Articles on Infosec

Last updated: 2022/11/29

Top deep-dives on Infosec

The State of State Machines

A lot of applications fundamentally run on a state machine. When you get to building more complex systems, issues in the state machines can become difficult to manage. In this article, Natalie Silvanovich explores some of the vulnerabilities in state machines that run messaging applications like Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.

The Fresh Smell of ransomed coffee

The popularity of IoT devices, like smart lights, smart homes, or smart coffee makers, has been growing substantially in recent years. These devices can be fun to use (or frustrating), and convenient, but when they're not very well secured. In this instructional article, Martin Hron presents how he hacked his way into a popular smart coffee maker be reverse engineering and modifying its firmware. Martin covers all the important, and subtle points, making this a very well fleshed out article packed full of information.

New browser-tracking hack works even when you flush caches or go incognito

Pretty interesting article by Dan Goodin on how favicons can be used to get around restrictions on cookies to track users in most major browsers.

What all Developers need to know about: Reverse Tabnabbing

Now you guys know I try to only have the newest content, but you also know I occasionally make exceptions to the rule. Well this is one of them, because honestly, I care about security and keeping people informed about it on the web. In this article, Martijn van Lambalgen explains how malicious parties can trick web users when opening a new link, how to prevent it as a developer, and the performance costs of doing so.

The different types of cross-site scripting (XSS)

Following along on the topic of security, in this article Omkar Hiremath describes what cross-site scripting is, how it's used in real life, and three different types of XSS attacks including reflected, stored, and DOM-based.

Breaking The Browser – A tale of IPC, credentials and backdoors

In the theme of the intro, this post is about browser security, and specifically, Chrome on Windows. In this article, Dylan does a deep dive into how he was able to inject function hook into the Chrome network service to read in plain text all data that was passed to the SSL function. Dylan then takes this a step further, reading all data that is passed between Chrome services.

Local File Inclusions, explained

The Insane Innovation of TI Calculator Hobbyists

Nothing more nostalgic of highschool math for me than the clunky body of a TI graphing calculator and the fun that could be had with it. In this justifiably extensive article, George Hilliard breaks down the iconic TI-84 and explores everything it was never meant to do.

New campaign targeting security researchers

More security related than programming, but this in this article, Adam Weidemann brings to light how a "government-backed entity based in North Korea" is up to some shady shenanigans, in an attempt to build credibility with the CompSec community. Stay vigilant, stay safe.

Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228)

Pretty big news about the Log4Shell vulnerability, mostly because it's so prevalent. If you haven't heard it, check out this article by Free Wortley, Forrest Allison, and Chris Thompson that aims to inform you on trusted sources for information regarding the exploit and how to determine if you're affected/mitigate the issue if you are.

How Democracies Spy on Their Citizens

Ok as a heads up, this article is definitely not super technical, but it is a deep-dive into some areas related to articles I featured before. Plus it's just a fascinating story. Ronan Farrow presents how governments purchase and use spyware from groups like the NSO.

A Look at iMessage in iOS 14

Why all of the security articles lately? Don't know, just been feeling them. In this one, Samuel Groß summarizes the fruits of reverse engineering iOS 14 to look for any signs of previous vulnerabilities to "memory corruption based 0-click exploits".

A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3)

New ransomware is released into the wild constantly, although a lot of it can be grouped into "family" structures, due to shared commonalities. In this extensive article, as the title suggests, the author undertakes a very detailed analysis of a specific set of ransomware that was "responsible for the Colonial Pipeline attack on May 7 2021". It's very thorough.

Yes, fun browser extensions can have vulnerabilities too!

I'm always cautious about adding browser extensions because it feels like I'm always giving them too much data or control. Well in this article, Wladimir Palant presents a cross-site scripting vulnerability in a seemingly harmless, popular browser extension.

IoT Hacking and Rickrolling My High School District

I don't know if you ever messed with your school's computer system, but I doubt it was to this extent. In this article, the author describes how they and a group of people broke into their school district's network and commenced a mass Rick Rolling.

Implicit Overflow Considered Harmful (and how to fix it)

We've had a couple of articles that presented security issues as result of integer overflow. None of them really looked at this issue as a whole across multiple languages. In this informative article, the author explores why multiple integer types are necessary and how they're handled in different languages, and then presents their own solution.

Finding Number Related Memory Corruption Vulns

"The root cause of many vulnerabilities are from the mishandling of numbers". Understandably so; how many of you actively think about the vulnerabilities of your code as you write it (excluding the high level topics like user sessions, etc)? Maxwell Dulin's article explores the different issues that might arise from using numbers in C, how you can spot them before they become truly costly.

DoomPhone

The first article of two about running stuff where it wasn't mean to be running, in this article Neil Bostian describes the five year journey it took to get DOOM running on a Polycom VXX600 telephone. Why? Because he could.

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

Security researcher Alex Ilgayev gives a brief background on Github Actions, then dives into the juicy details of how they can exploited.

This bug doesn’t exist on x86: Exploiting an ARM-only race condition

You wanna buy some hack? No? Well you might want to read Stephen Tong's extensive article on a "real-world, modern binary exploitation" that is only relevant to ARM, and not x86 prcoessors. Why? Because it's interesting. Stephen breaks the lengthy article into three main sections; "walkthrough of the binary, and a peek into the mindset of a vulnerability researcher", "memory ordering, lock-free programming, and how this can lead to sneaky bugs", and "exploiting an object lifetime heap corruption bug. How to get arbitrary read and write and finally, a shell".

