cybersecurity4 Full-Chain Attacks: A Look at Baseband Vulnerability Exploits - 1 we have introduced our latest research into full-chain baseband exploits. We have showcased new research tools (our nanoMIPS decompiler, debugger, and emulator for Mediatek basebands) and explored the interconnected components across the Cellular Processor and the Application Processor of Samsung and Mediatek radio interface stacks. The most serious of vulnerabilities in these interfaces can lea.. 2024. 3. 25. Exploring the Impact of 0-Day Exploitation in Qualcomm MSM Linux Kernel and ARM Mali GPU Overview This article focuses on five kernel vulnerabilities in Snapdragon chipsets and ARM Mali GPUs. ARM Mali GPU, these vulnerabilities have been reported to CISA KEV (Known Exploited Vulnerabilities Directory). It is understood that all vulnerabilities have been exploited in the wild. The details of the vulnerability exploitation have not yet been publicly disclosed. Various vendors have iss.. 2024. 3. 24. SolarWinds Security Event Manager AMF deserialization RCE - CVE-2024-0692 Introduction I was scrolling through Twitter a few days ago and saw that ZDI posted a notice about SolarWinds Security Event Manager AMF deserialization RCE, so I prepared to do a brief analysis: https://www.zerodayinitiative.com/advisories/ZDI-24-215/ https://www.solarwinds.com/security-event-manager First, let’s talk about the process of getting the source code. The installation package of thi.. 2024. 3. 22. Unveiling the Secrets of XSS Bypass: Harnessing JavaScript Symbols for Code Execution Preface I have been looking at Intigriti, yeswehack, HackerOne and Bugcrowd bounty platforms recently. It is really uncomfortable to bypass WAF. I will record the bypass scenario. Preliminary testing When I first tried XSS, I found that the user's input is displayed in the title. Generally speaking, it is to see if it can be closed. As the picture below shows, it is converted into an entity afte.. 2024. 3. 22. 이전 1 다음
