Olivia
Online
Subreption LLC
@subreption
We break things, build things... sometimes before anyone else. Defensive & offensive security R&D and skunkworks projects since ~2006. Silent until we are not.
Ring ≤ 0 | (US, MENA, EU)
Joined November 2011
54 Following
662 Followers
221 Posts
Pinned Tweet
Subreption releases research exposing critical security flaws in FIPS/Common Criteria certified enterprise network switches. (https://t.co/MlBwkxXezr)
FLAPPYSWITCH abuses CVE-2024-50604, CVE-2024-50605, CVE-2024-50606 and CVE-2024-50607, for breaking out of the management "cli", executing a modular loader and achieving persistence in the underlying Linux-based OS through classic ELF infection techniques.
Vendor patches quietly released (Jan 2025) insufficiently addressed the issues, and misrepresented them as requiring physical access. Vulnerabilities remain exploitable.
Our research hopes to bring proper attention to the state of the art in enterprise network equipment security, as it is often overlooked, in the wake of the Salt Typhoon incident.
Available at:
https://t.co/66F1FWB2eu
Stay tuned for updates.
#FLAPPYSWITCH #salttyphoon
End of Sales is not End of Life. This is one understated PSA from law enforcement that will go sadly unnoticed and repeat for a few iterations well into the future. FLAPPYBIRD lives on!
The FBI has released a PSA warning that Russian FSB cyber actors are targeting end-of-life networking devices across critical infrastructure sectors. Click for technical details and further information on the FSB Center 16 unit conducting this activity: https://t.co/OZohNt0sDQ
The FBI has released a PSA warning that Russian FSB cyber actors are targeting end-of-life networking devices across critical infrastructure sectors. Click for technical details and further information on the FSB Center 16 unit conducting this activity: https://t.co/OZohNt0sDQ
FLAPPYSWITCH against a remote Ruckus ICX switch running latest 9.x firmware, in FIPS/Common Criteria mode, gaining code execution and persistence in under 20 seconds. Thanks to our collaborating researcher for both excellent code and comedy! #physicalaccessonly #notreally #FLAPPYSWITCH #securitymyth
Who to follow
Jennifer Lopez
@lopezjenniferw
@NatGeo Explorer | @JohnsHopkins Physics + Astronomy | #STEM #spacetech
Stacey Swall
@staceyswall
CEO of Tensor ID, Inc | Faith & Family
Gal Z
@0xgalz
Security Researcher. Reverse Engineering 💙 Vulnerability Research 💜 Embedded 🤖 C++🤩 OS Internals 🤍 Sewing🧵 Classical Music🎼 Opinions are my own.
Subreption releases research exposing critical security flaws in FIPS/Common Criteria certified enterprise network switches. (https://t.co/MlBwkxXezr)
FLAPPYSWITCH abuses CVE-2024-50604, CVE-2024-50605, CVE-2024-50606 and CVE-2024-50607, for breaking out of the management "cli", executing a modular loader and achieving persistence in the underlying Linux-based OS through classic ELF infection techniques.
Vendor patches quietly released (Jan 2025) insufficiently addressed the issues, and misrepresented them as requiring physical access. Vulnerabilities remain exploitable.
Our research hopes to bring proper attention to the state of the art in enterprise network equipment security, as it is often overlooked, in the wake of the Salt Typhoon incident.
Available at:
https://t.co/66F1FWB2eu
Stay tuned for updates.
