Our @offensive_con slides "UEFI Firmware Vulnerabilities: Past, Present, and Future" are now available. New disclosures are coming soon. Stay tuned!
/cc @flothrone@yeggorv
https://t.co/kSUcQtnhlB
I stumbled upon a fun heap overflow in Github's markdown rendering library. RCE via a malicious README 🤔 Demonstrates the risk of memory unsafe dependencies used by scripting languages. https://t.co/4zFIdgNmZN
PIC your Katz! Say hello to HandleKatz, our position independent Lsass dumper abusing cloned handles, direct system calls and a modified version of minidumpwritedump() brought to you by @thefLinkk#BruCON0x0D https://t.co/eufJcgo4XL
It turns out that wireless charging leaks private data. It leaks information about websites visited by the user. " allows accurate website fingerprinting on a charging smartphone". Information leaked depends on the battery level. Cool work! #GDPR#ePrivacy https://t.co/CgclD0kzeB
(1/3) Did you ever wonder how to disable Defender for Endpoint including bypassing the new tamper protection? It's that simple:
1. Run ProcessHacker with the "TrustedInstaller" Plugin (https://t.co/HPqy7ca1WV)
2. Run regedit.exe with Trusted Installer Privileges
AWS fixed a terminal escape injection in AWS CloudShell. The bug could have resulted in a full account compromise if an admin views malicious logs or external data using CloudShell: https://t.co/xnFkP87W9i
A few months ago Cellebrite announced that they would begin parsing data from Signal in their extraction tools. It seems they're not doing that very carefully.
Exploiting vulnerabilities in Cellebrite's software, from an app's perspective: https://t.co/9ar6ypnPe2
You might want to update your F5 Big IP appliances: https://t.co/RFcuOhoDA7. https://t.co/0we3xD9xvY and https://t.co/o3SoCaY5si are two data-plane bugs that got fixed.
Node.js patched an easy to trigger UaF in their TLS implementation: https://t.co/gwk3p1H9aB. Seems very hard to exploit against Current on Linux, but other version-OS combinations might be doable.
I am happy no announce that we are going to launch a global ISAC initiative for Railway Operators, Railway Undertakings (RU) & Railway Infrastructure Manager (IM) in 2021. Our goal is to strengthen practical digital defense for railways worldwide.
#ISAC#CSIRT#railway
I reported two interesting issues in usrsctp, which are now fixed: https://t.co/wNiUTiCxAk and https://t.co/62O9Z7S0wO. Take a look at @natashenka amazing blog series on Android messenger exploitation to see why you should care about usrsctp: https://t.co/vD3jhp9Ncm
Apache 2.4.46 has fixes for three vulnerabilities I reported (https://t.co/8yW2PIBv9G) The http2 push diary bug is the most interesting one: Depending on your distris mod_http2 version it is either a wild memmove or a controlled OOB write (https://t.co/JEQ6jwLTwO)
Recon and the https://t.co/ppYocDgP90 team are considering running a free OpenSOC Blue Team CTF for folks looking to stay sharp while at WFH Camp COVID! Seats would be limited, but we'll support as many as we can on a first-come basis. Any interest from the #infosec crowd?