Experiments with Frida and WebAssembly

Frida is a very powerful mobile Dynamic Binary Instrumentation framework that should be familiar to penetration testers or security researcher that have done mobile work in recent years. Frida works by injecting a JS engine into the instrumented process and is typically controlle…
Read more...

Container Runtimes

In 2018, there have been a bunch of open source projects from various companies and communities that offer alternative container runtimes that claim to offer better container isolation. Most of them plug in to the standard container / Kubernetes ecosystem through the Open Contain…
Read more...

DrCov File Format

drcov is a DynamoRIO-based tool that collects coverage information from a binary. There are many useful tools, such as Lighthouse that make use of the drcov file format. This format is not strictly exclusive to drcov. Any DBI tool or framework can be used to collect the neccessar…
Read more...

CVE-2018-8023: Timing attack on the JWT implementation of Apache Mesos

A flaw in the JWT implementation of Apache Mesos resulted in a timing attack vulnerability. Affected Versions Apache Mesos 1.4.0 to 1.6.0 are affected. The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description Apache Mesos can be configured to require …
Read more...

Using a non-system glibc

When developing exploits, especially heap exploits, the glibc version the binary is linked against will affect the specific offsets that is used in the exploit code. Efforts like the libc-database help by making it easy to look up memory addresses from a specific libc. However, i…
Read more...