#FLAPPYSWITCH #salttyphoon
Pending a more formal announcement, we are excited to introduce you to our research since fall 2024 into enterprise network security. Here comes FLAPPYSWITCH. "What can an incident like Salt Typhoon do to telco infrastructure at a hardware level?" needn't be an academic question anymore. Grab your answers! https://t.co/66F1FWBA42 @DistrictCon @CISACyber
7eb03d851c7af7c35b102a024de9d4e94ec693fb90c8f7bbdb05db8c89aa2162
625a4f85d1f648f4f447c9f15b7456c245bc6289604e5336b6f5b11211037707
d91e1b95253651fae4a97128a65101d742783848fc4eef4308767d77cf9c5626
c1330c4c4935d95d9c7af194c6c4312f8849c4c4aaef4178bb88418ec77029ad
We don't typically engage in discussions, but the UX/UI argument against Ghidra really is a cosmetic one. Ghidra is not charging you a separate full fee for every platform for the decompiler or disassembler. There are things IDA does slightly better than Ghidra, mostly for exotic targets. But that list has rapidly become shorter over time. While the free QA from the community is priceless, we still don't appreciate @NSACyber enough for the huge contribution they have made by releasing it. Not unlike DataWave and other things also in relative obscurity. That said, Ilfak has given members of the community some discounts years back.
We got hit with Beg Bounty shenanigans on New Year's! Read the story at https://t.co/h8alj3WeUb and https://t.co/r0vX2KPQr9 Homage to @troyhunt of @haveibeenpwned fame. Special thanks to @ThinkstCanary. Happy 2025! May this new year bring our friends happiness and a plethora of gnarly bug chains, and lots of anxiety to our foes! Just kidding, good wishes to those too! #begbounties #scams
Added a set of CVEs currently reported and in process of disclosure and remediation/mitigation: CVE-2024-50604, CVE-2024-50605, CVE-2024-50606, CVE-2024-50607, in Ruckus Networks/CommScope products. Underhyped research during the #SaltTyphoon aftermath! A throwback at @redballoonsec
Thank you @MITREcorp for resolving this on Sunday outside of working hours. Good credit is due here. It is true CVEs can take a while at times, and that sometimes third-parties abuse the system, but clearly there are people working overtime and outside of business hours to accommodate the demands of the industry. Excuse our impatience! :-)
@MITREcorp @CVEnew We are having issues obtaining CVE reservations with legitimate technical merit. After a few weeks and several follow ups with no response, could this policy be applied to CVE reservations that, for example, are bogus, or only backed by a dubious source (ex. a journalist whose prior experience in information security is reporting on Nintendo games and dating apps). With warm regards, from our team, we still patiently but eagerly wait for those CVEs reservations to finalize their trip behind the moon.
Releasing hackrf_sweeper (reimplementation of HackRF's hackrf_sweep as a library), along demo applications (including a ZMQ+CURVE client and publisher of FFT bins for remote sweeping). https://t.co/VV21xEk6sz
Finally proper YARA support for Ghidra without the suck: GhidraYara (https://t.co/klAK2qC7I7). Analyzer extension + plugin for rule generation and management, rolled up in one. More features to come, including integration with ProgramDB (for in-DB storage of rules and artifacts).
We have recently released a few things: hackrf_sweeper (hackrf_sweep properly reimplemented as a library) and GhidraYara (including refreshed Java bindings for YARA). https://t.co/VV21xEk6sz https://t.co/klAK2qC7I7
The test assembly rig from our blog post (https://t.co/9ZCEWOcJT1) is now available at: https://t.co/Yk0kk5SBpF With @thingiverse gone downhill for years & their strange censorship policies, we are happy to support @josefprusa and his @Prusa3D @printablescom from Poland! #openipc
It's never too late for a post about #chatgpt, finally. How well does it work for cryptography-related questions and challenges? Here's a short experiment just about that: https://t.co/AyB4B5PWdg #chatgpt #HackTheBox (TL;DR Not terrible)
While everyone was busy having a #crowdstroke, we have published a short primer about hardware and firmware reverse engineering of a video sensor used in IPC devices and FPV drones, fresh out of the labs: https://t.co/9ZCEWOcJT1 #re #ghidra
A short blog post: IEEE 802.11 wireless spectrum coverage metrics (improving probability of intercept with traditional wireless adapters, with actual numbers per configuration and optimized channel hopping) https://t.co/jIeuKGmZfv
On a different note, amidst the widespread plagiarism of original research in proactive defenses in Linux & other projects for the last decade, OpenBSD employs Machiavellian tactics: https://t.co/IpbdNinCEO "Release broken code, let them Ctrl+C/Ctrl+V, write sploits, ???"
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers