Tag malware

InfoSec Week 29, 2018

The academics have mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The novel part is that they are using real map data to generate plausible malicious instructions.
https://www.bleepingcomputer.com/news/security/researchers-mount-successful-gps-spoofing-attack-against-road-navigation-systems/

Folks from Cloudflare, Mozilla, Fastly, and Apple during a hackaton implemented Encrypted Server Name Indication (SNI). There are implementations in BoringSSL, NSS and picotls.
https://twitter.com/grittygrease/status/1018566026320019457

Good insight on how credit card thieves use free-to-play apps to steal and launder money from the credit cards.
https://kromtech.com/blog/security-center/digital-laundry

Chromium recently introduced Cross-Origin Read Blocking (CORB) that helps mitigate the threat of side-channel attacks (including Spectre).
https://www.chromium.org/Home/chromium-security/corb-for-developers

For anybody interested in reverse engineering, nice write up about the Smoke Loader malware bot unpacking mechanism and communication with the C&C.
https://www.cert.pl/en/news/single/dissecting-smoke-loader/

A research on how to bypass memory scanners using Cobalt Strike’s beacon payload and the gargoyle memory scanning evasion technique.
https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/

Eset researchers analyzed ongoing espionage campaign against the Ukrainian government institutions.
https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf

The intercept summarized what the public has learned about Russian and U.S. spycraft from the Special Counsel Robert Mueller’s indictment of hackers.
https://theintercept.com/2018/07/18/mueller-indictment-russian-hackers/

Security researchers have uncovered a highly targeted mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

There is an exploit for Ubuntu Linux (up to 4.17.4) where other users coredumps can be read via setgid directory and killpriv bypass.
https://www.exploit-db.com/exploits/45033/

InfoSec Week 28, 2018

Hackers have poisoned the Arch Linux PDF reader package named “acroread” that was found in a user-provided Arch User Repository (AUR). They have put downloader malware inside.
https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/

Hackers took over the maintainer account of the eslint-scope and eslint-config-eslint npm packages and published malicious versions which were downloading some juicy scripts from the pastebin.com. https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes

Backend of the TimeHop iOS application was compromised, personal records of the 21 million customers leaked.
https://www.timehop.com/security/technical

Nice journalism about how few researchers found the names and addresses of soldiers and secret agents using Strava fitness application when the company published tracking maps on the internet.
https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app

Lexington Insurance Company and Beazley Insurance Company are suing Trustwave over a 2009 breach. Trustwave supposedly failed to detect malware that caused a breach.
This will be huge precedent in the whole industry.
https://www.bleepingcomputer.com/news/security/security-firm-sued-for-failing-to-detect-malware-that-caused-a-2009-breach/

One email to a North American Network Operators mailing list led to a concerted effort to kick a notorious BGP hijacking factory off the Internet.
https://blog.apnic.net/2018/07/12/shutting-down-the-bgp-hijack-factory/

It looks like that the Carbanak banking malware source code was leaked.
https://malware-research.org/carbanak-source-code-leaked/

Researchers found spying malware signed using digital certificates stolen from D-Link and other Taiwanese tech-companies.
https://thehackernews.com/2018/07/digital-certificate-malware.html

InfoSec Week 27, 2018

Samsung Galaxy S9 and S9+ devices, maybe others, are texting camera photos to random contacts through the Samsung Messages app without user permission.
https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages

Gentoo Linux distribution GitHub repository was compromised. Attacker removed out all the maintainers, who realized the intrusion only 10 minutes after he gained access. He add rm -rf /* to build scripts, changed README and some minor things.
https://wiki.gentoo.org/wiki/Github/2018-06-28

Since January 2017, Stylish browser extension has been augmented with spyware that records every single website that its 2 million other users visit, then sends complete browsing activity back to its servers, together with a unique identifier.
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/

Digicert Withdraws from the CA Security Council (CASC), because they "feel that CASC is not sufficiently transparent and does not represent the diversity of the modern Certificate Authority (CA) industry. Improving the ecosystem requires broad participation from all interested stakeholders, and many are being excluded unnecessarily."
Great step Digicert!
https://www.digicert.com/blog/notice-of-withdrawal-from-the-ca-security-council/

