Outer Web | Explore

Explore >> Select a destination

You are here		theevilbit.github.io DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX · theevilbit blog
\|	\|	blog.google Analyzing a watering hole campaign using macOS exploits	76.9 parsecs away Travel
\|	\|	To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.As is our policy, we quickly reported this 0-day to the vendor (...	76.9 parsecs away Travel
\|	\|	www.alicegg.tech How to publish your Godot game on Mac	71.4 parsecs away Travel
\|	\|	Since 2019, Apple has required all MacOS software to be signed and notarized.This is meant to prevent naive users from installing malware while running softw...	71.4 parsecs away Travel
\|	\|	blog.krzyzanowskim.com @rpath what?	62.5 parsecs away Travel
\|	\|	what? In short: dynamic linking happened. Dynamic linking - what it is? It's an operation that happens when part of the code spreads across different files (called libraries), and the binary content of the library is loaded in runtime. A dynamic linker (which is a system tool) finds a symbol	62.5 parsecs away Travel
\|	\|	blog.nuculabs.dev Practical Binary Analysis - CTF Walkthrough - Level 3, 4 \| NucuLabs	89.3 parsecs away Travel
\|		Hello, In this article I'll present you my solution on the Chapter 5 CTF from the book Practical Binary Analysis. For this binary, the hint is to fix four broken things. Running file gives us the following response: 1 2 binary@binary-VirtualBox:~/ctf$ file ./lvl3 ./lvl3: ERROR: ELF 64-bit LSB executable, Motorola Coldfire, version 1 (Novell Modesto) error reading (Invalid argument) And the readelf command gives us: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 binary@binary-VirtualBox:~/ctf$ readelf -h ./lvl3 ELF Header: Magic: 7f 45 4c 46 02 01 01 0b 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: Novell - Modesto ABI Version: 0 Type: EXEC (Executable file) Machine: Motorola Coldfire Version: 0x1 Entry point address: 0x4005d0 Start of program headers: 4022250974 (bytes into file) Start of section headers: 4480 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 29 Section header string table index: 28 readelf: Error: Reading 0x1f8 bytes extends past end of file for program headers At this moment, it was clear that the ELF header is broken, in order to fix it I opened up Wikipedia and the elf specification.	89.3 parsecs away Travel