Some positivity.

[RSS] The Windows Registry Adventure #1: Introduction and research results

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

The story of the recent CVE tsunami by j00ru

The blog series based on one of the silicon research projects I've been working on is up!

Some really beautiful die shots in here.

https://ioactive.com/accessory-authentication-part-1-3/

https://ioactive.com/accessory-authentication-part-2-3/

https://ioactive.com/accessory-authentication-part-3-3/

Are we human? or are we dancer?
Introducing HydraDancer: A new hardware board and open source firmware for faster USB peripheral emulation.
The Facedancer legacy lives on!
If only we've gone faster it is because we relied on the previous work of our good neighbors

Thiébaud Fuchs tells the story here
https://blog.quarkslab.com/hydradancer-faster-usb-emulation-for-facedancer.html

Java 17.0.11 available for Solaris SPARC:

https://pkgs.tribblix.org/openjdk/sparc-solaris/

#openjdk #sparc #solaris

"2024 is the year of serverlesslessness"

https://www.youtube.com/watch?v=aWfYxg-Ypm4

GLIBC-SA-2024-0004 CVE-2024-2961
Glibc iconv buffer overflow when converting strings to the ISO-2022-CN-EXT character set.
Wonder: Is there a viable attack vector where a threat actor has control of the target character set for iconv()?
https://www.openwall.com/lists/oss-security/2024/04/17/9

Today is the last day to take our annual reverse engineering survey! Don’t miss out on your chance to win free licenses.

https://binary.ninja/survey/

"Education is intellectual infrastructure. So is science. They have very high yield, but delayed payback. Hasty societies that can't span those delays will lose out over time to societies that can."

— Stewart Brand

https://jods.mitpress.mit.edu/pub/issue3-brand/release/2

Looks like more libarchive CVE analysis is out from ZDI 👏

https://infosec.exchange/@thezdi/112286702067650822

In my last Patch Tuesday post for CVE-2024-20696, I linked a diff that details the patch for CVE-2024-20697 explained in ZDI’s writeup. Seems to line up! 🧐

https://diffpreview.github.io/?9574f311b3d3ff91d1ad0eb6c04138c0
👀

https://youtube.com/watch?v=zprSxCMlECA

There’s #demoscene, and then there’s this abomination of nature and genius

Somebody must have bet him that he couldn’t make a demo without the computer itself

Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

[RSS] Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1945

CVE-2023-51391

[RSS] LSA Whisperer

https://posts.specterops.io/lsa-whisperer-20874277ea3b

Impressive work, expect to see a ton of tooling built on this!

Edit: The "Dead Ends" section deserves extra praise - documenting failed attempts can spare tons of work for others and help better understand the subject!

The last episode of the "Hermit Project" is out, and it offers some insight into possible future scenarios for the project and my life.

Because Hermit wasn't just a computing project, it was mostly a journey of self-discovery.

https://tara.sh/posts/2024/2024-04-18_hermit_part_6/

Special thanks to @nina_kali_nina, @yottatsa, @usrbinkat and a friend (if you're reading this, yeah, it's you).

Also thanks to @kiwa and @ruhrscholz

#computing #homelab #life

[RSS] Compiling and Running Turbo Pascal in the Browser

https://hackaday.com/2024/04/17/compiling-and-running-turbo-pascal-in-the-browser/

[RSS] Entra ID Banned Password Lists: password spraying optimizations and defenses

https://www.synacktiv.com/en/publications/entra-id-banned-password-lists-password-spraying-optimizations-and-defenses

[RSS] Passbolt: a bold use of HaveIBeenPwned

http://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html

[RSS] Chaining N-days to Compromise All: Part 4 — VMware Workstation Information leakage

https://blog.theori.io/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage-44476b05d410?source=rss-4b564abdafa3------2

A PSA since there's some confusion on this...

There is no vulnerability in Gorilla Sessions.

The vulnerability is in Palo Alto's internal SessDiskStore, which looks similar to FilesystemStore. Early analysis came to the mistaken conclusion that the vulnerable path was in FilesystemStore, but it's not. FilesystemStore authenticates the Session.ID with securecookie, SessDiskStore does not.