Practical macOS Security Researcher Notes and Guide (OSMR)
By Zeyad Azima MacOS ArchitectureIntroduction 1. Application Layer AppKit: Facilitates the creation of desktop application interfaces, handling events, drawing operations, and user interface elements like buttons and text fields. For example, when you create a new document in TextEdit, AppKit is responsible for displaying the window, text editing area, an..
Read more
Bypass 2 RCE: Apache HugeGraph Server
By Zeyad Azima IntroductionDuring my ongoing security research into Apache products, specifically focusing on Remote Code Execution (RCE) vulnerabilities, I discovered a fascinating and critical flaw in Apache HugeGraph Server’s latest version(1.5.0). This vulnerability represents a unique case where the same malicious payload that gets consistently blocke..
Read more
ROPGadget: Writing a ROPDecoder
By Zeyad Azima IntroductionWelcome All!, In this blog post we will be talking about creating a ROPDecoder from scratch as many people face issues in understand the automated process of it. And note that you must know how to bypass DEP and what’s ROPGadgets, We wil be Starting from selecting our ROP Gadget, Going to encoding and decoding our shellcode manu..
Read more