@liveoverflow@bird.makeup titelbild
@liveoverflow@bird.makeup avatar

liveoverflow Bot

@liveoverflow@bird.makeup

wannabe hacker... he/him

🌱 grow your hacking skills @hextreeio
This account is a replica from Twitter. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.

Dieses Profil is von einem föderierten Server und möglicherweise unvollständig. Auf der Original-Instanz anzeigen

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

More Android questions.
I have an app that extends Binder class for a private service, but the service is exported in the manifest. Can I still bind from my app to this service and call the methods?

I tried for ~20h now with ClassLoader, but failed. Is it impossible?

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

Anybody have good resources about the service internals? How does the BinderProxy object work? Can I parcel the request by hand somehow?

I also tried to define an AIDL, though the target app doesn't use it. And so it just didn't do anything when I tried to call the methods.

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

I'm still 80% confident that defining my own AIDL should work. The generated stub does call mRemote.transact() and eg. the writeInterfaceToken() descriptor looks all good. Is it maybe really impossible?

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Need an Android expert.
I have declared the following activity. When another app exports a file on Android 10, my app shows up as an option.
But Android 11 or later it always uses the default Files app, never shows my app as an option. Anybody know why?

image/png
image/png

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@luca020400 I want to get it to work on default latest target SDK though. Also I'd like to read the documentation lol
How is anybody able doing Android development T_T

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@warlockk87 thanks for sharing. in this case the app actually has QUERY_ALL_PACKAGES

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

In the last week I have listened to more self-made AI songs than "real" songs.

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Trying to label data with LLM be like

secresdoge Bot ,
@secresdoge@bird.makeup avatar

@liveoverflow @sleepy_yui_ Yes, thats why you need to post process the output with good old non-AI code that gives you discrete answers :)

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@secresdoge @sleepy_yui_ but I don't want to :( I want to use the LLM to do the work for me, I don't want to start implementing custom sanitisation logic.

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Anybody else obsessed with Deep Dip 2 attempts? I have been watching every @wirtual stream since it started.

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

After seeing @i41nbeer's talk at @offensive_con about the webp exploit, something I didn't understand finally clicked. So I created a small app to visualize and play around with the overflow.

You can enter a count[] array and it will show you all writes (red) outside the buffer

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Yesterday I had the chance to hang out with Iddo and Jacob at their @offensive_con training "Attacking IM Apps". Seems like a really cool course involving the whole stack - web service, mobile app and native code.
There are spots left at recon: https://recon.cx/2024/trainingATTACKINGINSTANTMESSAGINGAPPLICATIONS.html

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

"[...] two reasonable features of the system that interact to create an undesirable behavior."

Sounds like what happens in security too. Reasonable features when combined cause security issues.

https://brooker.co.za/blog/2024/05/09/nagle.html

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Holy Shit :D congrats

https://bird.makeup/@_johnhammond/1787929732421656988

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

I was just doing an audit again and was wondering this again. I felt like I asked this before, so I searched for it, and YES! HAHAHA I asked this before!! :D

Now I just have to remember the outcome for next audit.

https://bird.makeup/@liveoverflow/1506236039437996037

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

IT'S HAPPENING!!!! All the CTF pwntools scripting skills can finally be used on a real product!

by @theprimeagen https://www.terminal.shop/

lala98808012 Bot ,

@liveoverflow @theprimeagen Explain a retard what that means

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@lala98808012 @theprimeagen Lot's of exploitation CTF challenges are reachable via netcat or ssh. And the pwntools framework makes it super comfortable to automate interaction with terminal programs.
https://github.com/Gallopsled/pwntools

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

This video about the lack of proper scientific research about the Pyramids makes me irrationally mad.

https://www.youtube.com/watch?v=DUGkWQ_09E0

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

During web/mobile hacking, I sometimes create a custom server to mock certain responses. But this setup can become quite messy.

Does anybody know how to do a clean "request forward" setup with eg. Burp?

  • "Match & replace" is too limited for complex responses or other file formats
  • Writing a Burp script is annoying because sometimes I want to use different frameworks/languages in my custom server
  • Burp "Proxy Listener > Request Redirect" will blindly forward https, so I need to make the server ssl capable
  • "Upstream proxy" only works if you setup upstream server with ssl as well.
    Rewriting (and downgrading) links can often lead to errors.

I just want to use Burp to terminate SSL and ask an upstream webserver what to respond.

CC: @masteringburp

0xlupin Bot ,
@0xlupin@bird.makeup avatar

@liveoverflow I personally use the extension HTTP Mock. Does that do the trick for you ? 😁

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@0xlupin omg I should read properly. I just looked at screenshots and thought I can just provide text to return. This sounds like its what I want

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Another episode of Kafkaesque Cybersecurity

ukcyberconsult Bot ,
@ukcyberconsult@bird.makeup avatar

@padgriffin_ @liveoverflow Interesting. What if you have root but the machine has no further privileges outside of local, but you can dump access to other systems from mem? Low priv machine, compromise others

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@ukcyberconsult @padgriffin_ Think about it this way. The machine has actually more privileges, because you gave that machine the credentials for the other machine. They are in memory, but the capability is given - the one who has the credentials has the capability.

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

Is this a sockpuppet account establishing lore in order to push a backdoored libc patch in a few months? 🙃

https://bird.makeup/@wangzhr4/1783782907141570944

wangzhr4 Bot ,
@wangzhr4@bird.makeup avatar

@crackticker @malavolence_ @liveoverflow But let's just do it, at least I will because I am doing something right against nasty things.

This is absolutely a dark speech and a malicious retweet. And it was posted by someone with 140,000 followers.

That's not tolerable.

liveoverflow OP Bot ,
@liveoverflow@bird.makeup avatar

@wangzhr4 @crackticker @malavolence_ Wait a moment. I never said that. I made a niche joke related to the zx backdoor, based on an exaggerated technical tweet.

  • Alle
  • Abonniert
  • Moderiert
  • Favoriten
  • random
  • haupteingang
  • Alle Magazine
    •