dev – Page 3 – WindowsTechs.com

memcpy() in device/program with jemalloc allocator does not crash

Posted on February 16, 2020 by dev

Managed to get signed length value to memcpy()

02-16 01:44:49.096 6423 6471 W bt_hci_packet_fragmenter: reassemble_and_dispatch reassemble_and_dispatch
02-16 01:44:49.096 6423 6471 W bt_hci_packet_fragmenter: reassemble_and_dispatch p… Continue reading memcpy() in device/program with jemalloc allocator does not crash→

Obtaining code execution from use after free?

Posted on September 13, 2019 by dev

Can somebody advise how to exploit this use after free bug on a high level, if this is even possible? Low level (detailed advice) would also be great.

How to obtain code execution here?

The bug is simulated and this is do… Continue reading Obtaining code execution from use after free?→

NSS error when running curl command [on hold]

Posted on July 22, 2019 by dev

Getting the below error (NSS error -5990) when trying to connect using curl

About to connect() to xxx.yyy.com port 443 (#0)
* Trying nnn.nn.nn.nn… connected
* Connected to xxx.yyy.com (nnn.nn.nn.nn) port 443 (#0)
* Initi… Continue reading NSS error when running curl command [on hold]→

User access control and management in AWS Environment

Posted on May 21, 2019 by dev

wondering what other SMBs are doing to manage dynamic access requirements for AWS platform.

Currently we have 3 IAM roles (admin, dev, readonly) which users can choose after authenticating with https://www.okta.com/

Is ther… Continue reading User access control and management in AWS Environment→

Automated PHP Script to encrypt/decrypt using gpg 2.0.28 [migrated]

Posted on September 19, 2017 by dev

Trying to use gpg (GnuPG) 2.0.28 to encrypt/decrypt some text in a script.

From version 2 on-wards, gpg-agent forces pinentry upon calling the adddecryptkey() function (even when the function includes the passphrase paramete… Continue reading Automated PHP Script to encrypt/decrypt using gpg 2.0.28 [migrated]→

Orphan certificate alert for unknown site on running RDP session

Posted on January 27, 2017 by dev

Setup: 11 Windows7 Workstations, Windows 2008 SBS SP2, Cisco Router

Yesterday I RDP’ed to my long running admin session in Windows SBS 2008 to find this security alert waiting:

Clicking on “View Certificate” reveals this:… Continue reading Orphan certificate alert for unknown site on running RDP session→

CVE-2015-3864 – Android Stagefright – how Integer Overflow happens here?

Posted on September 19, 2015 by dev

I am trying to understand how “Integer Overflow” happens here and how it works.

The vulnerability exists in the chunk of “tx3g”. Chunk_size is the unit which overflows the sum of size. That’s to say, the memory assigned is less than the s… Continue reading CVE-2015-3864 – Android Stagefright – how Integer Overflow happens here?→