Breaking Down a Phishing Attempt

But Alex! This isn't a super technical topic! You violently scream at your screen as spittle flies from your mouth and your fist slams against the table. To be fair, Aaron Powell does go into the code behind the exploit, and I, dear reader, just want you to be informed on how sophisticated some of these malicious attempts can be.

Zooming in on Zero-click Exploits

Natalie Silvanovich describes two vulnerabilities she found while doing a security analysis of Zoom.

Earn $200K by fuzzing for a weekend: Part 1

Addison Crump presents how he wrote a smart fuzzer to find vulnerabilities in rBPF, which is extensively used by the Solana blockchain.

DirtyMoe: Worming Modules

Martin Chlumecký does a very thorough deep-dive on the DirtyMoe malware, including explaining what it is and how every part of it works.

Finding an Authorization Bypass on my Own Website

Maxwell Dulin carries out an SQL injection attack on his own site and shares what he found.

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

The NSO group has been in the news a lot recently, for many reasons (mostly political) which we won't get into. Something we can get into though is how a specific part of one of their exploits work. In this thorough article, Ian Beer & Samuel Groß uncover how the company used fake gifs to exploit iMessage.

Zloader 2: The Silent Night

Vladimir Martyanov does a deep dive into the technical workings of the Zloader 2 malware suite used to break into online banking accounts.

Racing against the clock -- hitting a tiny kernel race window

Jann Horn does a very deep and technical dive on exploiting a garbage collection race condition in the Linux kernel.

Using EM Waves to Detect Malware

The PDF for the research paper can be found in the 7th comment. I didn't link it directly because I found the comments to be fairly interesting on the website. In the paper Duy-Phuc Pham, Damien Marion, Mathieu Mastio, and Annelie Heuser present how electromagnetic wave patterns can be used to identify malware on IoT devices.

Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)

The lengths to which malicious actors go to in order to get remote code execution on a machine always facinate me. But I totally understand the drive; the rush must be like solving an extremely challenging puzzle. Fortunately David Wells isn't a malicious actor, and has his article depicts the attack vector, presents the penetration method, and walks through the process, giving us a taste of what it takes to crack into someone's server via a service like "ManageEngine ServiceDesk Plus".

A Framework for Adversarially Robust Streaming Algorithms [pdf]

Omri Ben-Eliezer, Rajesh Jayaram, David P. Woodruff, and Eylon Yogev present methods for making streaming algorithms robust against an adversary who can observe and manipulate the stream itself.

5 RCEs in npm for $15,000

npm (the JavaScript package manager) is notorious for its bloat, having packages along the line of "is_false" to check the titular condition. There is also another thing npm is notorious for, weak security. In this report-esque article, Robert Chen presents six vulnerabilities found in npm, why they are vulnerabilities, and patches to help fix them.

Understanding Network Access in Windows AppContainers

Often times the firewall might be the only thing between you and the big bad web. It's especially essential in Windows, the OS for which the most malicious code exists (by far). James Forshaw's spanning article dives explores the ins and outs of the Windows firewall, starting with a primer on its architecture, continuing onto rules, spelunking into configurations, and concluding with AppContainer network restrictions.

A technical analysis of Pegasus for Android - Part 1

CyberMasterV wrote a series of articles as a technical deep-dive on the Pegasus spyware.
Some highlights:

  • The Pegasus spyware was developed by the NSO group and analyzed by Amnesty International and CitizenLab
  • The spyware is pretty noisy and logs messages using the Log.i method
  • It logs messages from Facebook, Kakao, Skype, Twitter, Viber, Gmail, Android native email, Android native browser, and the default calendar

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

Connor McGarr goes on a very deep technical dive on the topic of exploiting VMs.

FORCEDENTRY: Sandbox Escape

Ian Beer and Samuel Groß dive into the technical workings of the second stage of NSO's iMessage exploit that allowed them escape the IMTranscoderAgent sandbox.

Introduction to Firmware Analysis of a Reolink IP Camera

In this series, Serhack (literally) picks apart an IP camera and goes through all of the internals, from hardware to software.
Some highlights:

  • Analyzing firmware takes a lot of time
  • The internet of things brings a lot of new challenges to embedded software designing
  • Most embedded operating systems use U-Boot

Look out! Divergent representations are everywhere

Andreas Kellas shows how a signed integer overflow in certain versions of SQLite can enable arbitrary code execution and result in a denial of service.
Some highlights:

  • The compiler’s representation of an important integer variable is semantically different in different parts of the program, called "divergent representations"
  • This can lead to inconsistent interpretations of the variable when it overflows
  • Andreas used binary and source code analyses to find more divergent representations in existing open-source codebases

Improving MBA Deobfuscation using Equality Saturation

Matteo Favar and Tim Blazytko extensively cover methods and techniques for de-obfuscating malicious code.

POSIX hardlink heartache

Michael Orlitzky illuminates how hardlinks on UNIX systems can be exploited.


Want to see more in-depth content?

subscribe to my newsletter!

Other Articles