Application Security This Week for June 28

I was tempted to start making up dates. Like Junuary 54th.  But dark humor doesn't belong here.  Or does it.

 

Lots of talk recently about using Frida to hook methods in binary application, like native mobile apps and even windows apps. Here's an easy way to get started.

https://github.com/leonjza/frida-boot

 

Taking advantage of Bitdefender FROM A WEBSITE.  No I am not kidding.  I haven't tried this yet but wow.

https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/

 

This is a twitter thread I wish I had written.  The basics of application vulnerability analysis.

https://threadreaderapp.com/thread/1273052843012841472.html

 

We are back on the encryption discussion.  Let me make my own, personal, not endorsed by anyone, position very clear.  Anyone - ANYONE - can encrypt anything with two coins, a pencil, and a piece of paper.  These laws do NOTHING. Nothing at all. Please tell everyone.  If you have questions, please ask. If I don't know the answer, I know people who do.

https://news.bitcoin.com/lawful-access-to-encrypted-data-act-backdoor/

 

And finally: an amazing exploit getting RCE from PostgreSQL with only a little magic juice.

https://srcincite.io/blog/2020/06/26/sql-injection-double-uppercut-how-to-achieve-remote-code-execution-against-postgresql.html

 

Have a great week, everyone.

Comments are closed
Mastodon