Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-13-2016, 10:37
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Reversing-Related Presentations and Material from BlackHat USA 2016

I spent a lot of time sifting through the THREE DAYS' worth of presentations of the BlackHat USA 2016 Speakers, to identify articles that would be useful to us as REVERSERS.

I hope the members of this forum would appreciate my efforts and find this collection that I sorted out, useful.

Quote:
Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits

PDF LINK :

https://www.blackhat.com/docs/us-16/materials/us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits.pdf


White-Paper LINK :

https://www.blackhat.com/docs/us-16/materials/us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits-wp.pdf



Quote:
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX:

PDF LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf

WhitePaper LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX-wp.pdf


Quote:
PINdemonium: A DBI-Based Generic Unpacker for Windows Executable :

PDF LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables.pdf

White-Paper LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables-wp.pdf

Quote:
The Art of Reverse Engineering Flash Exploits:

PDF LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits.pdf

White-Paper LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits-wp.pdf

Quote:
The Linux Kernel Hidden Inside Windows 10:


Initially known as "Project Astoria" and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it's back and improved in Windows 10 Anniversary Update ("Redstone"), under the guise of Bash Shell interoperability. This new kernel and related components can run 100% native, unmodified Linux binaries, meaning that NT can now execute Linux system calls, schedule thread groups, fork processes, and access the VDSO!

As it's implemented using a full-blown, built-in, loaded-by-default, Ring 0 driver with kernel privileges, this not a mere wrapper library or user-mode system call converter like the POSIX subsystem of yore.

LINK:
https://www.blackhat.com/us-16/briefings.html#the-linux-kernel-hidden-inside-windows-10

Quote:
Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process:

PDF Link:
https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf

White-Paper Link:
https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process-wp.pdf
FULL LIST of briefings here (Not really recommended as they're too many) :

https://www.blackhat.com/us-16/briefings.html


Please click THANKS if you appreciate this post

Last edited by TechLord; 09-13-2016 at 10:42.
Reply With Quote
The Following 18 Users Say Thank You to TechLord For This Useful Post:
-=bb=- (09-14-2016), BiMode (09-13-2016), bolo2002 (09-13-2016), chants (09-13-2016), deepzero (09-13-2016), dreambuddy (09-15-2016), gsaralji (09-13-2016), Hypnz (09-13-2016), Mandriva (09-16-2016), Mkz (09-13-2016), Naides (09-13-2016), schrodyn (12-11-2016), Syoma (09-13-2016), Tomy73 (09-13-2016), tonyweb (09-13-2016), user_hidden (09-13-2016)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 22:52.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )