Category : security

I have a simple gRPC server / client implementation where I have setup the server to use grpc::SslServerCredentials Then I have a client that uses the credentials channel grpc::SslCredentials to connect to it successfully. But to my astonishment I can also connect using grpc::InsecureChannelCredentials to the secure server. I have probably misunderstood something so it ..

Read more

I was diving into memory vulnerabilities (C/C++) and I am interested in knowing what kind of vulnerabilities allow an arbitrary memory write (or read) without exploiting a buffer overflow (or overread). The ultimate goal would be to reach an arbitrary location (target) exploiting a memory vulnerability (source), without accessing the memory between the target and ..

Read more

We have implemented in our app all basic checks that allowed us to determinate if app running on rooted device, similar to: RootBeer – https://github.com/scottyab/rootbeer Meat-Grinder by Dmitry – https://github.com/DimaKoz/meat-grinder Isolated process by Darvin – https://github.com/darvincisec/DetectMagiskHide But this still not enough to detect Magisk. MagiskHide can bypass all RootBear and meat-grinder checks, also solution by ..

Read more

Environment: Windows 10 PowerShell 5.1 Problem: I need some kind of script that list users and it’s permission in the COM Security object computer wide ("Launch and Activation Permission" — Default permission) In GUI-way I can do it by running "DCOMCNFG –> Component Services –> Computers –> My Computer –> (right click) –> Permissions –> ..

Read more