0xor0ne

@0xor0ne@infosec.exchange
1.8K Followers
142 Following
843 Posts
Cyber Security - Reverse Engineering - IoT/Embedded - Exploit - Linux kernel and Cats - PhD - My Toots, My Opinions
Twitterhttps://twitter.com/0xor0ne
GitHubhttps://github.com/0xor0ne

"My Emulation Goes to the Moon... Until False Flag" by Retooling

Exploring the re-implementation of APT41 Scatterbrain's obfuscation

https://retooling.io/blog/my-emulation-goes-to-the-moon-until-false-flag

#malware #cybersecurity

Beginners introduction to Fault Injection (voltage glitching) attacks (esp32)

https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/

#hardware #cybersecurity

Fault Injection - Down the Rabbit Hole - hn security

Intro This series of articles describes […]

hn security
ROPing our way to RCE

"CTF" challenge introducing Linux kernel exploitation

https://gum3t.xyz/posts/a-gau-hack-from-euskalhack/

#infosec #Linux

A "Gau-Hack" from EuskalHack

A "Gau-Hack" from EuskalHack

gum3t

Bypass Linux kernel isolation technique using BPF infrastructure

https://cs.brown.edu/~vpk/papers/epf.atc23.pdf

#Linux #cybersecurity

KernelSnitch: Generic software side-channel attack targeting Linux kernel data structures

https://lukasmaar.github.io/papers/ndss25-kernelsnitch.pdf

#infosec #Linux

PUMAKIT malware analysis (dropper, memory-resident executables, LKM rootkit module and a shared object userland rootkit)

https://www.elastic.co/security-labs/declawing-pumakit

#infosec #malware

Declawing PUMAKIT — Elastic Security Labs

PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.

Analysis of capabilities and communication channels used by IOCONTROL IoT/OT malware

https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol

#cybsersecurity

Inside a New OT/IoT Cyberweapon: IOCONTROL

Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.

Claroty