Thank you for visiting my channel. This channel is all about security, with a focus on topics such as fuzzing, reverse engineering, exploits, and vulnerabilities analysis. I started this channel out of boredom during the COVID-19 pandemic, and it has been a great learning experience for me. I hope that you will enjoy the content on this channel and find it useful.
If you like what you see, please like and subscribe my channel to stay up-to-date with the latest content.
In addition to general security topics, I also have a playlist on fuzzing techniques such as AFL, WinAFL, HonggFuzz, and Libfuzzer. Check it out here: ru-vid.com/group/PLHGgqcJIME5kYhOSdJjvtVS4b4_OXDqM-
Please note that the views expressed on this channel and in my videos are my own and do not represent those of my employer
You can follow us on twitter: twitter.com/fuzzing_in You can visit our website here: fuzzing.in
Can you please tell me , wat will the BaseURL here ? Unfortunately I need to give yaml path for nuclei cmd . So I have downloaded the yaml file I need to replace the {{BaseURL}} with the url .
The stages involved in resolving issues related to CVE-2023-0286 include identification of the vulnerability, assignment of a CVE ID by a CNA, analysis by the NVD, modification and reanalysis of the vulnerability, and awaiting further changes to the information provided. The CVE Assignment Team and CNAs play a crucial role in assigning CVE IDs and ensuring the guidelines for the process are strictly followed.
The stages of vulnerability assessment for addressing issues related to CVE-2024-21413, impacting Microsoft Outlook, enabling unauthenticated attackers to execute remote code, include: 1. Identification of the vulnerability in Microsoft Outlook. 2. Assessment of the impact and severity of the vulnerability (CVSS Score: 9.8). 3. Understanding how the vulnerability bypasses the protected view settings of Office documents. 4. Developing and testing a fix to address the vulnerability. 5. Applying updates per Microsoft's instructions to mitigate the risk of exploitation. 6. Monitoring for any further developments or advisories related to the vulnerability.
I tried to host the file using samba and tried to run the responder at the same time on my Kali machine, it does not work [+] Listening for events... [!] Error starting TCP server on port 445, check permissions or other servers running. [!] Error starting TCP server on port 139, check permissions or other servers running. but when I stoped smbd it worked. How to enable the smb share and responder both, however I am able to capture the hash after stoping the samba. Also can you please create a video for RCE and zero click for this?
@@MrHardik05 Thanks! The message I sent just now seems to have disappeared. I don't know why, so I will post a new one. I created a win10 virtual machine with vmware, below is the output of windbg kd> !bdump_full "E:\\fuzz_result" [bdump] creating dir... [bdump] saving regs... [bdump] register fixups... [bdump] don't know how to get mxcsr_mask or fpop, setting mxcsr_mask to 0xffbf and fpop to zero... [bdump] [bdump] don't know how to get avx registers, skipping... [bdump] [bdump] tr.base is not canonical... [bdump] old tr.base: 0x5d69c000 [bdump] new tr.base: 0xfffff8025d69c000 [bdump] [bdump] rip and gs don't match kernel/user, swapping... [bdump] rip: 0x7ff75ac53bf9 [bdump] new gs.base: 0xd99d790000 [bdump] new kernel_gs_base: 0xfffff802553ac000 [bdump] [bdump] non-zero IRQL in usermode, resetting to zero... [bdump] saving mem, get a coffee or have a smoke, this will probably take around 10-15 minutes... [bdump] Creating E:\fuzz_result\mem.dmp - Full kernel dump [bdump] 0% written. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] ValidateSequenceNumber: Sequence number too far ahead for validation. [bdump] Wrote 145.6 MB in 54 sec. [bdump] The average transfer rate was 2.7 MB/s. [bdump] Wrote 14 pages of 0xdeadfeed into this dump file for memory that could not be [bdump] read successfully by the kernel memory manager. The kernel memory manager can [bdump] not read pages that have a held page lock, are on the failed memory page list, [bdump] or which have been hot removed from the system. [bdump] Done! @$bdump_full("E:\\fuzz_result") I want to ask, have you ever encountered this kind of problem? I'm not sure if there is a problem with my windbg, or do I have to use a hyper-v virtual machine?
@@MrHardik05 I recreated the virtual machine with hyper-v and everything works fine. I suspect there is something wrong with the communication process between windbg and vmware. . .
@@MrHardik05 Should it be fixed to match the size of the buffer allocated in your program before the snapshot? We are speaking about the buffer size in InsertTestCase right
Sir, I have an doubt in creating seed file for program. Suppose program under fuzz need to input three keyboard input(one integer, then a string). How can I create seed file for program?. Is in seed file I need to enter values with space is sufficient(eg. "4 fuzz") is sufficient?
Can you explain how did you compile the binary? Like did you use ASan / UBSan while compiling the binary? I am not getting any crashes seems that it's not able to fuzz properly.
Sorry for asking a question here 😅...my question doesn't match with other technical videos ... That's why What do you recommend a beginner to learn first? Should a beginner start their journey by learning assembly .. or someone just go with the flow and learn assembly while doing vulnerability researche/exploit development... ? This space seems quite difficult 😅... Hard to guess what one should start learning first ... Also Any recommended books for beginners ?