I experimented with using Claude through MCP as a reverse engineering assistant alongside JADX and IDA Pro to analyze a Mitel MiCollab CVE.
The result was surprisingly effective for patch analysis and root cause identification.
Full write-up:
https://t.co/rFfq6hRcX9
Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue.
Documented the problem here: https://t.co/qINFoNP4uF
Thanks to mario of @cure53berlin for excellent communication! #DOMPurify#security
MS finally replys to our email and allow us to public more details about the Auth bypass and Code Injection chain in SharePoint, which was used in Pwn2Own Vancouver 2023.
Here is the (not-so) fully working PoC for that:
https://t.co/kj6decsL4S
Have a nice weekend! ;)
If you are attending #BSidesChicago, don't miss @attrc's talk, Hunting For Credential Dumping Attacks In Modern Windows Environments, Nov 10 @ 1:00PM (Note the new time!). The full conference schedule is here: https://t.co/etUkLBh9LQ
#memoryforensics#dfir
Announcing #Pwn2Own Vancouver 2023! #Tesla returns with a new Steam VM escape category. #Windows DNS & ISC BIND are new. macOS return in the LPE category and much more. 7 categories total with more than $1,000,000 in cash and prizes. Read the details at https://t.co/Uk4f7AlDth
☢️ I'm so excited - just issued my first blog post☢️
As promised - sharing my @WarConPL slides deck on:
https://t.co/mynQW0aXsF
Power of positive feedback made me publish them during my first day of holidays (●'◡'●)
Let me know if you like it 🔥
Just published detailed analysis of Microsoft Exchange Deserialization to RCE (CVE-2021-42321), which's also found exploited in Tianfu Cup.
English version from @peterjson
PoC is not provided,
Have fun!
https://t.co/H9Q2Q5Gbpw
GitLab ExifTool DjVu1 RCE (CVE-2021-22205)
1. Generating the payload. This generates a DjVu image named attack.jpg
2. Sending the payload. Any random endpoint will do.
curl -v -F 'file=@attack.jpg' http://[Victim]/$(openssl rand -hex 8)
https://t.co/ovTDurAVJV