Bypass 2 RCE: Apache HugeGraph Server
By Zeyad Azima IntroductionDuring my ongoing security research into Apache products, specifically focusing on Remote Code Execution (RCE) vulnerabilities, I discovered a fascinating and critical flaw in Apache HugeGraph Server’s latest version(1.5.0). This vulnerability represents a unique case where the same malicious payload that gets consistently blocke..
Read more
We are ARMed no more ROPpery Here
By Zeyad Azima IntroductionIn 2017, ARM introduced Pointer Authentication (PAC) as part of its ARMv8.3-A architecture updates. This groundbreaking solution aimed to tackle one of the most critical challenges in software security: memory corruption vulnerabilities. By leveraging cryptographic techniques, PAC made it significantly harder for attackers to tam..
Read more
ROPGadget: Writing a ROPDecoder
By Zeyad Azima IntroductionWelcome All!, In this blog post we will be talking about creating a ROPDecoder from scratch as many people face issues in understand the automated process of it. And note that you must know how to bypass DEP and what’s ROPGadgets, We wil be Starting from selecting our ROP Gadget, Going to encoding and decoding our shellcode manu..
Read more