CryptoCurrency Clipboard Hijacker malware discovered by Bleeping Computer monitors for more than 2.3 million Bitcoin addresses, then replace them in memory, with the attacker address.
https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/

Local root jailbreak, authorization bypass & privilege escalation vulnerabilities in all ADB broadband routers, gateways and modems. The patch is already available.
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

A Microsoft Security division published an analysis of the malware sample which exploited the Adobe Reader software and the Windows operating system using two zero-day exploits in a single PDF file.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/

Blog about why it is not helpful to use the Canvas Defender extension, a browser canvas fingerprinting countermeasure.
https://antoinevastel.com/tracking/2018/07/01/eval-canvasdef.html

Blog about the cryptographic primitives used by the North Korean Red Star operating system. The OS is mostly uses AES-256 Rijndael with dynamic S-Box modifications, but the design is evolving and the latest version of the algorithm has more differences.
https://blog.kryptoslogic.com/crypto/2018/07/03/pyongyang.html

Interesting technique how to bypass web-application firewalls by abusing SSL/TLS. An attacker can use an unsupported SSL cipher to initialize the connection to the webserver which supports that cipher, but the WAF would not be able to identify the attack because it can't view the data.
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html

Good introduction to the Linux ELF file format with some practical examples how sections look like, how to shrink the size during compilation and more.
https://0x00sec.org/t/dissecting-and-exploiting-elf-files/7267

InfoSec Week 26, 2018

A reverse shell connection is possible from an OpenVPN configuration file. So be cautious and treat ovpn files like shell scripts.
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Mozilla integrates Troy Hunts' Have I Been Pwned (HIBP) database of breached passwords into Firefox. They will make breach data searchable via a new tool called Firefox Monitor.
https://www.troyhunt.com/were-baking-have-i-been-pwned-into-firefox-and-1password/

The suspected ringleader behind the well known Carbanak malware is under arrest, but of course, his malware attacks live on.
https://www.bloomberg.com/news/features/2018-06-25/the-biggest-digital-heist-in-history-isn-t-over-yet

It is possible to attack resources in the private network from the Internet with DNS rebinding attack.
"Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more."
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

Wi-Fi Alliance Introduces Wi-Fi Certified WPA3 Security. Again with a questionable cryptography, but we will see. That's how industrial alliances with expensive membership works.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security

IETF published draft of Issues and requirements for Server Name Indication (SNI) encryption in TLS.
The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.
https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-03

The unpatched WordPress vulnerability allows code execution for authors. Exploiting the vulnerability grants an attacker the capability to delete any file of the WordPress installation or any other file the PHP process user has the proper permissions to delete.
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Researchers identified three attack vectors against LTE (Long-Term Evolution, basically 4G) on layer 2 - an active attack to redirect network packets, a passive identity mapping attack, and website fingerprinting based on resource allocation.
https://alter-attack.net/

Cisco Talos team releases ThanatosDecryptor, the program that attempts to decrypt certain files encrypted by the Thanatos malware.
https://github.com/Cisco-Talos/ThanatosDecryptor

DEDA is a tool that gives the possibility to read out and decode color tracking dots which encode information about the printer. It also allows anonymisation to prevent arbitrary tracking.
https://github.com/dfd-tud/deda

InfoSec Week 24, 2018

Yet another high severity attack against the Intel CPUs. Unpatched systems can leak SIMD, FP register state between privilege levels. These registers are used for private keys nowadays.
The cost of a patch is more expensive context switches because the fix has to unload and reload all SIMD, FP state.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

The team behind the CopperheadOS, hardened Google-free Android fork, has imploded. Guys, CEO and CTO (main and probably the only developer) are blaming each other.
https://twitter.com/DanielMicay/status/1006299769214562305

Chromium devs are planning to enforce TLS protocol invariants by rolling new TLS 1.3 versions every six weeks.
According to the developers: "Every six weeks, we would randomly pick a new code point. These versions will otherwise be identical to TLS 1.3, save maybe minor details to separate keys and exercise allowed syntax changes. The goal is to pave the way for future versions of TLS by simulating them (“draft negative one”)."
https://www.ietf.org/mail-archive/web/tls/current/msg26385.html

The Kromtech Security Center found 17 malicious docker images stored on Docker Hub for an entire year. With more than 5 million pulls, containers were primarily used to mine cryptocurrency.
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers

