6 days agoARM 64 Assembly Series— Basic definitions and registersMain Definitions ARM is the acronym for Advanced RISC Machines and if it is not followed by a noun, it refers to a family of processors (CPUs) that are designed based on the architecture developed by Arm Ltd., a British company based in Cambridge, England. The RISC is another acronym which stands…Arm 646 min read
Jun 6The toddler’s introduction to Heap Exploitation, House of Lore(Part 4.5)Similarly to other heap exploitation attacks that we saw so far, the idea behind the House of Lore (HoL) is to trick malloc to return a pointer to a memory location which is controlled by the attacker. HoL (ab)uses the way that ptmalloc handles the small bin entries although the…5 min read
May 31Pending Intents: A Pentester’s viewFew days ago I came across an interesting case of vulnerability posted at the AndroidInfoSec’s facebook page. Since there are not many references on the specific subject I decided to take a short break from my heap exploitation series and cover this topic in a blog post. …Mobile Security6 min read
May 20The toddler’s introduction to Heap Exploitation, House of Spirit(Part 4.4)Please let me know, if I start to sound weird…. The Author House of Spirit The specific attack was initially introduced on October 11th 2005, on the bugtraq mailing list by Phantasmal Phantasmagoria, with the title The Malloc Maleficarum. The idea is very simple and got even simpler with the introduction of the…Heap Exploitation4 min read
May 7The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)Exploiting a heap overflow vulnerability is not always straightforward. Between else, the allocator imposes various checks during the chunk assignment/freeing process which require extra steps in order to achieve an exploitable result. In this post we assume that we have discovered such a vulnerability and we are going to explore…Heap Exploitation9 min read
Apr 13The toddler’s introduction to Heap Exploitation, FastBin Dup Consolidate (Part 4.2)In this post we are going to trigger a FastBin consolidation which we are going to combine with a double free vulnerability (dup) in order to return a pointer to an already allocated chunk. …Heap Exploitation4 min read
Apr 11The toddler’s introduction to Heap Exploitation, FastBin Dup to Stack (Part 4.1)While I’ve started these posts with a “stick to the basics” mindset, I always end up with a gap on every post, which is a fact that forces me to write some more. This is actually the 5th post on the same topic, but since it is closely related to…Heap Exploitation4 min read
Apr 6Dissecting the Escobar botThe com.escobar.pablo is yet another banking Trojan which, between else abuses the Android’s Accessibility Service (a11y in short) in order to take over the mobile device’s UI. …Bots6 min read
Mar 31The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)This post is part of a series of articles related to x64 Linux Binary Exploitation techniques. Following up from my previous posts, we’ve started by exploring simple stack corruption bugs and their mitigation techniques and gradually moved to more complex topics. …Use After Free9 min read
Mar 23The toddler’s introduction to Heap exploitation, Overflows (Part 3)In the previous parts (1, 2) we discussed about the heap structure and we tried to simplify these concepts using a real life example. …Heap Overflow9 min read