Articles on Infosec

Last updated: 2022/08/10

Top deep-dives on Infosec

The State of State Machines

A lot of applications fundamentally run on a state machine. When you get to building more complex systems, issues in the state machines can become difficult to manage. In this article, Natalie Silvanovich explores some of the vulnerabilities in state machines that run messaging applications like Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.

The Fresh Smell of ransomed coffee

The popularity of IoT devices, like smart lights, smart homes, or smart coffee makers, has been growing substantially in recent years. These devices can be fun to use (or frustrating), and convenient, but when they're not very well secured. In this instructional article, Martin Hron presents how he hacked his way into a popular smart coffee maker be reverse engineering and modifying its firmware. Martin covers all the important, and subtle points, making this a very well fleshed out article packed full of information.

New browser-tracking hack works even when you flush caches or go incognito

Pretty interesting article by Dan Goodin on how favicons can be used to get around restrictions on cookies to track users in most major browsers.

What all Developers need to know about: Reverse Tabnabbing

Now you guys know I try to only have the newest content, but you also know I occasionally make exceptions to the rule. Well this is one of them, because honestly, I care about security and keeping people informed about it on the web. In this article, Martijn van Lambalgen explains how malicious parties can trick web users when opening a new link, how to prevent it as a developer, and the performance costs of doing so.

Breaking The Browser – A tale of IPC, credentials and backdoors

In the theme of the intro, this post is about browser security, and specifically, Chrome on Windows. In this article, Dylan does a deep dive into how he was able to inject function hook into the Chrome network service to read in plain text all data that was passed to the SSL function. Dylan then takes this a step further, reading all data that is passed between Chrome services.

The Invisible JavaScript Backdoor

JavaScript is notorious for its lack of security, but I've never seen something like this before. In this concise article, Wolfgang Ettlinger demonstrates how an "invisible Unicode character hidden in JavaScript source code" can create a very difficult to spot backdoor in a simple express server.

The Insane Innovation of TI Calculator Hobbyists

Nothing more nostalgic of highschool math for me than the clunky body of a TI graphing calculator and the fun that could be had with it. In this justifiably extensive article, George Hilliard breaks down the iconic TI-84 and explores everything it was never meant to do.

New campaign targeting security researchers

More security related than programming, but this in this article, Adam Weidemann brings to light how a "government-backed entity based in North Korea" is up to some shady shenanigans, in an attempt to build credibility with the CompSec community. Stay vigilant, stay safe.

Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228)

Pretty big news about the Log4Shell vulnerability, mostly because it's so prevalent. If you haven't heard it, check out this article by Free Wortley, Forrest Allison, and Chris Thompson that aims to inform you on trusted sources for information regarding the exploit and how to determine if you're affected/mitigate the issue if you are.

How Democracies Spy on Their Citizens

Ok as a heads up, this article is definitely not super technical, but it is a deep-dive into some areas related to articles I featured before. Plus it's just a fascinating story. Ronan Farrow presents how governments purchase and use spyware from groups like the NSO.

A Look at iMessage in iOS 14

Why all of the security articles lately? Don't know, just been feeling them. In this one, Samuel Groß summarizes the fruits of reverse engineering iOS 14 to look for any signs of previous vulnerabilities to "memory corruption based 0-click exploits".

A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3)

New ransomware is released into the wild constantly, although a lot of it can be grouped into "family" structures, due to shared commonalities. In this extensive article, as the title suggests, the author undertakes a very detailed analysis of a specific set of ransomware that was "responsible for the Colonial Pipeline attack on May 7 2021". It's very thorough.

IoT Hacking and Rickrolling My High School District

I don't know if you ever messed with your school's computer system, but I doubt it was to this extent. In this article, the author describes how they and a group of people broke into their school district's network and commenced a mass Rick Rolling.

Implicit Overflow Considered Harmful (and how to fix it)

We've had a couple of articles that presented security issues as result of integer overflow. None of them really looked at this issue as a whole across multiple languages. In this informative article, the author explores why multiple integer types are necessary and how they're handled in different languages, and then presents their own solution.

