drcov is a DynamoRIO-based tool that collects coverage information from a
binary. There are many useful tools, such as Lighthouse that
make use of the drcov file format. This format is not strictly exclusive to
drcov. Any DBI tool or framework can be used to collect the neccessar…
Read more...
A flaw in the JWT implementation of Apache Mesos resulted in a timing attack
vulnerability.
Affected Versions
Apache Mesos 1.4.0 to 1.6.0 are affected. The unsupported Apache Mesos
pre-1.4.0 releases may be also affected.
Description
Apache Mesos can be configured to require …
Read more...
When developing exploits, especially heap exploits, the glibc version the
binary is linked against will affect the specific offsets that is used in the
exploit code. Efforts like the libc-database help by making it
easy to look up memory addresses from a specific libc. However, i…
Read more...
Token Binding is a protocol that has been a subject of some debate recently
due to Chrome's Intent to Remove message for the feature.
We shall take a look at how Token Binding works as well as the arguments for
and against the protocol.
What problem does Token Binding aim to solv…
Read more...
Note: A more complete writeup on Kony was published at Analyzing Kony Mobile
Applications
What is Kony?
Kony is a mobile app development platform that allows a developer to build
mobile applications in HTML5 and JavaScript that can be built for different
platforms like iOS and …
Read more...