At least 74 persons, mostly Nigerians, were arrested due to crimes related to the business e-mail compromise schemes.
https://garwarner.blogspot.com/2018/06/74-mostly-nigerians-arrested-in.html

Good summary of the existing inter-service authentication schemes. Bearer, hmac based tokens etc.
https://latacora.singles/2018/06/12/a-childs-garden.html

There is an Ancient "su - hostile" vulnerability in Debian 8 & 9. Doing "su - hostile" may lead to the root privilege escalation. Default sudo -u probably is affected too.
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/

There is a critical command injection vulnerability in the macaddress NPM package.
https://nodesecurity.io/advisories/654

Blog about the crafting remote code execution via server-side spreadsheet injection.
https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/

An implementation flaw in multiple cryptographic libraries allows a side-channel based attacker to recover ECDSA or DSA private keys. Lots of libraries affected, like LibreSSL, Mozilla NSS, OpenSSL, etc.
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

InfoSec Week 23, 2018

Australian government drafts new laws, that will force technology giants like Facebook, Google to give government agencies access to encrypted data.
https://www.theguardian.com/technology/2018/jun/06/planned-laws-to-force-tech-firms-to-reveal-encrypted-data

A security researcher at Telspace Systems, Dmitri Kaslov, discovered a vulnerability in the Microsoft Windows JScript component, that can be exploited by an attacker to execute malicious code on a target computer.
https://www.zerodayinitiative.com/advisories/ZDI-18-534/

IBM X-Force Research has uncovered a new Brazilian, Delphi-based MnuBot malware active in the wild. It downloads it's functionality during the execution dynamically from the remote C&C server, so its functionality can be upgraded on the fly.
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/

The US Department of Homeland Security and FBI issues alert over two new malware, Joanap remote access tool and Brambul SMB worm, linked to the Hidden Cobra hacker group.
https://www.us-cert.gov/ncas/alerts/TA18-149A

A Toronto-based investment firm alleges that a rival company hired the Israeli companies tied to state intelligence agencies, to help sway a business dispute over a 2014 bid for a telecommunications company.
https://www.calcalistech.com/ctech/articles/0,7340,L-3739390,00.html

Google announced a project Capillary: End-to-end encryption for push messaging in Android. It should be available backward to API level 19 - KitKat.
https://android-developers.googleblog.com/2018/06/project-capillary-end-to-end-encryption.html

Engineers from the University of Toronto have built a filter that slightly alters photos of people’s faces to keep facial recognition software from realizing what it's looking at. https://joeybose.github.io/assets/adversarial-attacks-face.pdf

Research paper about the business model of a botnet operation, even with a business model canvas!
https://arxiv.org/abs/1804.10848

New research takes on the problem of habituation to security warnings. They have used eye tracking and fMRI data to find out how people react to the security warnings in the software.
https://neurosecurity.byu.edu/misq-longitudinal-2018/

A new paper by Bonnetain and Schrottenloher giving improved quantum attack on a newly proposed Commutative Supersingular Isogeny Diffie–Hellman (CSIDH) key exchange. According to the paper, they show, that the 128-bit classical, 64-bit quantum security parameters proposed actually offer at most 37 bits of quantum security.
https://eprint.iacr.org/2018/537

InfoSec Week 22, 2018

Google Pixel 2 devices implement insider attack resistance in the tamper-resistant hardware security module that guards the encryption keys for user data.
It is not possible to upgrade the firmware that checks the user's password unless you present the correct user password.
https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html

Avast Threat Labs analyzed malware pre-installed on a thousands of Android devices. More than 18000 users of Avast already had this adware in a device. Cheap smartphones are primarily affected.
https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Great blog post about the USB reverse engineering tools and practices by the Glenn 'devalias' Grant.
http://devalias.net/devalias/2018/05/13/usb-reverse-engineering-down-the-rabbit-hole/

FBI advice router users to reboot devices in order to remove VPNFilter malware infecting 500k devices.
https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

If you didn't hear about the recent arbitrary code execution vulnerability in git software (CVE 2018-11234, CVE 2018-11235), there is a high level summary on the Microsoft DevOps blog.
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/

The white hat hacker received $25000 bug bounty for getting root access on all Shopify instances by leveraging Server Side Request Forgery (SSRF) attack.
https://hackerone.com/reports/341876

