Vulnerability Detection

Vulnerability Investigation Method of BusyBox in Emergency Situations

by
Vulnerability Investigation Method of BusyBox in Emergency Situations

1. Basic Support Features of BusyBox1.Advantages of Static Compilation Does not rely on system dynamic link libraries (such as glibc), avoiding the risk of malicious dynamic library hijacking through LD_PRELOAD Provides a trusted command execution environment, preventing attackers from tampering with system commands like ls, ps, netstat, leading to erroneous information 2.Lightweight Tool Integration Packs … Read more

Python Hacking Tool: CyberKit – A Powerful Cybersecurity Suite

by
Python Hacking Tool: CyberKit - A Powerful Cybersecurity Suite

In the battlefield of cybersecurity, Python is like a multifunctional Swiss Army knife. Today, I want to unveil an impressive cybersecurity toolkit – CyberKit. This is not just an ordinary toolkit, but a powerful tool that catches the attention of security researchers and penetration testing experts. Imagine being able to easily perform port scanning, network … Read more

Adaptive Fuzz Testing for ECUs: A Modular Testing Platform Approach to Enhance Vulnerability Detection

by
Adaptive Fuzz Testing for ECUs: A Modular Testing Platform Approach to Enhance Vulnerability Detection

Abstract This presentation introduces an adaptive fuzzing physical testing platform designed to identify vulnerabilities in automotive systems, with a particular focus on the Controller Area Network (CAN) bus. By employing “Automated Reverse Engineering Guided Fuzzing” (ARE – GF), our framework assesses the security resilience of CAN networks against complex attacks. The demonstration showcases a live … Read more

Embedded Linux Firmware Simulation and Security Analysis with Firmadyne

by
Embedded Linux Firmware Simulation and Security Analysis with Firmadyne

Firmadyne is an open-source software for automated analysis of embedded Linux system security, developed by Carnegie Mellon UniversityDaming D. Chen. It supports batch detection, with the entire system including firmware crawling, root filesystem extraction, QEMU simulation execution, and vulnerability discovery. The system can be downloaded from github: https://github.com/firmadyne/firmadyne The framework is shown in the figure … Read more