ceax
@_ceax
embedded systems, ICS, IoT...
[Tool] Ghidralligator: Emulate and fuzz code running on various CPU architectures (ARM, MIPS, PPC, x86, Apple Silicon M1/M2...) Based on #GHIDRA (libsla C++). #AFLplusplus, snapshot fuzzing, code coverage, ASAN cyber.airbus.com/17300/ github.com/airbus-cyber/g… @HomardBoy
Last week, we presented our research on Intel Wi-Fi chips at @sstic. Our talk and our slides are now available: sstic.org/2022/presentat…. It features a demo of a DMA attack from the Wi-Fi chip! We also published our tools to interact with some Intel chips: github.com/Ledger-Donjon/…
We wanted to create snapshot fuzzing demo. We also like challenges. So we chose a browser as the target :) You can find out what can go wrong from our latest blog post: Fuzzy Snapshots of Firefox IPC -blog.silentsignal.eu/2021/10/14/fuz…
Super excited to release Unicorn2 beta to public! Important features: - Backward compatible with Unicorn 1.0.3 - Support latest instruction set of all existing archs - Add 2 new archs in PPC & RISCV - More optimization More info at unicorn-engine.org/Unicorn2-beta
Nicolas Delhaye @_Homeostasie_ & Flavian Dola @_ceax "Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs" 🎞️ youtu.be/9PGyOyJTbrE 📜 drive.google.com/file/d/1_N0GEy… (2.6MB) 💥 demos drive.google.com/file/d/1aDiPR-… (32.6MB)
Kudos to @_ceax & @_Homeostasie_ from @AirbusCyber for showing that #Stuxnet is still possible by "Exploiting New Vulnerabilities and Voodooing PLCs" [#RomHack2021]. You put impressive work into that. m.youtube.com/watch?t=19664&…
Remote Code Execution (RCE) on the ABB #ICS system: “System 800xA SoftController” (CVE-2020-24672). This vulnerability could allow attackers to take remote control of the ABB engineering station. Details by @_ceax & @_Homeostasie_ at 3:40pm: bit.ly/3hDHE6N
At #RomHack2021, @_ceax & @_Homeostasie_ will demonstrate how one can gain remote control over some industrial devices exploiting several new #CVEs they discovered. They will explain how to reproduce key stages of a #Stuxnet -like attack. Live stream ➡️ bit.ly/2XqWk1u
Happy to present with my workmate @_ceax our vulnerability research around #ICS at the #RomHack2021 conference on September 25th. 🙂 "Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs" ➡️ romhack.io/speakers-2021.…
📢 #RomHack2021 Agenda & Speakers We are happy to announce conference agenda & speakers romhack.io/agenda See you in Rome next 25th of September (re-tweets appreciated) Check the thread ⬇️ ⬇️ ⬇️
You liked Stéphane's blog posts on QEMU? (airbus-seclab.github.io/qemu_blog/) Join him tomorrow for this free @hardwear_io Webinar.
📽️In our next webinar 😎Stephane Duverger @Airbus will deep-dive into QEMU for security assessment ✅Register for the webinar➡️bit.ly/3id3uil #QEMU #embedded #Fuzzing #hardwaresecurity #webinar #kernel
Présentation par @_ceax de l’outil github.com/airbus-cyber/a… permettant de fuzzer des binaires via AFL++ et l’émulateur de #Ghidra. Projet visant à être une alternative à afl_unicorn pour les architectures #CPU non supportées (Xtensa, ppc…): static.sstic.org/rumps2021/SSTI…
[Tool] Fuzz exotic arch with AFL using Ghidra emulator with code coverage Ex: Fuzzing Xtensa binary code (#esp32) Blog: airbus-cyber-security.com/fuzzing-exotic… Github: github.com/airbus-cyber/a… #GHIDRA #AFLplusplus
Inside SimpliSafe Alarm System medium.com/tenable-techbl…
Reverse Engineering Testo Saveris2 firmware jon-cederqvist.medium.com/reverse-engine…
i tried to make a beginner-friendly post about some of the basics related to code coverage in fuzzing, just going over terminology, common strats, and some tooling. hopefully this will be useful for some! h0mbre.github.io/Fuzzing-Like-A…
[New Post] Here is my write-up on my RCE affecting Schneider Electric ControlExpert by chaining 3 #0day: #CVE-2020-28211 CVE-2020-28212 CVE-2020-28213 Find out how to bypass project protection, hijacking UMAS session, and inject bytecode into PLC simulator airbus-cyber-security.com/remote-code-ex…
![_ceax's tweet image. [New Post] Here is my write-up on my RCE affecting Schneider Electric ControlExpert by chaining 3 #0day: #CVE-2020-28211 CVE-2020-28212 CVE-2020-28213
Find out how to bypass project protection, hijacking UMAS session, and inject bytecode into PLC simulator
airbus-cyber-security.com/remote-code-ex…](https://pbs.twimg.com/media/EpMmsMgW8AA9k38.jpg)
LIVE TODAY AT 2PM CET: @_Homeostasie_ & @_ceax, #Vulnerability Researchers, will present at #GreHack20. Livestream available at youtu.be/Q5TpkHvPFqw w/ @GrehackConf
Fixes available for my RCE on Schneider Electric EcoStruxure Control Expert (CVE-2020-28211, CVE-2020-28212, CVE-2020-28213). More details in my blog post will be coming soon... cert.ssi.gouv.fr/avis/CERTFR-20… se.com/ww/en/download…
Hey folks, One day/one talk 1 First speakers are Nicolas Delhaye and Flavian Dola with their talk "Vulnerability Research: A full chained exploit from IT network to PLC’s unconstrained code execution".
[Tool] Just released IP2LoRa! Tunneling IP over #LoRa to make link over kilometers. Enjoy! Devices actually supported: B-L072Z-LRWAN1 @ST_World - #WisNode @RAKwireless - LoStick @ronoth_iot Blog: airbus-cyber-security.com/ip2lora/ Github: github.com/airbus-cyber/I…