Attacking browsers by site-channel attacks using CSS3 features. The guys demonstrated how to deanonymize website visitors and more.
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/

The Underhanded Crypto Contest for 2018 started, the topic has two categories: Backdooring messaging systems & Deceptive APIs. If you want to write some backdoor to the cryptographic implementation bud you do not harm anybody, this is a good opportunity.
https://underhandedcrypto.com/2018/05/27/rules-for-the-2018-underhanded-crypto-contest/

Article about the new threat model and potential mitigations for the Chrome browser against the Spectre like vulnerabilities.
https://chromium.googlesource.com/chromium/src/+/master/docs/security/side-channel-threat-model.md

New article by the Intercept about the Google military drone AI contract. They want to make fortune on an image recognition.
https://theintercept.com/2018/05/31/google-leaked-emails-drone-ai-pentagon-lucrative/

Codechain - secure multiparty code reviews with signatures and hash chains.
According to the author, Codechain is not about making sure the code you execute is right, but making sure you execute the right code.
https://github.com/frankbraun/codechain

InfoSec Week 21, 2018

500,000 routers in more than 50 countries are infected with the malware targeting routers. Primarily home devices like Linksys, MikroTik, NETGEAR and TP-Link.
Cisco's Talos Security attributed malware to the future Russian cyber operations against the Ukraine. The US FBI agents seize control of the botnet.
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet

The Internet Archive's Wayback Machine is deleting evidence on the malware sellers. They have removed from their archive a webpage of a Thailand-based firm FlexiSpy, which offers desktop and mobile malware.
https://motherboard.vice.com/en_us/article/nekzzq/wayback-machine-deleting-evidence-flexispy

According to the McAfee team, North Korean threat actor Sun Team is targeting defectors using the malicious Android applications on Google Play.
https://securingtomorrow.mcafee.com/mcafee-labs/malware-on-google-play-targets-north-korean-defectors/

Don't use sha256crypt & sha512crypt primitives as shipped with GNU/Linux, they're leaking information about the password via time duration of a hashing operation.
Not critical vulnerability, but good to know.
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/

The Intercept published an interesting article about the Japanese signals intelligence agency, based on Snowden's leaks.
https://theintercept.com/2018/05/19/japan-dfs-surveillance-agency/

The US FBI repeatedly overstated encryption threat figures to Congress and the public.
https://www.washingtonpost.com/world/national-security/fbi-repeatedly-overstated-encryption-threat-figures-to-congress-public/2018/05/22/5b68ae90-5dce-11e8-a4a4-c070ef53f315_story.html

The US internet provider Comcast was leaking the usernames and passwords of customers’ wireless routers to anyone with the valid subscriber’s account number and street address number.
https://techcrunch.com/2018/05/21/comcast-is-leaking-the-names-and-passwords-of-customers-wireless-routers/

Amazon is pitching their facial recognition technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos.
https://www.nytimes.com/2018/05/22/technology/amazon-facial-recognition.html

Great blog about the SMS binary payloads and how SMS is weakening mobile security for years.
https://www.contextis.com/blog/binary-sms-the-old-backdoor-to-your-new-thing

Researchers from the Eclypsium found a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. They have even published Proof-of-concept.
https://blog.eclypsium.com/2018/05/17/system-management-mode-speculative-execution-attacks/

InfoSec Week 19, 2018

There is a first ransomware which is taking advantage of a new Process Doppelgänging fileless code injection technique. Working on all modern versions of Microsoft Windows, since Vista. This variant of a known SynAck ransomware is using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process.
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/

Security researchers from the Dutch information security company Computes has found that some Volkswagen and Audi cars are vulnerable to remote hacking. They were able to exploit vehicle infotainment systems. The possible attackers could track car location as well as listen to the conversations in a car.
https://www.bleepingcomputer.com/news/security/volkswagen-and-audi-cars-vulnerable-to-remote-hacking/

Twitter found a bug that stored user passwords unmasked in an internal log, there is no indication of a breach, but all Twitter users should change their passwords.
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html

