One Weird Trick to Improve Bug Finding With ASAN
ASAN Primer If you're already an ASAN expert, feel free to skip to the next section. AddressSanitizer (ASAN) is an extremely useful tool in software testing, debugging, and security testing for finding memory safety issues in native applications. It's extremely straightforward to…
Reverse Engineering Yaesu FT-70D Firmware Encryption
Background Ham radios are a fun way of learning how the radio spectrum works, and more importantly: they're embedded devices that may run weird chips/firmware! I got curious how easy it'd be to hack my Yaesu FT-70D, so I started doing some research. The only existing resource I c…
Apple ImageIO Denial of Service
Last Updated: April 5, 2017 to address some incompleteness and errors. You can view the revision history here. Application Services is a framework in iOS and OS X which provides what's known as the Image I/O framework. ImageIO itself is a collection of utilities and data types f…
Finding a CSRF vulnerability in phpBB
The phpBB team released phpBB version 3.1.7-PL1 on Jan 11, 2016 which fixed a CSRF issue I found in the admin control panel BBCode creation form. Since BBCode is basically whitelisted HTML created by admins this CSRF vulnerability could allow an attacker to inject arbitrary HTML …
CVE-2016-1902: Symfony SecureRandom
Overview Recently the Symfony project published a security advisory to the SecureRandom class in their Security component that affects Symfony versions 2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8. On most sane systems there is no problem, but in the event that something goes wrong th…