ITSEC Newsletter 2023-04-13

"Java deserialization gadgets have a long history in context of vulnerability research and at least go back to the year 2015. One of the most popular tools providing a large set of different gadgets is ysoserial by Chris Frohoff. Recently, we observed increasing concerns from the community why several gadgets do not seem to work anymore with more recent versions of JDKs. In this blog post we try to summarize certain facts to reenable some capabilities which seemed to be broken."

"This part focuses more on the basic obfuscation techniques used in .Net samples such as Control flow Obfuscation, Proxy Calls, Anti Debug and Anti Tamper. I write a de4dot plugin for VirtualGuard that patches the .Net binary and removes all the protections except VM Devirtualization."

"This is the second part on the VirtualGuard Protector series which focuses on the virtualization techniques. I write a devirt for the VMs implemented in VirtualGuard using AsmResolver."

"While researching another topic, I stumbled across a Tool Command Language (TcL) Script created by Arseniy Sharoglazov. This script can be uploaded to a Cisco flash file system and executed or remotely executed to create a port forward or a dynamic SOCKS4a proxy server on a Cisco router."

"One common perception is that it is easier to write rules for Semgrep than CodeQL. Having worked extensively with both of these static code analysis tools for about a year, I have some thoughts. As a practitioner, I’m not required to know the exact workings of these tools, but a recent deep dive into their theoretical foundations inspired me to consolidate my thoughts here."