How To Build an Evil Compiler

Akila Welihinda implements a compiler backdoor (Thompson attack ) using C++.

DoomPhone

The first article of two about running stuff where it wasn't mean to be running, in this article Neil Bostian describes the five year journey it took to get DOOM running on a Polycom VXX600 telephone. Why? Because he could.

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

Security researcher Alex Ilgayev gives a brief background on Github Actions, then dives into the juicy details of how they can exploited.

This bug doesn’t exist on x86: Exploiting an ARM-only race condition

You wanna buy some hack? No? Well you might want to read Stephen Tong's extensive article on a "real-world, modern binary exploitation" that is only relevant to ARM, and not x86 prcoessors. Why? Because it's interesting. Stephen breaks the lengthy article into three main sections; "walkthrough of the binary, and a peek into the mindset of a vulnerability researcher", "memory ordering, lock-free programming, and how this can lead to sneaky bugs", and "exploiting an object lifetime heap corruption bug. How to get arbitrary read and write and finally, a shell".

Breaking Down a Phishing Attempt

But Alex! This isn't a super technical topic! You violently scream at your screen as spittle flies from your mouth and your fist slams against the table. To be fair, Aaron Powell does go into the code behind the exploit, and I, dear reader, just want you to be informed on how sophisticated some of these malicious attempts can be.

Zooming in on Zero-click Exploits

Natalie Silvanovich describes two vulnerabilities she found while doing a security analysis of Zoom.

DirtyMoe: Worming Modules

Martin Chlumecký does a very thorough deep-dive on the DirtyMoe malware, including explaining what it is and how every part of it works.

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

The NSO group has been in the news a lot recently, for many reasons (mostly political) which we won't get into. Something we can get into though is how a specific part of one of their exploits work. In this thorough article, Ian Beer & Samuel Groß uncover how the company used fake gifs to exploit iMessage.

Using EM Waves to Detect Malware

The PDF for the research paper can be found in the 7th comment. I didn't link it directly because I found the comments to be fairly interesting on the website. In the paper Duy-Phuc Pham, Damien Marion, Mathieu Mastio, and Annelie Heuser present how electromagnetic wave patterns can be used to identify malware on IoT devices.

Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)

The lengths to which malicious actors go to in order to get remote code execution on a machine always facinate me. But I totally understand the drive; the rush must be like solving an extremely challenging puzzle. Fortunately David Wells isn't a malicious actor, and has his article depicts the attack vector, presents the penetration method, and walks through the process, giving us a taste of what it takes to crack into someone's server via a service like "ManageEngine ServiceDesk Plus".

A Framework for Adversarially Robust Streaming Algorithms [pdf]

Omri Ben-Eliezer, Rajesh Jayaram, David P. Woodruff, and Eylon Yogev present methods for making streaming algorithms robust against an adversary who can observe and manipulate the stream itself.

Understanding Network Access in Windows AppContainers

Often times the firewall might be the only thing between you and the big bad web. It's especially essential in Windows, the OS for which the most malicious code exists (by far). James Forshaw's spanning article dives explores the ins and outs of the Windows firewall, starting with a primer on its architecture, continuing onto rules, spelunking into configurations, and concluding with AppContainer network restrictions.

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

Connor McGarr goes on a very deep technical dive on the topic of exploiting VMs.

FORCEDENTRY: Sandbox Escape

Ian Beer and Samuel Groß dive into the technical workings of the second stage of NSO's iMessage exploit that allowed them escape the IMTranscoderAgent sandbox.

Party time: Injecting code into Teleparty extension

Wladimir Palant takes advantage of an older JQuery version to inject code into a popular browser extension.

Improving MBA Deobfuscation using Equality Saturation

Matteo Favar and Tim Blazytko extensively cover methods and techniques for de-obfuscating malicious code.


Want to see more in-depth content?

subscribe to my newsletter!

Other Articles