Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !

#pwndbg #gdb #pwning #reverseengineering #binaryexploitation #kernel #debugging

[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/

Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.

— Andy Rooney

I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.

Slides are here:
https://docs.google.com/presentation/d/1-CgBbVuFE1pJnB84wfeq_RadXQs13dCvHTFFVLPYTeg/edit?usp=drivesdk

Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.

Optimizing the regexes, or not

https://www.hexacorn.com/blog/2025/02/22/optimizing-the-regexes-or-not/

It's EXPLOIT CLUB DAY 📰

Linux kernel goodies from @h0mbre_

@patch1t spends another week showing you no patch is safe

@vv474172261 makes Microsoft re-think their bounty program

USB Restricted Mode Bypass RCA from @quarkslab

+ Jobs and MORE 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-60-kctf-patch-gaps-usb-restricted-mode-bypasses-llm-harnesses-and-more/

Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread
https://h0mbre.github.io/Patch_Gapping_Google_COS/

New Project Zero issue:

Linux: io_uring: UAF of io_ev_fd; io_eventfd_do_signal() frees on refcount drop without RCU delay

https://project-zero.issues.chromium.org/issues/388499293

CVE-2025-21655

PostgreSQL 17.4, 16.8, 15.12, 14.17, and 13.20 Released

https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

This fixes a regression introduced by the latest vulnerability fix:

"The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes."

CVE 2025-26794 - SQL injection in Exim

https://exim.org/static/doc/security/CVE-2025-26794.txt

Configs using SQLite may be vulnerable.

Project: python/cpython https://github.com/python/cpython
File: Lib/pathlib/_abc.py:504 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/pathlib/_abc.py#L504

def walk(self, top_down=True, on_error=None, follow_symlinks=False):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fpathlib%2F_abc.py%23L504&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fpathlib%2F_abc.py%23L504&colors=light

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2fe6c

VerifyCertChain

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2fe6c.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2fe6c.json&colors=light

The hashcat.net site is down -- side effect of maintenance by hosting provider. Being worked.

Current release can be downloaded from GitHub:

https://github.com/hashcat/hashcat/releases/tag/v6.2.6

Convenience Wayback links to popular wiki pages:

Rules:

https://web.archive.org/web/20250211234251/https://hashcat.net/wiki/doku.php?id=rule_based_attack

Example hashes:

https://web.archive.org/web/20250216060927/https://hashcat.net/wiki/doku.php?id=example_hashes

FAQ

https://web.archive.org/web/20250219024304/https://hashcat.net/wiki/doku.php?id=frequently_asked_questions

@hashcat #hashcat

Interesting links of the week:

Strategy:

* https://dl.acm.org/doi/10.1145/3594553 - refining TI with automated labelling

Threats:

* https://blog.talosintelligence.com/salt-typhoon-analysis/ - Salt Typhoon analysis from @TalosSecurity
* https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html - a Chinese view on Equation Group

Detection:

* https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html - building canary tokens with unconstrained delegation

Hard hack:

* https://kindlemodding.org/ - modding the Kindle
* https://www.die-welt.net/2025/02/unauthenticated-rce-in-grandstream-ht802v2-and-probably-others-using-gs_test_server-dhcp-vendor-option/ - hacking hardware via DHCP vendor options

Hardening:

* https://neapay.com/viewposts.html?category=BASE24 - variable quality but details on Base24

#security, #research

High level diff of iOS 18.3.1 vs. iOS 18.4beta1 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_3_1_22D72__vs_18_4_22E5200s/README.md

my colleagues Alexis and Brad at @trailofbits put together a great post on a basic security mistake that we keep making: attacker-controlled recursion. my favorite thing about these is that they're (1) trivial to find and (2) *way* more impactful than normal DoS spam.

the post contains some great examples of these, including real vulnerabilities in Protobuf and ElasticSearch:

https://blog.trailofbits.com/2025/02/21/dont-recurse-on-untrusted-input/

they'll also be presenting their findings at @DistrictCon tomorrow!

https://www.districtcon.org/bios-and-talks-2025/low-effort-dos-with-recursion

I'm trying to find an oldish write-up on how different systems interpret emoji and why using emoji in passwords leads to inconsistent behavior like some never actually matching on a successful password entry. Does this ring any bells? Does anyone have a link?

Rust 1.85.0 has been released! 🌈🦀✨

Not only does this release add *async closures*, it also includes a whole *new Rust Edition*, Rust 2024! 🎆🚀

Check out the blog post for an overview of all the changes and additions: https://blog.rust-lang.org/2025/02/20/Rust-1.85.0.html