Notes on compiling the Android Kernel for AVD

Recently, I needed to compile a custom Android kernel for a research project that required a newer kernel version (as well as a few kernel configs) than what was available from the standard Android emulator images. It took a while for me to get things working properly so here are…
Read more...

CVE-2018-11793: Apache Mesos Denial of Service Vulnerability

A vulnerability in the JSON parser used by Apache Mesos allows a remote attacker to cause a crash in any Mesos component that parses JSON. The impact of this bug is most likely denial-of-service against Apache Mesos but may result in remote code execution in some circumstances. A…
Read more...

Experiments with Frida and WebAssembly

Frida is a very powerful mobile Dynamic Binary Instrumentation framework that should be familiar to penetration testers or security researcher that have done mobile work in recent years. Frida works by injecting a JS engine into the instrumented process and is typically controlle…
Read more...

Container Runtimes

In 2018, there have been a bunch of open source projects from various companies and communities that offer alternative container runtimes that claim to offer better container isolation. Most of them plug in to the standard container / Kubernetes ecosystem through the Open Contain…
Read more...

DrCov File Format

drcov is a DynamoRIO-based tool that collects coverage information from a binary. There are many useful tools, such as Lighthouse that make use of the drcov file format. This format is not strictly exclusive to drcov. Any DBI tool or framework can be used to collect the neccessar…
Read more...