Reverse Engineering

Recently I ran into a headache of Out-Of-Memory errors when using Binary Ninja. Specifically, this was in relation to dissassembling a Mach-O aarch64 binary from an iOS app grabbed from decrypt.

The popular social media app “TikTok” is likely facing an iminent ban in the United States in the coming days. This has resulted in a mass migration to the Chinese app 小红书 (meaning “little red book”), Xiaohongshu, or simply “REDnote”.

Recently I needed to get the data off of a LUKS encrypted partition on a Virtual Machine that “wasn’t mine” and I’d never done it before.

Recently Sift caught an interesting payload. As it turns out, the exploit was CVE-2024-0769, which is now tagged here: D-Link DIR-859 Information Disclosure Attempt .

For this last years Binary Golf Grand Prix the goal was to: Create the smallest self-replicating file. Requirements:

In order to see CVE-2023-50164 in the wild, I expect that in the coming weeks, we will see research into vendor and product specific implementations leveraging Apache Struts2 in order to determine exactly what path must be traversed to in order to drop a web shell so that it can be called remotely through a public interface over the defined routes.

At GreyNoise we work with network protocols. When a new vulnerability is published we are quick to jump into investigation mode and gather any and all resources we can find in order to write a tag and provide messaging to our customers and community.

This blog is far overdue and unfortunately isn’t really a “Part 1”. The truth is, I’ve poked around with Wi-Fi Direct for several months now with mild success and many dead-ends that resulted in learning a lot.

For this years Binary Golf Grand Prix I started off by learning to fuzz properly, use a debugger properly, and various tooling.

Where we last left off, I had done an initial reverse engineering pass of Windows Update Delivery Optimization see: DOing Harm.