There is a breakthrough cryptographic attack on 5-round AES using only 2^22 (previous best was 2^32) presented at CRYPTO 2018. It is joint work of Nathan Keller, Achiya Bar On, Orr Dunkelman, Eyal Ronen and Adi Shamir. This kind of attack is good when evaluating the security of a cipher, it does not have any real world implication as the AES is using at least 10 rounds in production implementations.
https://eurocrypt.2018.rump.cr.yp.to/a7141747a6c49798313a278e9a70afe2.pdf

Bug hunter which found multiple vulnerabilities in the 7-zip software used by anti-virus vendors wrote an blog on how to exploit one of such bugs. Interesting read.
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/

The 360 Core Security Division response team detected an APT attack exploiting a 0-day vulnerability and captured the world’s first malicious sample that uses a browser 0-day vulnerability (CVE-2018-8174). It is a remote code execution vulnerability of Windows VBScript engine and affects the latest version of Internet Explorer.
Microsoft patched this vulnerability few days ago and credited Chinese researchers.
http://blogs.360.cn/blog/cve-2018-8174-en/

Source code of TreasureHunter Point-of-Sale malware leaks online.
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/

The ssh-decorator package from Python pip had an obvious backdoor (sending ip+login+password to ssh-decorate[.]cf in cleartext HTTP).
https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/

Luke Picciau wrote about his experience with Matrix and it's Riot messenger for one year.
https://itscode.red/posts/1-year-using-matrix/

There is a first official version 1.0 RC of Briar for Android.
Briar is an open-source End-to-end encrypted Bluetooth / WiFi / Tor based mesh-networking (decentralized) messaging application.
https://briarproject.org/download.html

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.
https://github.com/guardicore/monkey

InfoSec Week 17, 2018

A loud sound emitted by a gas-based fire suppression system deployed in the data center has destroyed the hard drives of a Swedish data center, downing NASDAQ operations across Northern Europe.
https://www.bleepingcomputer.com/news/technology/loud-sound-from-fire-alarm-system-shuts-down-nasdaqs-scandinavian-data-center/

Signal for iOS, version 2.23.1.1 and prior, is vulnerable to the screen lock bypass (CVE-2018-9840).
The blog explains how the vulnerability can be exploited in practice.
http://nint.en.do/Signal-Bypass-Screen-locker.php

Good summary about the integrated circuits Counterfeiting, detection and avoidance methods by hardware engineer Yahya Tawil.
https://atadiat.com/en/e-introduction-counterfeit-ics-counterfeiting-detection-avoidance-methods/

A new python-based cryptocurrency mining malware PyRoMine (FortiGuard Labs) is using the ETERNALROMANCE exploit attributed to the NSA, to propagate Monero cryptocurrency miner.
https://securityboulevard.com/2018/04/python-based-malware-uses-nsa-exploit-to-propagate-monero-xmr-miner/

The Australian Bureau of Statistics tracked people by their mobile device data to enrich their collection of data.
https://medium.com/@Asher_Wolf/the-australian-bureau-of-statistics-tracked-people-by-their-mobile-device-data-and-didnt-tell-them-16df094de31

BGP hijack affected Amazon DNS and rerouted web traffic for more than two hours. Attackers used the hijack to serve fake MyEtherWallet.com cryptocurrency website.
https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f

Embedi researchers analyzed the security of a Huawei Secospace USG6330 firewall firmware. Good insight on how to analyze devices in general.
https://embedi.com/blog/first-glance-on-os-vrp-by-huawei/

The ISO has rejected SIMON and SPECK symmetric encryption algorithms designed and proposed by the NSA. They are optimized for small and low-cost processors like IoT devices.
https://www.schneier.com/blog/archives/2018/04/two_nsa_algorit.html

The Center for Information Technology Policy at Princeton Announced IoT Inspector - an ongoing initiative to study consumer IoT security and privacy.
https://freedom-to-tinker.com/2018/04/23/announcing-iot-inspector-a-tool-to-study-smart-home-iot-device-behavior/

There is a Proof of Concept for Fusée Gelée - a coldboot vulnerability that allows full, unauthenticated arbitrary code execution on NVIDIA's Tegra line of embedded processors. This vulnerability compromises the entire root-of-trust for each processor, leading to full compromise of on-device secrets where USB access is possible.
https://github.com/reswitched/fusee-launcher/blob/master/report/fusee_gelee.md


Page 1 / 7