signed UEFI apps have the same security impact on Secure Boot as bootloaders. If the app is not blacklisted in DBX in many cases it can be reused by attackers even after the fix

A good example BRLY-2021-003/CVE-2021-39297 in HP server devices.

binarly.io/advisories/BRL…

capa v6 released with 26 new rules, including: shellcode techniques, mailslot interaction, service manipulation, exchange plug-ins, and AMSI & ETW patching.

github.com/mandiant/capa/…